Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware virus ad spyware removal [Closed]

Started by mugrage , Jun 12 2013 08:44 AM

This topic is locked

#1
mugrage

Posted 12 June 2013 - 08:44 AM

New Member

Member
1 posts

My internet runs at 5 or 6 and I am paying for 30. I have tried CCleaner already it helped some. I tried switching from AVG Free 2013 to Avast Free The internet closes and reopens when I look for things and some sights are not running properly. The hard drive in my computer is running hard. The fan runs a lot.The clock on my computer will not stay at the correct time (which has been that way for over a year).
OTL logfile created on: 6/12/2013 7:01:51 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\nancy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 44.68% Memory free
3.87 Gb Paging File | 2.28 Gb Available in Paging File | 58.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.65 Gb Total Space | 166.62 Gb Free Space | 76.20% Space Free | Partition Type: NTFS
Drive D: | 13.94 Gb Total Space | 2.30 Gb Free Space | 16.48% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 95.06 Mb Free Space | 95.84% Space Free | Partition Type: FAT32
Drive F: | 365.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: NANCY-PC | User Name: nancy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/12 06:59:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\nancy\Downloads\OTL (1).exe
PRC - [2013/06/03 17:45:53 | 000,308,368 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2013/06/01 06:59:06 | 001,226,928 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
PRC - [2013/06/01 06:59:06 | 001,015,984 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
PRC - [2013/05/21 17:50:44 | 003,623,200 | ---- | M] (Sendori) -- C:\Program Files (x86)\Sendori\sndappv2.exe
PRC - [2013/05/21 17:50:44 | 000,196,896 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriUp.exe
PRC - [2013/05/21 17:50:44 | 000,119,072 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriSvc.exe
PRC - [2013/05/21 17:50:44 | 000,083,232 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriTray.exe
PRC - [2013/05/21 17:50:44 | 000,019,744 | ---- | M] (sendori) -- C:\Program Files (x86)\Sendori\Sendori.Service.exe
PRC - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 01:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 01:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/05/07 23:18:34 | 002,852,640 | ---- | M] (Conduit) -- C:\Users\nancy\AppData\Roaming\SearchProtect\bin\cltmng.exe
PRC - [2013/05/07 23:18:34 | 000,097,056 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
PRC - [2013/04/10 17:11:52 | 000,168,592 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2013/01/26 09:55:57 | 000,685,856 | ---- | M] () -- C:\ProgramData\IBUpdaterService\ibsvc.exe
PRC - [2012/07/26 13:46:48 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2011/07/29 13:45:56 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2013/06/01 06:59:06 | 000,158,384 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\SiteSafety.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/05/09 01:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/06/24 15:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/01/18 15:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/06/11 19:57:05 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/01 06:59:06 | 001,015,984 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe -- (vToolbarUpdater15.2.0)
SRV - [2013/05/21 17:50:44 | 003,623,200 | ---- | M] (Sendori) [Auto | Running] -- C:\Program Files (x86)\Sendori\sndappv2.exe -- (sndappv2)
SRV - [2013/05/21 17:50:44 | 000,119,072 | ---- | M] (Sendori, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sendori\SendoriSvc.exe -- (Application Sendori)
SRV - [2013/05/21 17:50:44 | 000,019,744 | ---- | M] (sendori) [Auto | Running] -- C:\Program Files (x86)\Sendori\Sendori.Service.exe -- (Service Sendori)
SRV - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/07 23:18:34 | 000,097,056 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/04/10 17:11:52 | 000,168,592 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013/01/26 09:55:57 | 000,685,856 | ---- | M] () [Auto | Running] -- C:\ProgramData\IBUpdaterService\ibsvc.exe -- (IBUpdaterService)
SRV - [2012/07/26 13:46:48 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/01 06:59:06 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/05/09 01:59:07 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/05/09 01:59:07 | 000,378,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/05/09 01:59:07 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/05/09 01:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/05/09 01:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/05/09 01:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/05/09 01:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/05/09 01:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/01/05 12:22:08 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/10/12 16:35:26 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/08 01:46:56 | 001,225,832 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/04/13 09:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/09/22 18:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchfunmood...yE&cr=390514933
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {6ec5b552-6d23-4e05-a153-32aa26f7d9e8} - C:\Program Files (x86)\FLV_Runner_B\prxtbFLV_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {E58203D6-FF6E-47A0-905F-4428C30B15E0}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchfunmood...yE&cr=390514933
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=07-11-2012
IE - HKLM\..\SearchScopes\{5AEC2371-70EF-3194-400F-21B03ED88739}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...FE90&SSPV=TB_C5
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\..\SearchScopes,DefaultScope = {E58203D6-FF6E-47A0-905F-4428C30B15E0}
IE - HKCU\..\SearchScopes\{42795947-61B3-421B-BC09-94B0D5804F21}: "URL" = http://www.google.co...1I7RLTB_enUS539
IE - HKCU\..\SearchScopes\{5BC0D922-CCD0-459A-9E4A-13D2D9BCA1D4}: "URL" = http://www.inboxdoll...q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg....sa&d=2013-06-01 06:59:16&v=15.2.0.5&pid=safeguard&sg=1&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{C7C52C58-BDD3-47FD-B583-9D2AB0A4A887}: "URL" = http://search.yahoo....06,17118,0,18,0
IE - HKCU\..\SearchScopes\{E58203D6-FF6E-47A0-905F-4428C30B15E0}: "URL" = http://search.condui...UM=2&SSPV=TB_C5
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\nancy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\statuswinks@StatusWinks: C:\Users\nancy\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2013/01/26 09:59:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5 [2013/06/01 06:59:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\statuswinks@StatusWinks: C:\Users\nancy\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2013/01/26 09:59:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\nancy\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/01/26 09:59:33 | 000,000,000 | ---D | M]

