a_ghost_in_a_shell Posted July 1, 2013 Report Share Posted July 1, 2013 (edited) I'm going to be honest here, I put this in Malware Removal but I honestly have no idea how bad this machine has it but there is definitely something wrong. Avast was completely disabled before I started taking a look at the laptop. Very slow loading for everything (for a 2GHz dual core with 2GB of RAM). Download speeds for files (tested with Wi-Fi only) are abismal and do not get any faster than 50KB/s max. The homepage is set to a search engine at search.conduit.com. Inability to access task manager and other utilities. Running Avast before this yielded 8 infected files in the initial scan and an additional infected file in a boot scan. And avast brings up the blocked URL threat detected window every 5-25 minutes.Adw Cleaner # AdwCleaner v2.303 - Logfile created 07/01/2013 at 15:09:10# Updated 08/06/2013 by Xplode# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)# User : Christopher - ALLISONPC# Boot Mode : Normal# Running from : C:\Users\Christopher\Downloads\adwcleaner.exe# Option [search] ***** [services] ***** Found : DefaultTabUpdate ***** [Files / Folders] ***** File Found : C:\ENDFile Found : C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xmlFile Found : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pwwscfuq.default\extensions\[email protected]File Found : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pwwscfuq.default\extensions\[email protected]File Found : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pwwscfuq.default\searchplugins\Askcom.xmlFile Found : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pwwscfuq.default\searchplugins\search-here.xmlFile Found : C:\Users\Public\Desktop\PC Optimizer Pro.lnkFile Found : C:\Windows\tasks\PC Optimizer Pro Updates.jobFolder Found : C:\Program Files\Ask.comFolder Found : C:\Program Files\ConduitFolder Found : C:\Program Files\CrawlerFolder Found : C:\Program Files\Free Offers from Freeze.comFolder Found : C:\Program Files\PC Optimizer ProFolder Found : C:\Program Files\uTorrentControl2Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Optimizer ProFolder Found : C:\ProgramData\PC Optimizer ProFolder Found : C:\ProgramData\WeCareReminderFolder Found : C:\Users\CHRIST~1\AppData\Local\Temp\AskSearchFolder Found : C:\Users\CHRIST~1\AppData\Local\Temp\OpenCandyFolder Found : C:\Users\Christopher\AppData\Local\ConduitFolder Found : C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomcFolder Found : C:\Users\Christopher\AppData\Local\OpenCandyFolder Found : C:\Users\Christopher\AppData\LocalLow\AskToolbarFolder Found : C:\Users\Christopher\AppData\LocalLow\ConduitFolder Found : C:\Users\Christopher\AppData\LocalLow\PriceGongFolder Found : C:\Users\Christopher\AppData\LocalLow\uTorrentControl2Folder Found : C:\Users\Christopher\AppData\Roaming\DefaultTabFolder Found : C:\Users\Christopher\AppData\Roaming\OpenCandyFolder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registry] ***** Key Found : HKCU\Software\APNKey Found : HKCU\Software\AppDataLow\Software\AskToolbarKey Found : HKCU\Software\AppDataLow\Software\CompeteIncKey Found : HKCU\Software\AppDataLow\Software\ConduitKey Found : HKCU\Software\AppDataLow\Software\DefaultTabKey Found : HKCU\Software\AppDataLow\Software\PriceGongKey Found : HKCU\Software\AppDataLow\Software\SmartBarKey Found : HKCU\Software\AppDataLow\Software\uTorrentControl2Key Found : HKCU\Software\AppDataLow\ToolbarKey Found : HKCU\Software\Ask.comKey Found : HKCU\Software\ConduitKey Found : HKCU\Software\Default TabKey Found : HKCU\Software\DefaultTabKey Found : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomcKey Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}Key Found : HKCU\Software\pc optimizer proKey Found : HKCU\Software\wecarereminderKey Found : HKCU\Software\YahooPartnerToolbarKey Found : HKCU\Software\ZugoKey Found : HKLM\Software\APNKey Found : HKLM\Software\AskToolbarKey Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}Key Found : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLLKey Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Found : HKLM\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}Key Found : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserKey Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveXKey Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWndKey Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminderKey Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1Key Found : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEFKey Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEFKey Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}Key Found : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}Key Found : HKLM\Software\ConduitKey Found : HKLM\Software\Default TabKey Found : HKLM\Software\Freeze.comKey Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomcKey Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B1B34C2-CB4B-4F8A-B796-3E0F34DB3183}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63622982-B075-4E7B-A1B3-C36FF724CC0F}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask ToolbarKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82EKey Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FAKey Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5EDKey Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CCKey Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EAKey Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0EKey Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDFKey Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65EKey Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEFKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTabKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc optimizer proKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 ToolbarKey Found : HKLM\Software\pc optimizer proKey Found : HKLM\Software\uTorrentControl2Key Found : HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}Key Found : HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}Key Found : HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18975 -\\ Mozilla Firefox v14.0.1 (en-US) File : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pwwscfuq.default\prefs.js Found : user_pref("CT2612669_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...] Found : user_pref("Smartbar.ConduitSearchEngineList", "IMVU Inc Customized Web Search"); Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT2612669");Found : user_pref("browser.search.defaultengine", "Ask.com");Found : user_pref("browser.search.defaultenginename", "Ask.com");Found : user_pref("browser.search.order.1", "Ask.com");Found : user_pref("browser.search.selectedEngine", "IMVU Inc Customized Web Search"); Found : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");Found : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");Found : user_pref("extensions.asktb.abar-war-timeout", "4000");Found : user_pref("extensions.asktb.apn_dbr", "ff_7.0.1");Found : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);Found : user_pref("extensions.asktb.cbid", "FM");Found : user_pref("extensions.asktb.config-updated", true);Found : user_pref("extensions.asktb.crumb", "2012.02.10+08.32.42-toolbar015iad-US-Um9tZSxHQSxVbml0ZWQgU3RhdG[...] Found : user_pref("extensions.asktb.displaybehavior", "");Found : user_pref("extensions.asktb.displaytext", "");Found : user_pref("extensions.asktb.dtid", "TES002U1US");Found : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);Found : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "USGA0488");Found : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "F");Found : user_pref("extensions.asktb.ff-original-keyword-url", "");Found : user_pref("extensions.asktb.first-restart-after-config-update", true);Found : user_pref("extensions.asktb.fresh-install", false);Found : user_pref("extensions.asktb.guid", "0ef5806c-0065-4574-a007-37618c5e7644");Found : user_pref("extensions.asktb.hpr", "YES");Found : user_pref("extensions.asktb.hts-enabled", false);Found : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]Found : user_pref("extensions.asktb.if", "first");Found : user_pref("extensions.asktb.l", "dis");Found : user_pref("extensions.asktb.last-config-req", "1352144706347");Found : user_pref("extensions.asktb.last-search-timestamp", "1345652564716");Found : user_pref("extensions.asktb.locale", "en_US");Found : user_pref("extensions.asktb.location", "Rome,GA,United States");Found : user_pref("extensions.asktb.lstation", "");Found : user_pref("extensions.asktb.new-tab-enabled", true);Found : user_pref("extensions.asktb.news-native-on", true);Found : user_pref("extensions.asktb.o", "14193");Found : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);Found : user_pref("extensions.asktb.pstate", "");Found : user_pref("extensions.asktb.qsrc", "2871");Found : user_pref("extensions.asktb.r", "3");Found : user_pref("extensions.asktb.sa", "YES");Found : user_pref("extensions.asktb.sa-enabled", "false");Found : user_pref("extensions.asktb.saguid", "B3467A86-270E-45DF-8D42-D740F7FA6AAD");Found : user_pref("extensions.asktb.save-searches", false);Found : user_pref("extensions.asktb.search-history-queries", "greg spires||riverbend in chattanooga||google|[...] Found : user_pref("extensions.asktb.search-suggestions-enabled", true);Found : user_pref("extensions.asktb.silent-upgrade", true);Found : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);Found : user_pref("extensions.asktb.socialmini-first", true);Found : user_pref("extensions.asktb.socialmini-interval", "1200000");Found : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");Found : user_pref("extensions.asktb.socialmini-max-items", "30");Found : user_pref("extensions.asktb.socialmini-native-on", true);Found : user_pref("extensions.asktb.socialmini-speed", "10000");Found : user_pref("extensions.asktb.socialmini-transition-first-open", false);Found : user_pref("extensions.asktb.themeid", "");Found : user_pref("extensions.asktb.timeinstalled", "2/10/2012 11:33:50 AM");Found : user_pref("extensions.asktb.to", "");Found : user_pref("extensions.asktb.v", "3.15.4.100013");Found : user_pref("extensions.asktb.version", "5.15.4.23821");Found : user_pref("extensions.asktb.volume", ""); -\\ Google Chrome v23.0.1271.91 File : C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [22992 octets] - [01/07/2013 15:09:10] ########## EOF - C:\AdwCleaner[R1].txt - [23053 octets] ########## aswMBR aswMBR version 0.9.9.1771 Copyright© 2011 AVAST SoftwareRun date: 2013-07-01 15:36:20-----------------------------15:36:20.636 OS Version: Windows 6.0.6002 Service Pack 215:36:20.637 Number of processors: 2 586 0xF0D15:36:20.638 ComputerName: ALLISONPC UserName: 15:36:21.427 Initialize success15:36:22.064 AVAST engine defs: 1212020015:36:30.452 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-015:36:30.455 Disk 0 Vendor: ST912081 3.AA Size: 114473MB BusType: 315:36:30.598 Disk 0 MBR read successfully15:36:30.601 Disk 0 MBR scan15:36:30.604 Disk 0 unknown MBR code15:36:30.614 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 204815:36:30.627 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 104232 MB offset 2097356815:36:30.633 Disk 0 scanning sectors +23444070415:36:30.811 Disk 0 scanning C:\Windows\system32\drivers15:36:38.448 Service scanning15:36:55.667 Modules scanning15:37:01.264 Disk 0 trace - called modules:15:37:01.319 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 15:37:01.325 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85beaac8]15:37:01.330 3 CLASSPNP.SYS[881ac8b3] -> nt!IofCallDriver -> [0x8406a8d0]15:37:01.336 5 acpi.sys[806926bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84078030]15:37:01.828 AVAST engine scan C:\Windows15:37:04.059 AVAST engine scan C:\Windows\system3215:39:07.937 AVAST engine scan C:\Windows\system32\drivers15:39:33.756 AVAST engine scan C:\Users\Christopher15:46:01.089 AVAST engine scan C:\ProgramData15:47:34.474 Disk 0 MBR has been saved successfully to "C:\Users\Christopher\Desktop\MBR.dat"15:47:34.484 The log file has been saved successfully to "C:\Users\Christopher\Desktop\aswMBR.txt" Malwarebytes Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.07.01.08 Windows Vista Service Pack 2 x86 NTFSInternet Explorer 8.0.6001.18975Christopher :: ALLISONPC [administrator] 7/1/2013 4:18:29 PMmbam-log-2013-07-01 (16-18-29).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 212949Time elapsed: 7 minute(s), 30 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 1HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Data: C:\Users\Christopher\AppData\Local\c2c831f9\X -> Quarantined and deleted successfully. Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 2C:\Users\Christopher\AppData\Local\SysWow64\msoft32.exe (Trojan.Agent.EXTX) -> Quarantined and deleted successfully.C:\Users\Christopher\Local Settings\Temporary Internet Files\Content.IE5\C3X9XGWE\nuokIN[1] (Trojan.Agent.EXTX) -> Quarantined and deleted successfully. (end) Edited July 1, 2013 by a_ghost_in_a_shell Link to post Share on other sites
flashh4 Posted July 1, 2013 Report Share Posted July 1, 2013 Howdy and welcome to BestTechie !!! My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!Do Not Remove anything or run any tools/programs until advised to do so !Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up ! Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log in the Malware Removal forum and wait for help. ============================= AdwCleaner * Close all open programs and internet browsers. * Double click on adwcleaner.exe to run the tool. * Click on Delete. * Confirm each time with Ok. * You will be prompted to restart your computer. A text file will open after the restart. * Please post the contents of that logfile with your next reply. * You can find the logfile at C:\AdwCleaner[s1].txt as well. NEXT Please download Junkware Removal Tool and save to your desk top. Shut down your protection software now to avoid potential conflicts. * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". * The tool will open and start scanning your system. * Please be patient as this can take a while to complete depending on your system's specifications. * On completion, a log (JRT.txt) is saved to your desktop and will automatically open. * Post the contents of JRT.txt into your next reply !Re-Boot your computer now !! NEXT Download OldTimer to your desk top !Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr If you already have a copy of OTL delete it and use this version. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).* Double click OTL.exe to launch the program.* Check the following.o Scan all users.o Standard Output. o Lop check.o Purity check. oExtra Registry > Use SafeList * Under Extra Registry section, select Use SafeList* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).* When finished it will produce two logs.o OTL.txt (open on your desktop).o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.* Please post me both logs. This may have to be broken into more than one post ! Post Next:1. adwcleaner.exe2. Junkware Removal Tool log3. OTL.txt and Extras.txt (if a Extras.txt is produced)ThanksChuck Link to post Share on other sites
a_ghost_in_a_shell Posted July 2, 2013 Author Report Share Posted July 2, 2013 (edited) AdwCleaner # AdwCleaner v2.303 - Logfile created 07/01/2013 at 23:04:14# Updated 08/06/2013 by Xplode# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)# User : Christopher - ALLISONPC# Boot Mode : Normal# Running from : C:\Users\Christopher\Downloads\adwcleaner.exe# Option [Delete] ***** [services] ***** Stopped & Deleted : DefaultTabUpdate ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files\Ask.comDeleted on reboot : C:\Program Files\PC Optimizer ProFile Deleted : C:\ENDFile Deleted : C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xmlFile Deleted : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pwwscfuq.default\extensions\[email protected]File Deleted : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pwwscfuq.default\searchplugins\Askcom.xmlFile Deleted : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pwwscfuq.default\searchplugins\search-here.xmlFile Deleted : C:\Users\Public\Desktop\PC Optimizer Pro.lnkFile Deleted : C:\Windows\tasks\PC Optimizer Pro Updates.jobFolder Deleted : C:\Program Files\ConduitFolder Deleted : C:\Program Files\CrawlerFolder Deleted : C:\Program Files\Free Offers from Freeze.comFolder Deleted : C:\Program Files\uTorrentControl2Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Optimizer ProFolder Deleted : C:\ProgramData\PC Optimizer ProFolder Deleted : C:\ProgramData\WeCareReminderFolder Deleted : C:\Users\CHRIST~1\AppData\Local\Temp\AskSearchFolder Deleted : C:\Users\CHRIST~1\AppData\Local\Temp\OpenCandyFolder Deleted : C:\Users\Christopher\AppData\Local\ConduitFolder Deleted : C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomcFolder Deleted : C:\Users\Christopher\AppData\Local\OpenCandyFolder Deleted : C:\Users\Christopher\AppData\LocalLow\AskToolbarFolder Deleted : C:\Users\Christopher\AppData\LocalLow\ConduitFolder Deleted : C:\Users\Christopher\AppData\LocalLow\PriceGongFolder Deleted : C:\Users\Christopher\AppData\LocalLow\uTorrentControl2Folder Deleted : C:\Users\Christopher\AppData\Roaming\DefaultTabFolder Deleted : C:\Users\Christopher\AppData\Roaming\OpenCandyFolder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registry] ***** Key Deleted : HKCU\Software\APNKey Deleted : HKCU\Software\AppDataLow\Software\AskToolbarKey Deleted : HKCU\Software\AppDataLow\Software\CompeteIncKey Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\DefaultTabKey Deleted : HKCU\Software\AppDataLow\Software\PriceGongKey Deleted : HKCU\Software\AppDataLow\Software\SmartBarKey Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2Key