[2013/01/26 09:59:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nancy\AppData\Roaming\Mozilla\Extensions
[2013/01/26 09:59:33 | 000,000,000 | ---D | M] (Special Savings) -- C:\Users\nancy\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/01/26 09:59:03 | 000,000,000 | ---D | M] (Smiley Bar for Facebook) -- C:\Users\nancy\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
[2013/01/26 09:59:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.condui...=CT3289847&UM=2
CHR - default_search_provider: suggest_url = http://suggest.searc...0242616361&UM=2
CHR - homepage: http://search.condui...0242616361&UM=2
CHR - plugin: Silverlight (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Privacy SafeGuard = C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.1_0\
CHR - Extension: avast! Online Security = C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: Smiley Bar for Facebook = C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgojaaaiddhmiiakpejiklijbalpckih\1.0.0.5_0\
CHR - Extension: Wajam = C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: Gmail = C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Privacy Safeguard BHO) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll (PrivacySafeguard)
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (MyPoints Point Finder BHO) - {614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A} - C:\Program Files (x86)\MyPoints Point Finder\Toolbar.dll ()
O2 - BHO: (FLV Runner B Toolbar) - {6ec5b552-6d23-4e05-a153-32aa26f7d9e8} - C:\Program Files (x86)\FLV_Runner_B\prxtbFLV_.dll (Conduit Ltd.)
O2 - BHO: (InboxDollars BHO) - {6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4} - C:\Program Files (x86)\InboxDollars\Toolbar.dll ()
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO)
O2 - BHO: (Google Analytics Opt-out Browser Add-on) - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Privacy Safeguard BHO) - {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll (PrivacySafeguard)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (InboxDollars BHO) - {ACE8B0DF-127A-C054-117D-816951AE85BC} - C:\Program Files (x86)\InboxDollars\Toolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (InboxDollars) - {3FABEEE8-9237-CDE4-D1F2-6648F4D1C386} - C:\Program Files (x86)\InboxDollars\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (InboxDollars) - {47980628-3844-42AA-A0DD-E2D86BBA9600} - C:\Program Files (x86)\InboxDollars\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (FLV Runner B Toolbar) - {6ec5b552-6d23-4e05-a153-32aa26f7d9e8} - C:\Program Files (x86)\FLV_Runner_B\prxtbFLV_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files (x86)\MyPoints Point Finder\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (InboxDollars) - {3FABEEE8-9237-CDE4-D1F2-6648F4D1C386} - C:\Program Files (x86)\InboxDollars\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (InboxDollars) - {47980628-3844-42AA-A0DD-E2D86BBA9600} - C:\Program Files (x86)\InboxDollars\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (FLV Runner B Toolbar) - {6EC5B552-6D23-4E05-A153-32AA26F7D9E8} - C:\Program Files (x86)\FLV_Runner_B\prxtbFLV_.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files (x86)\MyPoints Point Finder\Toolbar.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKLM..\Run: [Sendori Tray] C:\Program Files (x86)\Sendori\SendoriTray.exe (Sendori, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe (AVG Secure Search)
O4 - HKCU..\Run: [SearchProtect] C:\Users\nancy\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\Sendori.dll (Sendori)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinn...man/hangman.cab (Hangman Control)
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} http://www.worldwinn...royal/royal.cab (Royal Control)
O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} http://www.worldwinn...i/mysterypi.cab (MysteryPI Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.115.71.53 68.113.206.10 66.189.0.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{348B4DFF-5D25-4822-B6C6-6DDAC66A46B8}: DhcpNameServer = 68.115.71.53 68.113.206.10 66.189.0.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{348B4DFF-5D25-4822-B6C6-6DDAC66A46B8}: NameServer = 68.115.71.53,68.113.206.10,66.189.0.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D2B2474-A484-40A1-92D0-0451108D8D50}: DhcpNameServer = 68.115.71.53 68.113.206.10 66.189.0.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D2B2474-A484-40A1-92D0-0451108D8D50}: NameServer = 216.146.35.240,216.146.36.240,68.115.71.53,68.113.206.10,66.189.0.100
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2000/12/25 19:54:44 | 000,000,031 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{341c5406-f23d-11e1-8475-c80aa9b5b5a3}\Shell - "" = AutoRun
O33 - MountPoints2\{341c5406-f23d-11e1-8475-c80aa9b5b5a3}\Shell\AutoRun\command - "" = G:\VideoConvert.exe
O33 - MountPoints2\{cd5a37fc-ee36-11e1-8c5b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cd5a37fc-ee36-11e1-8c5b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- [2008/01/12 22:08:26 | 000,040,448 | R--- | M] (FUJIFILM Corporation)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\VideoConvert.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/11 14:40:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/06/11 14:39:17 | 000,378,432 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/06/11 14:39:17 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/06/11 14:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/06/11 14:39:16 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/06/11 14:39:16 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/06/11 14:39:16 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/06/11 14:39:14 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/06/11 14:39:10 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/06/11 14:38:18 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/06/11 14:37:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/06/11 14:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/06/11 14:27:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OI App Manager
[2013/06/11 14:27:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileOpenerPro
[2013/06/11 14:27:39 | 000,000,000 | ---D | C] -- C:\Users\nancy\AppData\Local\SwvUpdater