Deleted : HKCU\Software\AppDataLow\ToolbarKey Deleted : HKCU\Software\Ask.comKey Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\Default TabKey Deleted : HKCU\Software\DefaultTabKey Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomcKey Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}Key Deleted : HKCU\Software\pc optimizer proKey Deleted : HKCU\Software\wecarereminderKey Deleted : HKCU\Software\YahooPartnerToolbarKey Deleted : HKCU\Software\ZugoKey Deleted : HKLM\Software\APNKey Deleted : HKLM\Software\AskToolbarKey Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLLKey Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserKey Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveXKey Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWndKey Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminderKey Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEFKey Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEFKey Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}Key Deleted : HKLM\Software\ConduitKey Deleted : HKLM\Software\Default TabKey Deleted : HKLM\Software\Freeze.comKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomcKey Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B1B34C2-CB4B-4F8A-B796-3E0F34DB3183}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63622982-B075-4E7B-A1B3-C36FF724CC0F}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82EKey Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FAKey Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5EDKey Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CCKey Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EAKey Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0EKey Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDFKey Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65EKey Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEFKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTabKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc optimizer proKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 ToolbarKey Deleted : HKLM\Software\pc optimizer proKey Deleted : HKLM\Software\uTorrentControl2Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18975 -\\ Mozilla Firefox v14.0.1 (en-US) File : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pwwscfuq.default\prefs.js C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pwwscfuq.default\user.js ... Deleted ! Deleted : user_pref("CT2612669_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...] Deleted : user_pref("Smartbar.ConduitSearchEngineList", "IMVU Inc Customized Web Search"); Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2612669");Deleted : user_pref("browser.search.defaultengine", "Ask.com");Deleted : user_pref("browser.search.defaultenginename", "Ask.com");Deleted : user_pref("browser.search.order.1", "Ask.com");Deleted : user_pref("browser.search.selectedEngine", "IMVU Inc Customized Web Search");Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");Deleted : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");Deleted : user_pref("extensions.asktb.abar-war-timeout", "4000");Deleted : user_pref("extensions.asktb.apn_dbr", "ff_7.0.1");Deleted : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);Deleted : user_pref("extensions.asktb.cbid", "FM");Deleted : user_pref("extensions.asktb.config-updated", true);Deleted : user_pref("extensions.asktb.crumb", "2012.02.10+08.32.42-toolbar015iad-US-Um9tZSxHQSxVbml0ZWQgU3RhdG[...] Deleted : user_pref("extensions.asktb.displaybehavior", "");Deleted : user_pref("extensions.asktb.displaytext", "");Deleted : user_pref("extensions.asktb.dtid", "TES002U1US");Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "USGA0488");Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "F");Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");Deleted : user_pref("extensions.asktb.first-restart-after-config-update", true);Deleted : user_pref("extensions.asktb.fresh-install", false);Deleted : user_pref("extensions.asktb.guid", "0ef5806c-0065-4574-a007-37618c5e7644");Deleted : user_pref("extensions.asktb.hpr", "YES");Deleted : user_pref("extensions.asktb.hts-enabled", false);Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]Deleted : user_pref("extensions.asktb.if", "first");Deleted : user_pref("extensions.asktb.l", "dis");Deleted : user_pref("extensions.asktb.last-config-req", "1352144706347");Deleted : user_pref("extensions.asktb.last-search-timestamp", "1345652564716");Deleted : user_pref("extensions.asktb.locale", "en_US");Deleted : user_pref("extensions.asktb.location", "Rome,GA,United States");Deleted : user_pref("extensions.asktb.lstation", "");Deleted : user_pref("extensions.asktb.new-tab-enabled", true);Deleted : user_pref("extensions.asktb.news-native-on", true);Deleted : user_pref("extensions.asktb.o", "14193");Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);Deleted : user_pref("extensions.asktb.pstate", "");Deleted : user_pref("extensions.asktb.qsrc", "2871");Deleted : user_pref("extensions.asktb.r", "3");Deleted : user_pref("extensions.asktb.sa", "YES");Deleted : user_pref("extensions.asktb.sa-enabled", "false");Deleted : user_pref("extensions.asktb.saguid", "B3467A86-270E-45DF-8D42-D740F7FA6AAD");Deleted : user_pref("extensions.asktb.save-searches", false);Deleted : user_pref("extensions.asktb.search-history-queries", "greg spires||riverbend in chattanooga||google|[...] Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);Deleted : user_pref("extensions.asktb.silent-upgrade", true);Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);Deleted : user_pref("extensions.asktb.socialmini-first", true);Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");Deleted : user_pref("extensions.asktb.socialmini-native-on", true);Deleted : user_pref("extensions.asktb.socialmini-speed", "10000");Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false);Deleted : user_pref("extensions.asktb.themeid", "");Deleted : user_pref("extensions.asktb.timeinstalled", "2/10/2012 11:33:50 AM");Deleted : user_pref("extensions.asktb.to", "");Deleted : user_pref("extensions.asktb.v", "3.15.4.100013");Deleted : user_pref("extensions.asktb.version", "5.15.4.23821");Deleted : user_pref("extensions.asktb.volume", ""); -\\ Google Chrome v27.0.1453.116 File : C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [23123 octets] - [01/07/2013 15:09:10]AdwCleaner[R2].txt - [23070 octets] - [01/07/2013 23:03:53]AdwCleaner[s1].txt - [23081 octets] - [01/07/2013 23:04:14] ########## EOF - C:\AdwCleaner[s1].txt - [23142 octets] ########## Junkware Removal Tool~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 4.9.4 (05.06.2013:1)OS: Windows Vista Home Premium x86Ran by Christopher on Mon 07/01/2013 at 23:36:55.67~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayNameSuccessfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistpluginSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{27C1110B-89F3-4DC9-86F5-13AF19BF1E3F}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A229BC5B-E7A2-447B-B015-1E7CA944978D}Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar" ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Christopher\appdata\local\rivalgaming"Successfully deleted: [Folder] "C:\Users\Christopher\appdata\locallow\fast free converter"Successfully deleted: [Folder] "C:\Users\Christopher\appdata\locallow\oovootoolbar"Successfully deleted: [Folder] "C:\Program Files\bigfix"Successfully deleted: [Folder] "C:\Program Files\consumer input"Successfully deleted: [Folder] "C:\Program Files\fast free converter"Successfully deleted: [Folder] "C:\Program Files\freefrog"Successfully deleted: [Folder] "C:\Program Files\pc optimizer pro"Successfully deleted: [Folder] "C:\Users\Christopher\AppData\Roaming\microsoft\windows\start menu\programs\rivalgaming"Successfully deleted: [Folder] "C:\Program Files\ask.com" ~~~ FireFox Successfully deleted: [File] C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\pwwscfuq.default\searchplugins\bing-zugo.xmlSuccessfully deleted: [File] C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\pwwscfuq.default\searchplugins\imvu-inc-customized-web-search.xmlEmptied folder: C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\pwwscfuq.default\minidumps [150 files] ~~~ Chrome Successfully deleted: [Folder] C:\Users\Christopher\appdata\local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmmSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ippkomaaonokjnfjoikaemidanojkfmm ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 07/01/2013 at 23:39:09.60End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ OLT.txtOTL logfile created on: 7/1/2013 11:51:02 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christopher\DesktopWindows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18975)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.63% Memory free4.21 Gb Paging File | 3.23 Gb Available in Paging File | 76.64% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 101.79 Gb Total Space | 57.16 Gb Free Space | 56.15% Space Free | Partition Type: NTFS Computer Name: ALLISONPC | User Name: Christopher | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All usersCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/07/01 23:48:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christopher\Desktop\OTL.comPRC - [2012/08/11 14:16:41 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exePRC - [2012/08/09 01:56:19 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exePRC - [2011/11/28 14:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exePRC - [2011/11/28 14:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exePRC - [2010/10/07 13:43:18 | 000,106,496 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exePRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exePRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exePRC - [2008/06/11 14:18:30 | 000,024,576 | ---- | M] () -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exePRC - [2008/02/22 07:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exePRC - [2008/01/20 22:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exePRC - [2007/12/11 00:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exePRC - [2007/09/06 22:23:36 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Windows\sttray.exePRC - [2007/07/12 19:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exePRC - [2007/07/12 19:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe ========== Modules (No Company Name) ========== MOD - [2012/08/09 01:56:17 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dllMOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Fast Free Converter\FastFreeConverterUpdt.exe -- (FastFreeConverterUpdt)SRV - [2013/06/30 20:39:09 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2012/08/09 01:56:17 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)SRV - [2011/11/28 14:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)SRV - [2008/06/11 14:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe -- (ETService)SRV - [2008/05/05 18:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2007/12/11 00:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)SRV - [2007/07/12 19:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)DRV - [2011/11/28 13:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)DRV - [2011/11/28 13:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)DRV - [2011/11/28 13:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)DRV - [2011/11/28 13:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)DRV - [2011/11/28 13:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)DRV - [2011/11/28 13:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)DRV - [2008/06/11 14:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)DRV - [2008/02/29 04:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)DRV - [2008/01/16 05:09:40 | 000,280,576 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)DRV - [2007/09/06 22:26:04 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)DRV - [2007/06/27 17:05:52 | 000,053,184 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)DRV - [2007/06/27 17:04:14 | 000,071,488 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)DRV - [2007/05/23 20:37:40 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)DRV - [2007/02/16 03:18:38 | 000,070,144 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp32&d=0908&m=m-6339uIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp32&d=0908&m=m-6339uIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.comIE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/searchIE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value foundIE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value foundIE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp32&d=0908&m=m-6339uIE - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.comIE - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1IE - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20120832,19225,0,53,0IE - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.westga.edu/IE - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1IE - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\..\SearchScopes\{3955EF9F-6E07-4DBC-A09A-26C61426354B}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACGWIE - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\..\SearchScopes\{409DD3B4-D1F8-EC6E-EDBD-2367FDA78762}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z015&form=ZGAIDFIE - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "https://www.google.com/"FF - prefs.js..extensions.enabledAddons: [email protected]:6.0.1367FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.9.20130409112616FF - prefs.js..extensions.enabledItems: [email protected]:3.12.2.16749FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550FF - prefs.js..extensions.enabledItems: {6D2042EE-B4EB-4375-93F2-07DF2D8B7643}:1.9.1FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/19 15:09:04 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/11 14:17:32 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2012/11/04 00:52:05 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Fast Free Converter\FastFreeConverter\[email protected]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/09 01:56:20 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/11 14:18:56 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.5\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2012/08/11 14:17:12 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.5\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\pluginsFF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6D2042EE-B4EB-4375-93F2-07DF2D8B7643}: C:\Users\Christopher\AppData\Local\{6D2042EE-B4EB-4375-93F2-07DF2D8B7643} [2011/04/22 20:37:00 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ConsumerInput@Compete: C:\Program Files\Consumer Input\Firefox\srcFF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/09 01:56:20 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/11 14:18:56 | 000,000,000 | ---D | M] [2009/10/24 15:18:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\Extensions[2013/07/01 23:04:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\Firefox\Profiles\pwwscfuq.default\extensions[2013/07/01 14:53:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Christopher\AppData\Roaming\mozilla\Firefox\Profiles\pwwscfuq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}[2012/07/14 00:00:10 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\pwwscfuq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi[2012/11/06 15:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions[2012/11/06 15:55:32 | 000,000,000 | ---D | M] (Fast Free Converter) -- C:\Program Files\Mozilla Firefox\extensions\[email protected][2012/08/20 10:51:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]\content[2012/08/20 10:51:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults[2011/12/19 15:09:04 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF[2012/08/09 01:56:20 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll[2012/08/11 14:17:01 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll[2012/07/12 18:24:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml[2012/07/12 18:24:44 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: http://www.google.com/CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}CHR - homepage: http://www.google.com/CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.91\PepperFlash\pepflashplayer.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dllCHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.91\pdf.dllCHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dllCHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLLCHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dllCHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dllCHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dllCHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dllCHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dllCHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dllCHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dllCHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dllCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dllCHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dllCHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\CHR - Extension: Gmail = C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO1 - Hosts: ::1 localhostO2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)O3 - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)O4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Chicony)O4 - HKLM..\Run: [Easy Dock] File not foundO4 - HKLM..