[2013/06/11 14:26:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/06/11 14:26:51 | 000,000,000 | ---D | C] -- C:\Users\nancy\AppData\Roaming\SearchProtect
[2013/06/11 14:26:50 | 000,000,000 | ---D | C] -- C:\Users\nancy\AppData\Local\CRE
[2013/06/10 15:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/06/10 15:12:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/06/04 07:42:54 | 000,000,000 | -HSD | C] -- C:\found.000
[2013/06/03 17:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/06/03 17:44:21 | 000,000,000 | ---D | C] -- C:\Users\nancy\AppData\Roaming\Google
[2013/06/03 17:43:53 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/06/03 17:43:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2013/06/03 17:43:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/06/02 09:39:04 | 000,000,000 | ---D | C] -- C:\Users\nancy\AppData\Local\AVG SafeGuard toolbar
[2013/06/01 06:59:30 | 000,000,000 | ---D | C] -- C:\Users\nancy\AppData\Roaming\1O1L1I1PtF1F1C1N
[2013/06/01 06:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/06/01 06:59:14 | 000,045,856 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/06/01 06:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/06/01 06:59:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2013/05/30 06:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/05/30 06:41:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/05/30 06:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/05/16 13:34:49 | 000,000,000 | ---D | C] -- C:\Users\nancy\AppData\Roaming\Apple Computer
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/12 07:00:27 | 000,001,141 | ---- | M] () -- C:\Users\nancy\Desktop\OTL (1) - Shortcut.lnk
[2013/06/12 06:55:07 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/12 06:55:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/12 06:36:09 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/12 06:36:09 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/12 06:26:41 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/12 06:26:16 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2013/06/12 06:25:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/12 06:24:22 | 1556,291,584 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/11 15:38:42 | 000,000,000 | ---- | M] () -- C:\END
[2013/06/11 14:39:19 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/06/11 14:39:14 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/06/10 15:12:19 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/06/06 07:06:22 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/06/04 07:44:00 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2013/06/04 06:53:07 | 000,002,243 | ---- | M] () -- C:\Users\nancy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/06/01 06:59:06 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/05/30 06:41:40 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/05/28 09:14:09 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFornancy.job
[2013/05/22 18:25:03 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/05/22 18:25:01 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/05/21 17:50:42 | 000,325,920 | ---- | M] (Sendori) -- C:\Windows\SysWow64\Sendori.dll
[2013/05/15 13:05:06 | 000,418,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/15 07:46:17 | 000,740,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/15 07:46:17 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/15 07:46:17 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/12 07:00:27 | 000,001,141 | ---- | C] () -- C:\Users\nancy\Desktop\OTL (1) - Shortcut.lnk
[2013/06/11 14:39:19 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/06/11 14:39:16 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/06/11 14:39:15 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/06/11 14:39:14 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/06/11 14:27:39 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\AmiUpdXp.job
[2013/06/10 15:12:19 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/06/04 07:44:00 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2013/06/03 17:45:32 | 000,002,243 | ---- | C] () -- C:\Users\nancy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/06/03 17:45:32 | 000,002,143 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/06/03 17:43:41 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/03 17:43:40 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/30 06:41:40 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/05/22 18:25:03 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/05/22 18:25:01 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/01/26 09:59:45 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/11/13 20:28:56 | 000,000,258 | RHS- | C] () -- C:\Users\nancy\ntuser.pol
[2012/11/13 20:28:15 | 000,290,500 | ---- | C] () -- C:\Users\nancy\AppData\Local\funmoods-speeddial_sf.crx
[2012/11/13 20:28:15 | 000,031,465 | ---- | C] () -- C:\Users\nancy\AppData\Local\funmoods.crx
[2012/11/13 20:26:22 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/08/24 14:31:29 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/08/24 14:27:48 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2012/08/24 14:27:48 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/06/01 06:59:30 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\1O1L1I1PtF1F1C1N
[2012/09/07 19:03:13 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Amazon
[2013/04/24 16:58:00 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\AVG
[2013/01/26 09:58:13 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Babylon
[2012/08/29 18:59:00 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Coby
[2012/08/29 19:08:49 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Coby Media Manager
[2013/01/12 18:31:54 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\com.amazon.music.uploader
[2012/09/08 12:35:31 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\e-academy Inc
[2013/03/19 09:34:16 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Fighters
[2013/06/11 14:32:26 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\SearchProtect
[2013/01/26 09:59:33 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\SpecialSavings
[2013/01/26 09:59:02 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\StatusWinks
[2012/09/19 15:24:25 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\TuneUp Software

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 181 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >
OTL Extras logfile created on: 6/12/2013 7:01:51 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\nancy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 44.68% Memory free
3.87 Gb Paging File | 2.28 Gb Available in Paging File | 58.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.65 Gb Total Space | 166.62 Gb Free Space | 76.20% Space Free | Partition Type: NTFS
Drive D: | 13.94 Gb Total Space | 2.30 Gb Free Space | 16.48% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 95.06 Mb Free Space | 95.84% Space Free | Partition Type: FAT32
Drive F: | 365.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: NANCY-PC | User Name: nancy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02FB3B19-B3AA-4843-8200-FE2AB2ED1133}" = lport=137 | protocol=17 | dir=in | app=system |
"{0378000F-F55F-4A48-9813-4E048EF7D29E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0459812C-F1E2-4DA8-892C-713927463E9D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0ADC486B-0C08-42AA-B86D-69D43A52ADE5}" = rport=138 | protocol=17 | dir=out | app=system |
"{125CF825-4C4A-44ED-9A1F-80D550886C28}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1FFBFE64-33F3-4DE5-960E-11E8517F99A3}" = lport=445 | protocol=6 | dir=in | app=system |
"{254E86C7-D6F8-47FD-9F35-F76D1591B101}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{424A05FE-DFFB-45AE-A150-0A3E6DC2C595}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5474C9F1-F79F-488D-A4D9-2318AA75EA5A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{55D3E326-93F7-45E5-A3A8-380DAE8E0EE9}" = rport=445 | protocol=6 | dir=out | app=system |
"{6753662A-0C90-4343-B8D3-78F47954BE84}" = lport=139 | protocol=6 | dir=in | app=system |
"{69E71AB4-AC5D-45BB-90F1-A4B057E12161}" = rport=139 | protocol=6 | dir=out | app=system |
"{8084B018-2FFA-42AC-B20F-26EDA3C9669E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9085F97B-F400-488A-8417-475D4EFE9A26}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ABA684AB-AF53-439D-9528-0EFFA2FF2E9F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B24094C9-0BB0-4E1F-A119-73BD3D9464E1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BD55964F-F1BA-4271-AD9E-76D14623979B}" = lport=138 | protocol=17 | dir=in | app=system |
"{CDB6C200-6273-4190-A796-9F5E5F450934}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D48C701F-0274-44A2-A340-D6B613A29413}" = rport=137 | protocol=17 | dir=out | app=system |
"{DC3D2335-7531-4145-A42E-901A57E3954C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{E0CF4EA9-334D-4A5A-8317-CA49A4022E63}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FEDC2356-28FC-4127-A299-A4D1F7D4A550}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B5D279-7DAA-4126-8062-BF5AC666B856}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{103DF1E5-0C4E-4311-8F99-944F2F4AF384}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{15EC3353-67BA-453F-9066-D15697DFA44E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{200F0875-5558-46AF-8AB6-8AD919A6ABDE}" = protocol=58 | dir=in | [email protected],-28545 |
"{24F64F5E-11FE-4005-BB1D-BF5AB95CDAC9}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe |
"{301B133B-31C4-4519-BD0B-7C40E4AF0DC4}" = protocol=6 | dir=in | app=c:\program files (x86)\mypoints point finder\toolbarupdate.exe |
"{3EE1636D-1E17-46D1-A8D1-FD69EB481F2E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{495FFAE4-2C08-4DC1-81E4-A2AF1F4E7F9C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{57A11F4F-BA02-4116-B67F-6D1DDB07A375}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{674E6936-804F-4AA8-8EC7-8B3617AC3CA9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{6A6E1DDB-4C6B-4873-B992-58BE2B619490}" = protocol=6 | dir=in | app=c:\program files (x86)\mypoints point finder\troubleshooter.exe |
"{73720B53-B289-452D-9BC4-9A2A7114904A}" = protocol=17 | dir=in | app=c:\program files (x86)\mypoints point finder\toolbarupdate.exe |
"{7B5EAAA6-9DC1-48BD-8CB2-B6843C0AF2FC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7BD126A6-7135-44C3-B375-A24466B0E619}" = protocol=6 | dir=out | app=system |
"{81FABB12-BEE9-483D-AFCD-54048A56CF71}" = protocol=1 | dir=in | [email protected],-28543 |