\Run: [eRecoveryService] File not foundO4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Windows\sttray.exe (IDT, Inc.)O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)O4 - HKLM..\Run: [ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\CalCheck.exe (Ulead Systems, Inc.)O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)O4 - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)O4 - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)O4 - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)O4 - Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = C:\Users\Christopher\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe ()O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O13 - gopher Prefix: missingO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01136FEC-11DB-4344-825E-BA7EAC1C34C1}: DhcpNameServer = 192.168.2.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D35DFD45-9571-461C-B04C-F113D990CC8A}: DhcpNameServer = 192.168.2.1O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)O24 - Desktop WallPaper: C:\Users\Christopher\Desktop\164(2).JPGO24 - Desktop BackupWallPaper: C:\Users\Christopher\Desktop\164(2).JPGO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O33 - MountPoints2\{0a06b8b9-f4d7-11de-9382-00e0b8e93bef}\Shell - "" = AutoRunO33 - MountPoints2\{0a06b8b9-f4d7-11de-9382-00e0b8e93bef}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -aO33 - MountPoints2\{13c05a23-2966-11df-bdbd-00e0b8e93bef}\Shell - "" = AutoRunO33 - MountPoints2\{13c05a23-2966-11df-bdbd-00e0b8e93bef}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -aO33 - MountPoints2\{24e94a57-f95e-11e1-9204-00e0b8e93bef}\Shell - "" = AutoRunO33 - MountPoints2\{24e94a57-f95e-11e1-9204-00e0b8e93bef}\Shell\AutoRun\command - "" = F:\setup.exe -aO33 - MountPoints2\{95cdd317-bf5c-11de-a592-00e0b8e93bef}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\usbassistant.exeO33 - MountPoints2\{95cdd317-bf5c-11de-a592-00e0b8e93bef}\Shell\open\command - "" = E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\usbassistant.exeO33 - MountPoints2\{d9572b2e-236d-11df-8077-00e0b8e93bef}\Shell\AutoRun\command - "" = E:\MSMSGS.EXEO33 - MountPoints2\{f580654e-014e-11e0-90e5-00e0b8e93bef}\Shell - "" = AutoRunO33 - MountPoints2\{f580654e-014e-11e0-90e5-00e0b8e93bef}\Shell\AutoRun\command - "" = E:\KODAK_Software_Downloader.exeO33 - MountPoints2\{fbcc72b2-c19c-11e1-8d2c-00e0b8e93bef}\Shell - "" = AutoRunO33 - MountPoints2\{fbcc72b2-c19c-11e1-8d2c-00e0b8e93bef}\Shell\AutoRun\command - "" = F:\setup.exe -aO34 - HKLM BootExecute: (autocheck autochk *)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/07/01 23:48:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christopher\Desktop\OTL.com[2013/07/01 23:36:53 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT[2013/07/01 23:36:40 | 000,000,000 | ---D | C] -- C:\JRT[2013/07/01 23:23:54 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Christopher\Desktop\JRT.exe[2013/07/01 15:15:29 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Christopher\Desktop\aswMBR.exe[2013/06/30 20:58:58 | 000,000,000 | ---D | C] -- C:\Program Files\Provocraft[2013/06/30 20:55:28 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Roaming\com.cricut.Cricut-CraftRoom[2013/06/30 20:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\Cricut-Craft Room ========== Files - Modified Within 30 Days ========== [2013/07/01 23:49:08 | 000,598,588 | ---- | M] () -- C:\Windows\System32\perfh009.dat[2013/07/01 23:49:08 | 000,102,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat[2013/07/01 23:48:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christopher\Desktop\OTL.com[2013/07/01 23:43:31 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2013/07/01 23:43:27 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job[2013/07/01 23:43:18 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml[2013/07/01 23:43:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0[2013/07/01 23:43:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0[2013/07/01 23:43:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2013/07/01 23:43:03 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys[2013/07/01 23:24:49 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Christopher\Desktop\JRT.exe[2013/07/01 23:21:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2013/07/01 23:12:15 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2013/07/01 16:19:39 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\RGames Updater.job[2013/07/01 16:01:35 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/07/01 15:47:34 | 000,000,512 | ---- | M] () -- C:\Users\Christopher\Desktop\MBR.dat[2013/07/01 15:21:43 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk[2013/07/01 15:21:33 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Christopher\Desktop\aswMBR.exe[2013/06/30 20:55:18 | 000,000,844 | ---- | M] () -- C:\Users\Public\Desktop\Cricut-Craft Room.lnk[2013/06/30 20:39:06 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe[2013/06/30 20:39:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2013/07/01 16:01:35 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/07/01 15:47:34 | 000,000,512 | ---- | C] () -- C:\Users\Christopher\Desktop\MBR.dat[2013/06/30 20:55:18 | 000,000,856 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cricut-Craft Room.lnk[2013/06/30 20:55:18 | 000,000,844 | ---- | C] () -- C:\Users\Public\Desktop\Cricut-Craft Room.lnk[2011/04/22 20:37:02 | 000,000,000 | ---- | C] () -- C:\Users\Christopher\AppData\Local\Yjebowelijosifad.bin[2011/04/22 20:37:01 | 000,000,120 | ---- | C] () -- C:\Users\Christopher\AppData\Local\Wcocipejoxiredox.dat[2009/10/22 18:36:44 | 000,020,992 | ---- | C] () -- C:\Users\Christopher\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2009/10/22 18:34:37 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini ========== ZeroAccess Check ========== [2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2010/07/26 11:51:48 | 011,584,512 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both ========== LOP Check ========== [2009/12/30 21:09:42 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\BudgetExpress 3[2010/04/19 13:47:24 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Canon[2013/06/30 20:55:28 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\com.cricut.Cricut-CraftRoom[2011/02/09 17:26:54 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\FrostWire[2010/09/13 15:02:29 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Hoyle FaceCreator[2012/07/12 19:12:08 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Hoyle Puzzle and Board Games[2012/11/29 01:29:41 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\IMVU[2012/11/04 00:43:30 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\IMVUClient[2012/08/11 14:05:26 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\MusicOasis[2011/10/31 21:06:03 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\ooVoo Details[2012/11/03 20:17:19 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\RoboForm[2011/12/19 13:58:42 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Sammsoft[2013/07/01 23:44:39 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\uTorrent[2011/10/29 10:33:46 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\W Photo Studio[2010/07/17 15:51:01 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\W Photo Studio Viewer[2010/07/17 15:48:31 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Walgreens[2010/08/20 19:04:10 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\WeatherBug ========== Purity Check ========== < End of report > Extras.txt OTL Extras logfile created on: 7/1/2013 11:51:02 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christopher\DesktopWindows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18975)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.63% Memory free4.21 Gb Paging File | 3.23 Gb Available in Paging File | 76.64% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 101.79 Gb Total Space | 57.16 Gb Free Space | 56.15% Space Free | Partition Type: NTFS Computer Name: ALLISONPC | User Name: Christopher | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All usersCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation).hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-21-3185870392-4161843172-2390803151-1000\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- C:\Program Files\File Type Helper\FileTypeHelper.exe "%1" (Microsoft)Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0"VistaSp1" = Reg Error: Unknown registry data type -- File not found"VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 1"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"EnableFirewall" = 1"DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{05B8AA24-1A1F-4493-B289-9520F655202D}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 | "{06696D6B-FE7E-4D84-9A34-2228CEE3A676}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 | "{170E644C-A2B3-4197-9CD4-66825187251B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{18D7E47A-0EB3-437F-A829-B9C815915A35}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{22138FD1-FC9F-460B-858D-DA8D1D2CA9CA}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 | "{238C22BC-6B1C-4363-9CB4-05AB65E15287}" = rport=445 | protocol=6 | dir=out | app=system | "{2B2E2F3D-A98A-430C-88D9-57EE7B1E90A6}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 | "{2F4B9519-FC7D-404B-A8F4-AA5B256E84AF}" = rport=139 | protocol=6 | dir=out | app=system | "{2F6729A6-C7FF-412A-A9B5-354C7AFF583E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{30C72D2F-D682-49DE-9B53-E043E4629A88}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3AFDD445-56E7-47AD-9B85-980F6DB6B873}" = rport=137 | protocol=17 | dir=out | app=system | "{3D8A3FF2-BE95-4C2D-A3C5-A56747207357}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4D329ED2-FD35-4298-AAEE-186E8E9A4863}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{78BC0921-4FB9-4946-9FDA-B55FC9725783}" = rport=138 | protocol=17 | dir=out | app=system | "{83447CFC-333E-468D-B2C2-79B3B0ABE855}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{906BCF71-D762-4D75-9E8E-7EEE94846D5F}" = lport=139 | protocol=6 | dir=in | app=system | "{99CF1051-3312-4CBC-8577-187F03F58975}" = lport=138 | protocol=17 | dir=in | app=system | "{B23C3990-E871-47D7-923A-F7A47E8BE0E1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{BD9FDF87-3F73-409F-A1BA-4D9A453EDC76}" = lport=445 | protocol=6 | dir=in | app=system | "{CA284688-3F2D-4E48-A868-3D4A63C29F13}" = lport=137 | protocol=17 | dir=in | app=system | "{D04C6589-006A-404B-AAD1-575AEC2F87E4}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{F6FB9C5B-01BF-45E9-AAA4-0BE4B6BA1B16}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{F77D54ED-C0B6-4DA2-AEE8-B701835164F8}" = lport=2869 | protocol=6 | dir=in | app=system | "{FD826A57-4DBA-41DF-B7DF-7478954398E2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FE6E37CC-E46E-4950-B7B4-F480BECAF117}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 | "{FF4BCBD3-59E2-402B-9358-B0DB34D26D16}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0A16CF3D-18C4-4529-92D5-CA8C5B3F56CD}" = protocol=58 | dir=in | [email protected],-28545 | "{0B0150AE-D223-456B-B405-667B8BD90DEF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{141A4C59-F777-4AF4-A471-548681FF4D61}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{16A76FEA-A909-45AD-9706-1620B40F99FC}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe | "{3737F6C7-2A0F-40DB-8C8A-F7BFBAA267E4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{39C558C2-94A1-4EAC-A4F7-CBF9A09CAE85}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{3BBA2850-F1CB-4876-B233-12B3EA99FCB7}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{42BC205F-0DC4-410A-99D4-49ABFC93E517}" = protocol=1 | dir=out | [email protected],-28544 | "{54D5F87B-1AFD-468B-9DC0-CF7E71D929D7}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe | "{5AB081A2-04A8-4778-8588-FE4914AC6582}" = protocol=1 | dir=in | [email protected],-28543 | "{782E0702-16FF-47CB-BBCE-CF62C19A0533}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | "{7F34E647-04C7-425E-8CFD-3B617C2FE57A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{86C75B14-C5CD-4219-A54A-A1771D30AF3D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{8F05708E-73ED-4EBA-8D43-832B3C8805AC}" = dir=in | app=c:\program files\msn messenger\livecall.exe | "{93720019-60A3-46A4-B333-6FA5BDFD3772}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{9CC71714-6A32-4BD8-B0A2-62B8F54F2CBA}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe | "{9D0F472F-7C13-4B10-8D23-333FF48CABCB}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{A357F0D9-6967-49F0-B63F-8F9B0F2EB0D6}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{AE215C4F-7589-4E67-9A50-5D8ABAEF51B4}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe | "{B8AB99F2-222F-4F4A-9A08-E20DF6865288}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{BAF97DD7-8683-4687-97F4-E12E2EA74ECA}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe | "{BE28A2AB-52B5-4D54-AB77-3D33DCE5F984}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{BE86BE8F-89FD-48B8-B540-8DCD952510C0}" = protocol=58 | dir=out | [email protected],-28546 | "{C328066E-2B40-4A1B-8221-C11BB4FB3F9E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{E6EDBC03-C86E-438A-ADBC-E0BEA28ED3F8}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe | "{F614F23C-F653-4DBE-B7C1-90148789ACE6}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{FA25FF20-33CA-48E0-949F-3FFEF82ED9AD}" = dir=in | app=c:\program files\itunes\itunes.exe | "TCP Query User{1912B191-34C5-468C-AEE3-6CA8E635857E}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{3477BC3E-1E05-4B5D-959B-6A7DB5E23CE9}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{549454E8-3C03-4B5A-AD9B-EDAF19835F21}C:\program files\frostwire 5\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe | "TCP Query User{58571D07-5824-4765-8792-BD1E2B8CD7A3}C:\program files\cricut-craft room\ccrbridge.exe" = protocol=6 | dir=in | app=c:\program files\cricut-craft room\ccrbridge.exe | "TCP Query User{6693F4C3-6D6B-4CBA-810A-9E5DB2B77110}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe | "TCP Query User{B6FA7940-3D79-42CC-B77C-E6742545B491}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | "TCP Query User{D0E3BA64-E9D2-410B-8CB7-90A44214981E}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe | "TCP Query User{F58BD15D-7245-4108-8FBC-F82A17DC2BE5}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | "UDP Query User{0555CB79-B612-4240-8137-24E49D854914}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | "UDP Query User{2A140609-6FFD-4D8F-8F74-C4B906CB2EF2}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{35804B98-29CD-4BE3-B70F-4207A1087CFB}C:\program files\frostwire 5\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe | "UDP Query User{5FC16C7F-BF14-4EEA-A93C-EBCFA1DC3C48}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | "UDP Query User{7F6EE1E9-336F-40CD-B553-0C2B213E3B7F}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe | "UDP Query User{A81A9171-8CFC-4AF1-B2B4-88036DEA9063}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe | "UDP Query User{C0E6D71B-691F-4D13-9D67-F24DAEECF822}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{C81CC194-2D69-4540-B57A-96E2C7AF2491}C:\program files\cricut-craft room\ccrbridge.exe" = protocol=17 | dir=in | app=c:\program files\cricut-craft room\ccrbridge.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{06FE1146-4FF8-45DF-B0D9-CBA8E38C708C}" = REALTEK USB Wireless LAN Driver"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510" = Canon MP510"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5"{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes"{6FB3A94A-CAA8-4A7B-8E1D-CBB34A5E5FB8}" = KODAK Share Button App"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime"{77E912CE-6396-45B8-90C0-DF402B3D7566}" = BudgetExpress 3"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management"{856480C9-2428-15E1-97BC-685EE2A7B8E6}" = MusicOasis"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0"{B618B8E1-FB71-4237-8361-C3EA3EF15EF7}" = SavetheChildren Reminder by We-Care.com v4.1.18.4"{C99E1908-FDFE-8B4D-2E14-E836ECC4D880}" = Cricut Craft Room®"{CBF3C503-946E-45EA-B347-EACC41781989}" = W Photo Studio"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{CF404C21-47EB-4FA5-B920-91746874ED43}" = Ulead Photo Express My Scrapbook 2.0"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skypeâ„¢ 5.3"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5"{F8024EB8-5B34-46FE-B15D-20ACF26FC20E}" = Hoyle Puzzle and Board Games"00BD1CD47675C125126C80095FCC12CFA4D311DB" = Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)"3D970B9F930E7AAE23C06D39A1AC98548C90B442" = Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)"A622B79B943ECA1F0AECF1FF5BE13D458F345EBB" = Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"Adobe Shockwave Player" = Adobe Shockwave Player 11.6"Agere Systems Soft Modem" = Agere Systems HDA Modem"AI RoboForm" = RoboForm 7-8-3-5 (All Users)"avast" = avast! Free Antivirus"CK Creative Clips and Fonts All Occasions Combo" = CK Creative Clips and Fonts All Occasions Combo"com.cricut.Cricut-CraftRoom" = Cricut Craft Room®"Cricut Driver v2.01" = Cricut Driver v2.01"Cricut DesignStudio" = Cricut DesignStudio"ENTERPRISER" = Microsoft Office Enterprise 2007"Fast Free Converter" = Fast Free Converter"Font Commander_is1" = Font Commander 1.1"FrostWire 5" = FrostWire 5.3.8"Google Chrome" = Google Chrome"Graboid Video" = Graboid Video 3.1"HDMI" = Intel® Graphics Media Accelerator Driver"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"Money2007b" = Microsoft Money Essentials"Monopoly Here & Now Edition" = Monopoly Here & Now Edition"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)"Mozilla Sunbird (0.5)" = Mozilla Sunbird (0.5)"MozillaMaintenanceService" = Mozilla Maintenance Service"MusicOasis" = MusicOasis"NSS" = Norton Security Scan"Quicken WillMaker Plus 2008" = Quicken WillMaker Plus 2008"RealPlayer 15.0" = RealPlayer"SynTPDeinstKey" = Synaptics Pointing Device Driver"uTorrent" = µTorrent"VLC media player" = VLC media player 1.0.1"WeddingFonts1.2" = WeddingFonts"WildTangent gateway Master Uninstall" = Gateway Games"Yahoo! Companion" = Yahoo! Toolbar"Yahoo! Messenger" = Yahoo! Messenger"Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3185870392-4161843172-2390803151-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Consumer Input Firefox Extension" = Consumer Input Firefox Extension (remove only)"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software"RivalGaming" = RivalGaming ========== Last 20 Event Log Errors ========== [ OSession Events ]Error - 5/8/2011 3:22:42 PM | Computer Name = AllisonPC | Source = Microsoft Office 12 Sessions | ID = 7001Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ]Error - 7/1/2013 11:43:57 PM | Computer Name = AllisonPC | Source = ACPI | ID = 327693Description = : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. Error - 7/1/2013 11:44:49 PM | Computer Name = AllisonPC | Source = Service Control Manager | ID = 7000Description = Error - 7/1/2013 11:44:49 PM | Computer Name = AllisonPC | Source = Service Control Manager | ID = 7000Description = < End of report > Edited July 2, 2013 by a_ghost_in_a_shell Link to post Share on other sites
flashh4 Posted July 2, 2013 Report Share Posted July 2, 2013 Good morning Ghost, i had a lot of reading there to do ! It took a long time to go threw them !So some bad news you have some P2P programs installed. This is where you got most of this junk & will continue to get infection in the future using them. I recommend getting rid of them immediately !! Some Malware help sites will not clean the computer unless it is removed. My thing is i warn you this time but if you come back again re-infected it will not be cleaned unless you remove them ! So with that said either remove the P2P programs or refrain from using them till we are done !! Let me know what your choice is ??? P2PThere are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect to become infected & malware to occurOnce upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.Please read these short reports on the dangers of peer-2-peer programs and file sharing.FBI Cyber Education Letter http://www.fbi.gov/cyberinvest/cyberedletter.htmFile sharing infects 500,000 computers http://www.itpro.co.uk/195672/file-sharing-infects-500-000-computersUSAToday http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htminfoworld http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theftBelow are a few more articles on P2P that you may wish to read ....http://www.us-cert.gov/cas/tips/ST05-007.htmlhttp://www.fbi.gov/scams-safety/peertopeer/oeertopeerhttp://www.benedelman.org/spyware/p2p/http://www.pcworld.com/article/126230/i ... works.htmlEither refrain from using this program or simply remove, i would remove it before you become infected with something that we may not be able to clean ! I have seen this happen. !!! These will have to be removed threw control panel add/remove programs !!FrostWire 5MusicOasisuTorrent ========================= Now, these programs need to go/delete threw the Add/remove program in control panel.!PC Optimizer Prospyware terminator ========================= Do you use the Yahoo Toolbar & RoboForm Toolbar ?? Unless you use these a lot they are a bar that's NOT needed but i leave this up to you to remove or not !! ================================== We need to Run an OTL fix !! * Double-click OTL.exe to start the program. * Copy and Paste the following code into the . Do not include the word Code:OTLDRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)IE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/searchIE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGWIE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value foundIE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value foundIE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\..\SearchScopes\{3955EF9F-6E07-4DBC-A09A-26C61426354B}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACGWIE - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\..\SearchScopes\{409DD3B4-D1F8-EC6E-EDBD-2367FDA78762}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z015&form=ZGAIDFIE - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCFF - user.js - File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found[2009/10/24 15:18:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\Extensions[2013/07/01 23:04:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\Firefox\Profiles\pwwscfuq.default\extensions[2012/07/14 00:00:10 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\pwwscfuq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi[2012/11/06 15:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions[2012/08/20 10:51:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]\content[2012/08/20 10:51:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaultsO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.O4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [Easy Dock] File not foundO4 - HKLM..\Run: [eRecoveryService] File not foundO13 - gopher Prefix: missing[2013/07/01 23:43:27 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job[2013/07/01 23:44:39 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\uTorrent :Filesipconfig /flushdns /c:Commands[emptytemp][resethosts][createrestorepoint] [Reboot]# Then click the Run Fix button at the top.# Click # Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.Remember to enable your real time protection. NEXT ESET online scannner >>> http://www.eset.com/onlinescan/Note: You can use either Internet Explorer or Mozilla FireFox for this scan. 1. Firstly please Disable any Antivirus you have active , as shown in This topic. 2. Note: Don't forget to re-enable it after the scan. 3. Next please click on the following link to open a new window to ESET online scannnerhttp://www.eset.com/us/online-scanner/features 4. Then click on: Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. 5. Select the option YES, I accept the Terms of Use then click on: 6. When prompted allow the Add-On/Active X to install. 7. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked. 8. Now click on Advanced Settings and select the following: * Scan for potentially unwanted applications * Scan for potentially unsafe applications * Enable Anti-Stealth Technology 9. Now click on: 10. The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection. 11. When completed the Online Scan will begin automatically. 12. Do not touch either the mouse or keyboard during the scan otherwise it may stall. 13. When completed select Uninstall application on close if you so wish, make sure you copy the logfile first! 14. Now click on: 15. Use notepad to open the log file located at C:\Program Files\ESET\EsetOnlineScanner\log.txt. or may be ESETSmartInstaller@High as CAB hook log: 16. Copy and paste that log as a reply to this topic. Post these logs next !1. OTL fix log2. ESET log ThanksChuck Link to post Share on other sites
a_ghost_in_a_shell Posted July 3, 2013 Author Report Share Posted July 3, 2013 Since my mother doesn't use these programs at all I have removed FrostWire 5, MusicOasis, uTorrent.I also removed Norton Security Scan....because its Norton as well as a number of garbage applications. However both PC Optimizer Pro and Spyware Terminator are not in the add/remove programs list. OTL Fix. All processes killed========== OTL ==========Service NwlnkFwd stopped successfully!Service NwlnkFwd deleted successfully!File system32\DRIVERS\nwlnkfwd.sys not found.Service NwlnkFlt stopped successfully!Service NwlnkFlt deleted successfully!File system32\DRIVERS\nwlnkflt.sys not found.Service IpInIp stopped successfully!Service IpInIp deleted successfully!File system32\DRIVERS\ipinip.sys not found.