"{827C15AB-683E-4F0C-A7E7-865CE874D29E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{84267728-E0F6-49C7-8CF6-D61489EE3691}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8615AA4B-492F-49D8-9BDC-352CC119D96A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{86E83FCA-E06F-4060-8B6E-BDC1833750F4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{91D5BB1A-BD13-423B-B9B2-8217EA3B276C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{9EA09233-CB6F-4373-A1CE-98A56315ED30}" = protocol=17 | dir=in | app=c:\program files (x86)\inboxdollars\troubleshooter.exe |
"{9EFF5084-DC04-4020-8A17-C7BF71EE2F06}" = protocol=17 | dir=in | app=c:\program files (x86)\mypoints point finder\troubleshooter.exe |
"{A09FE1A3-EE74-4BCE-9EE3-673623ED8130}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe |
"{A1B65694-90AB-42A5-9530-0AECAE703BF6}" = protocol=1 | dir=out | [email protected],-28544 |
"{A2E41E08-81A2-4687-8CAB-9E79E2870C98}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B91121CD-5272-4F09-B0D9-1BAC4764E500}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BBD8071F-BB90-43B0-913C-1FAB2564244A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{CBD0B02B-EE24-4758-BDA9-BA2B943DBA50}" = protocol=6 | dir=in | app=c:\program files (x86)\inboxdollars\troubleshooter.exe |
"{CC7F94E9-EE37-46BE-A204-7097CD2F0093}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D570C120-69C5-4427-956F-8E1E2188E523}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E5692B1E-08CB-4AC7-8A9D-391BBC97468F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFC927A1-3A0D-4A2A-919D-899CD04A5B89}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FDBC9674-05B0-428B-88BD-A52788EC6D6C}" = protocol=58 | dir=out | [email protected],-28546 |
"TCP Query User{0219699A-A7DA-4C02-8358-E1BC884860FF}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe |
"UDP Query User{851B8904-5B13-4388-81F1-C2F4DEC5EAAE}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd
"{10F539B1-31AF-43BF-9F0C-0EB66E918922}" = HP Quick Launch
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft Mouse and Keyboard Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1" = Privacy SafeGuard version 1.1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{305706E3-A7FC-466F-8594-AD4522951418}" = Jewel Quest Mysteries Trail of the Midnight Heart
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6CEF2BC6-8929-44EE-8360-175513E1A49A}" = Secure Download Manager
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{901F0D4C-009D-1112-8DE4-03599E7B0C5C}" = REALTEK Wireless LAN Software
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97174E88-52F9-445A-A28E-704A45332D19}" = HP Software Framework
"{98823CC0-51DA-565C-FF90-DCC72D47BD24}" = Amazon Music Importer
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{C4A97DDB-06E8-48E4-8853-51629358AB60}" = Coby Media Manager
"{CE6F9778-35DE-42D1-8C61-C5C69DCF8927}" = Google Analytics Opt-out Browser Add-on
"{EAFE6D16-60E4-49A6-ACAC-34CB37E95FB7}" = Jewel Quest Heritage
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"avast" = avast! Free Antivirus
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"com.amazon.music.uploader" = Amazon Music Importer
"ffdshow_is1" = ffdshow v1.1.4369 [2012-03-03]
"fileopenerpro" = File Opener Pro
"FLV_Runner_B Toolbar" = FLV Runner B Toolbar
"funmoods" = Funmoods
"Google Chrome" = Google Chrome
"InboxDollars" = InboxDollars
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"MyFinePix Studio_is1" = FUJIFILM MyFinePix Studio 3.2
"MyPoints Point Finder" = MyPoints Point Finder
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OI App Manager" = OI App Manager
"SearchProtect" = Search Protect by conduit
"Sendori" = Sendori
"Trusted Software Assistant_is1" = File Type Assistant
"Updater Service" = Updater Service
"Video Downloader" = Video Downloader
"VLC media player" = VLC media player 2.0.0
"Wajam" = Wajam
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Reader Free Download Packages" = Adobe Reader Free Download Packages
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/3/2013 10:06:09 PM | Computer Name = nancy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ibsvc.exe, version: 14.12.8.9, time stamp:
0x510278e3 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0xc48 Faulting application
start time: 0x01ce60c809dbb863 Faulting application path: C:\ProgramData\IBUpdaterService\ibsvc.exe
Faulting
module path: unknown Report Id: 52185e7a-ccbb-11e2-aa56-c80aa9b5b5a3

Error - 6/3/2013 10:07:41 PM | Computer Name = nancy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: DRIVERfighter.exe, version: 0.0.0.0, time
stamp: 0x506599ee Faulting module name: DRIVERfighter.exe, version: 0.0.0.0, time
stamp: 0x506599ee Exception code: 0xc0000417 Fault offset: 0x000802d1 Faulting process
id: 0xbe4 Faulting application start time: 0x01ce60c80394f78a Faulting application
path: C:\Program Files (x86)\Fighters\DRIVERfighter\DRIVERfighter.exe Faulting module
path: C:\Program Files (x86)\Fighters\DRIVERfighter\DRIVERfighter.exe Report Id:
894fa4ad-ccbb-11e2-aa56-c80aa9b5b5a3

Error - 6/4/2013 6:25:01 AM | Computer Name = nancy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ibsvc.exe, version: 14.12.8.9, time stamp:
0x510278e3 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x8ac Faulting application
start time: 0x01ce610db7023b54 Faulting application path: C:\ProgramData\IBUpdaterService\ibsvc.exe
Faulting
module path: unknown Report Id: 032994df-cd01-11e2-b55c-c80aa9b5b5a3

Error - 6/4/2013 6:25:44 AM | Computer Name = nancy-PC | Source = SendoriService | ID = 99
Description = Object reference not set to an instance of an object.

Error - 6/4/2013 6:26:43 AM | Computer Name = nancy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: DRIVERfighter.exe, version: 0.0.0.0, time
stamp: 0x506599ee Faulting module name: DRIVERfighter.exe, version: 0.0.0.0, time
stamp: 0x506599ee Exception code: 0xc0000417 Fault offset: 0x000802d1 Faulting process
id: 0x804 Faulting application start time: 0x01ce610db59f8e4c Faulting application
path: C:\Program Files (x86)\Fighters\DRIVERfighter\DRIVERfighter.exe Faulting module
path: C:\Program Files (x86)\Fighters\DRIVERfighter\DRIVERfighter.exe Report Id:
3f9a0554-cd01-11e2-b55c-c80aa9b5b5a3

Error - 6/4/2013 9:53:00 AM | Computer Name = nancy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ibsvc.exe, version: 14.12.8.9, time stamp:
0x510278e3 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x59c Faulting application
start time: 0x01ce612acb073c9c Faulting application path: C:\ProgramData\IBUpdaterService\ibsvc.exe
Faulting
module path: unknown Report Id: 1160ab5c-cd1e-11e2-a6e9-c80aa9b5b5a3

Error - 6/4/2013 9:54:00 AM | Computer Name = nancy-PC | Source = SendoriService | ID = 99
Description = Object reference not set to an instance of an object.

Error - 6/4/2013 9:54:57 AM | Computer Name = nancy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: DRIVERfighter.exe, version: 0.0.0.0, time
stamp: 0x506599ee Faulting module name: DRIVERfighter.exe, version: 0.0.0.0, time
stamp: 0x506599ee Exception code: 0xc0000417 Fault offset: 0x000802d1 Faulting process
id: 0xa04 Faulting application start time: 0x01ce612acfa64885 Faulting application
path: C:\Program Files (x86)\Fighters\DRIVERfighter\DRIVERfighter.exe Faulting module
path: C:\Program Files (x86)\Fighters\DRIVERfighter\DRIVERfighter.exe Report Id:
56d642ee-cd1e-11e2-a6e9-c80aa9b5b5a3

Error - 6/4/2013 10:12:33 AM | Computer Name = nancy-PC | Source = SendoriService | ID = 99
Description = Object reference not set to an instance of an object.