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKEY_USERS\S-1-5-21-3185870392-4161843172-2390803151-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!Registry key HKEY_USERS\S-1-5-21-3185870392-4161843172-2390803151-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.Registry key HKEY_USERS\S-1-5-21-3185870392-4161843172-2390803151-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3955EF9F-6E07-4DBC-A09A-26C61426354B}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3955EF9F-6E07-4DBC-A09A-26C61426354B}\ not found.Registry key HKEY_USERS\S-1-5-21-3185870392-4161843172-2390803151-1000\Software\Microsoft\Internet Explorer\SearchScopes\{409DD3B4-D1F8-EC6E-EDBD-2367FDA78762}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{409DD3B4-D1F8-EC6E-EDBD-2367FDA78762}\ not found.Registry key HKEY_USERS\S-1-5-21-3185870392-4161843172-2390803151-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.C:\Users\Christopher\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components folder moved successfully.C:\Users\Christopher\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome folder moved successfully.C:\Users\Christopher\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] folder moved successfully.C:\Users\Christopher\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} folder moved successfully.C:\Users\Christopher\AppData\Roaming\mozilla\Extensions folder moved successfully.C:\Users\Christopher\AppData\Roaming\mozilla\Firefox\Profiles\pwwscfuq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.C:\Users\Christopher\AppData\Roaming\mozilla\Firefox\Profiles\pwwscfuq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.C:\Users\Christopher\AppData\Roaming\mozilla\Firefox\Profiles\pwwscfuq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.C:\Users\Christopher\AppData\Roaming\mozilla\Firefox\Profiles\pwwscfuq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.C:\Users\Christopher\AppData\Roaming\mozilla\Firefox\Profiles\pwwscfuq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.C:\Users\Christopher\AppData\Roaming\mozilla\Firefox\Profiles\pwwscfuq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.C:\Users\Christopher\AppData\Roaming\mozilla\Firefox\Profiles\pwwscfuq.default\extensions folder moved successfully.File C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\pwwscfuq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi not found.C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\preferences folder moved successfully.C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults folder moved successfully.C:\Program Files\Mozilla Firefox\extensions\[email protected]\content folder moved successfully.C:\Program Files\Mozilla Firefox\extensions\[email protected] folder moved successfully.C:\Program Files\Mozilla Firefox\extensions folder moved successfully.Folder C:\Program Files\Mozilla Firefox\extensions\[email protected]\content\ not found.Folder C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\ not found.Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Easy Dock deleted successfully.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService deleted successfully.C:\Windows\Tasks\PC Optimizer Pro startups.job moved successfully.Folder C:\Users\Christopher\AppData\Roaming\uTorrent :Files\ not found.========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Christopher->Temp folder emptied: 674536670 bytes->Temporary Internet Files folder emptied: 98230895 bytes->Java cache emptied: 5567906 bytes->FireFox cache emptied: 69025991 bytes->Google Chrome cache emptied: 9581502 bytes->Flash cache emptied: 3820915 bytes User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Incomplete User: Public %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 45230992 bytesRecycleBin emptied: 0 bytes Total Files Cleaned = 864.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully.HOSTS file reset successfullyError: Unable to interpret <[createrestorepoint] [Reboot]> in the current context! OTL by OldTimer - Version 3.2.69.0 log created on 07032013_004253 Files\Folders moved on Reboot...C:\Users\Christopher\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SC0D9FQT\tooltip-arrow[1].png moved successfully.C:\Users\Christopher\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3X9XGWE\nag-btn-green-middle[1].png moved successfully.C:\Windows\temp\_avast_\unp172464477.tmp moved successfully.File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... ESET (I had to run this three times to get it to actually finish once. The first time it claimed it found multiple threats but the scan never finished, then the computer shut off during the second scan, the log below is the result of the third scan which said that there were no threats found.) ESETSmartInstaller@High as downloader log:Can not read file from internet.ESETSmartInstaller@High as downloader log:Can not read file from internet.Can not read file from internet.ESETSmartInstaller@High as downloader log:Can not read file from internet.# version=8# OnlineScannerApp.exe=1.0.0.1# OnlineScanner.ocx=1.0.0.6920# api_version=3.0.2# EOSSerial=971fd631a4064549acecd99584ba7a46# engine=14262# end=finished# remove_checked=false# archives_checked=false# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2013-07-03 11:21:33# local_time=2013-07-03 07:21:33 (-0500, Eastern Daylight Time)# country="United States"# lang=1033# osver=6.0.6002 NT Service Pack 2# compatibility_mode=771 16777213 100 91 40972945 148681965 0 0# compatibility_mode=5892 16776573 100 100 17843895 209501221 0 0# scanned=139542# found=0# cleaned=0# scan_time=1925 Link to post Share on other sites
flashh4 Posted July 4, 2013 Report Share Posted July 4, 2013 Ghost, that cleaned up real good. Double click OTL.exe to launch the program.Click on the CleanUp! button.OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.Select Yes. when the "Begin cleanup Process?" prompt appears.If you are prompted to Reboot during the cleanup, select Yes.When finished exit out of OTLThe tool will delete itself once it finishes, if not delete it by yourself. =================== I will give you my all clean speech now ! I know you may have some of these installed, this is just my standard all clean speech !Congratulation you are clean !!!Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.Here are some tips to reduce the potential for spyware infection in the future: 1. Make your Internet Explorer more secure - This can be done by following these simple instructions: * From within Internet Explorer click on the Tools menu and then click on Options. * Click once on the Security tab * Click once on the Internet icon so it becomes highlighted. * Click once on the Custom Level button. * Change the Download signed ActiveX controls to Prompt * Change the Download unsigned ActiveX controls to Disable * Change the Initialize and script ActiveX controls not marked as safe to Disable * Change the Installation of desktop items to Prompt * Change the Launching programs and files in an IFRAME to Prompt * Change the Navigate sub-frames across different domains to Prompt * When all these settings have been made, click on the OK button. * If it prompts you as to whether or not you want to save the settings, press the Yes button. * Next press the Apply button and then the OK to exit the Internet Properties page. 2. Enable Protected Mode in Internet Explorer . This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps: * Open Internet Explorer * Click on Tools > Internet Options * Press Security tab * Select Internet zone then place check next to Enable Protected Mode if not already done * Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply * Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.NOTE: Fire Fox is a great browser also >>> http://www.mozilla.org/en-US/firefox/fx/I use & like FireFox !!3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection. 4. Firewall Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here. **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:Online Armor Free Online Armor FreeAgnitum Outpost Firewall Free Agnitum Outpost Firewall5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open. 6. Consider a custom hosts file such as MVPS HOSTS This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file. 7. WOT (Web of Trust) WOT As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.8.Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place A must is a great Antivirus, i recommend you using AVAST its free >>> http://www.avast.com/free-antivirus-downloadYou are behind on some updates, please visit the Secunia Software Inspector >>>http://secunia.com/vulnerability_scanning/online/ Update any vulnerable software you have. Many malware now use zero day exploits in outdated versions of browsers and third party programs like Flash Player,Java Runtime , Winzip, Acrobat Reader etc to allow them to install silently without your knowledge or detection by your antivirus protection.To insure better safety, these are a must have:Rule #1 ........ Good AntivirusRule #2 ........ Good FirewallRule #3 ........ Good Router is Great ! (optional but best)Happy surfing and Stay CleanChuck Let me know how it's running ? It may be a tad slow the first few reboots but will increase !! Link to post Share on other sites
flashh4 Posted July 7, 2013 Report Share Posted July 7, 2013 Ghost did we solve your problem ? Let me know so i can lock this thread ! ThanksChuck Link to post Share on other sites
flashh4 Posted July 8, 2013 Report Share Posted July 8, 2013 Ghost, 5 days with no response so i'm locking this thread, if you need it re-opened PM me or another Mod ! ThanksChuck Link to post Share on other sites
Recommended Posts