Error - 6/4/2013 10:13:43 AM | Computer Name = nancy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: DRIVERfighter.exe, version: 0.0.0.0, time
stamp: 0x506599ee Faulting module name: DRIVERfighter.exe, version: 0.0.0.0, time
stamp: 0x506599ee Exception code: 0xc0000417 Fault offset: 0x000802d1 Faulting process
id: 0xc40 Faulting application start time: 0x01ce612d7068e96d Faulting application
path: C:\Program Files (x86)\Fighters\DRIVERfighter\DRIVERfighter.exe Faulting module
path: C:\Program Files (x86)\Fighters\DRIVERfighter\DRIVERfighter.exe Report Id:
f62be944-cd20-11e2-a60c-c80aa9b5b5a3

Error - 6/4/2013 8:08:37 PM | Computer Name = nancy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ibsvc.exe, version: 14.12.8.9, time stamp:
0x510278e3 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x56c Faulting application
start time: 0x01ce6180cc5538ac Faulting application path: C:\ProgramData\IBUpdaterService\ibsvc.exe
Faulting
module path: unknown Report Id: 114e5bc3-cd74-11e2-8eab-c80aa9b5b5a3

Error - 6/5/2013 10:22:00 AM | Computer Name = nancy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ibsvc.exe, version: 14.12.8.9, time stamp:
0x510278e3 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x880 Faulting application
start time: 0x01ce61f7f0a3ad2e Faulting application path: C:\ProgramData\IBUpdaterService\ibsvc.exe
Faulting
module path: unknown Report Id: 486de7c6-cdeb-11e2-b023-c80aa9b5b5a3

[ Hewlett-Packard Events ]
Error - 11/26/2012 3:19:43 PM | Computer Name = nancy-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 11/26/2012 3:20:39 PM | Computer Name = nancy-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 12/3/2012 3:40:04 PM | Computer Name = nancy-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 12/10/2012 4:09:39 PM | Computer Name = nancy-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 12/10/2012 4:16:46 PM | Computer Name = nancy-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 12/10/2012 4:21:02 PM | Computer Name = nancy-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 12/10/2012 4:23:43 PM | Computer Name = nancy-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 12/10/2012 4:24:09 PM | Computer Name = nancy-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 12/17/2012 9:21:31 PM | Computer Name = nancy-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 12/17/2012 9:21:31 PM | Computer Name = nancy-PC | Source = HPSF.exe | ID = 4000
Description =

[ Media Center Events ]
Error - 8/28/2012 7:49:25 PM | Computer Name = nancy-PC | Source = MCUpdate | ID = 0
Description = 4:48:53 PM - Failed to retrieve SportsV2 (Error: The operation has
timed out)

[ System Events ]
Error - 6/11/2013 5:52:48 PM | Computer Name = nancy-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Service
Sendori service to connect.

Error - 6/11/2013 5:52:48 PM | Computer Name = nancy-PC | Source = Service Control Manager | ID = 7000
Description = The Service Sendori service failed to start due to the following error:
%%1053

Error - 6/11/2013 5:56:11 PM | Computer Name = nancy-PC | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 6/11/2013 5:56:11 PM | Computer Name = nancy-PC | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 6/11/2013 10:24:12 PM | Computer Name = nancy-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HPWMISVC service.

Error - 6/11/2013 10:27:34 PM | Computer Name = nancy-PC | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 6/11/2013 10:27:34 PM | Computer Name = nancy-PC | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 6/12/2013 9:26:40 AM | Computer Name = nancy-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HPWMISVC service.

Error - 6/12/2013 9:30:22 AM | Computer Name = nancy-PC | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 6/12/2013 9:30:23 AM | Computer Name = nancy-PC | Source = WMPNetworkSvc | ID = 866306
Description =

< End of report >

#2
Phel

Posted 12 June 2013 - 09:41 AM

Trusted Helper

Malware Removal
1,386 posts

Hello, mugrage and welcome to GeeksToGo!

You can call me Phel and today I will try to help you with your trouble.

Please, read these instructions carefully, because they contain some very useful information.

Please, let me know, if you don't understand something. It is really important to understand any instruction. Also, please read all instructions carefully before performing them. Feel free to ask questions, if you aren't sure.

Please, be patient. You should stay here until your computer will become really clean. Malware Removal isn't very fast procedure, it usually has multiple steps, but result should be glad.

Please, wait for a while now, currently I'm analyzing your logs. Please note, that my answers could come with a slight delay, because they are checked by my teacher.

#3
Phel

Posted 12 June 2013 - 02:29 PM

Trusted Helper

Malware Removal
1,386 posts

Please, follow these steps:

Step 1. Uninstalling programs.

Open Start menu.
Click on Control Panel.
Click on Programs and Features. New window should appear.
Uninstall these programs one by one, selecting each program and clicking Uninstall button.

Programs to uninstall:

Yontoo 1.10.02
Funmoods
FLV Runner B Toolbar
Search Protect by conduit
InboxDollars
Sendori
OI App Manager

Step 2. AdwCleaner scan.

Please, download AdwCleaner from here to your Desktop.
Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
Adwcleaner window should appear.
Click on the Delete button.
Click on OK.
Computer will be rebooted automatically, when program will finish it's job.
After fix Notepad window with report should appear. Post the contents of the report in your next message.

Step 3. Changing Chrome Search provider and Homepage.

Your current Chrome Search provider and Homepage are malicious.

Please, follow this instruction and set your Search provider to www.google.com or to something else, what you you want. For Home page, please, follow this instruction.

Step 4. Uninstall Chrome extensions.

Launch your Google Chrome browser.
In the address bar type the following:

chrome:extensions
Extension list will appear.
Find there Smiley Bar for Facebook and Wajam extensions.
Click on the recycle bin icon near them (uninstall them).
Restart your browser.

Step 5. OTL fix.

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
SRV - [2013/05/21 17:50:44 | 003,623,200 | ---- | M] (Sendori) [Auto | Running] -- C:\Program Files (x86)\Sendori\sndappv2.exe -- (sndappv2)
SRV - [2013/05/21 17:50:44 | 000,119,072 | ---- | M] (Sendori, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sendori\SendoriSvc.exe -- (Application Sendori)
SRV - [2013/05/21 17:50:44 | 000,019,744 | ---- | M] (sendori) [Auto | Running] -- C:\Program Files (x86)\Sendori\Sendori.Service.exe -- (Service Sendori)
SRV - [2013/01/26 09:55:57 | 000,685,856 | ---- | M] () [Auto | Running] -- C:\ProgramData\IBUpdaterService\ibsvc.exe -- (IBUpdaterService)
SRV - [2012/07/26 13:46:48 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2013/05/07 23:18:34 | 000,097,056 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchfunmood...yE&cr=390514933
IE - HKLM\..\URLSearchHook: {6ec5b552-6d23-4e05-a153-32aa26f7d9e8} - C:\Program Files (x86)\FLV_Runner_B\prxtbFLV_.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes\{5BC0D922-CCD0-459A-9E4A-13D2D9BCA1D4}: "URL" = http://www.inboxdoll...q={searchTerms}
IE - HKCU\..\SearchScopes\{E58203D6-FF6E-47A0-905F-4428C30B15E0}: "URL" = http://search.condui...UM=2&SSPV=TB_C5
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\statuswinks@StatusWinks: C:\Users\nancy\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2013/01/26 09:59:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\statuswinks@StatusWinks: C:\Users\nancy\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2013/01/26 09:59:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\nancy\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/01/26 09:59:33 | 000,000,000 | ---D | M]
[2013/01/26 09:59:33 | 000,000,000 | ---D | M] (Special Savings) -- C:\Users\nancy\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/01/26 09:59:03 | 000,000,000 | ---D | M] (Smiley Bar for Facebook) -- C:\Users\nancy\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
O2 - BHO: (MyPoints Point Finder BHO) - {614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A} - C:\Program Files (x86)\MyPoints Point Finder\Toolbar.dll ()
O2 - BHO: (FLV Runner B Toolbar) - {6ec5b552-6d23-4e05-a153-32aa26f7d9e8} - C:\Program Files (x86)\FLV_Runner_B\prxtbFLV_.dll (Conduit Ltd.)
O2 - BHO: (InboxDollars BHO) - {6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4} - C:\Program Files (x86)\InboxDollars\Toolbar.dll ()
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (InboxDollars BHO) - {ACE8B0DF-127A-C054-117D-816951AE85BC} - C:\Program Files (x86)\InboxDollars\Toolbar.dll ()
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (InboxDollars) - {3FABEEE8-9237-CDE4-D1F2-6648F4D1C386} - C:\Program Files (x86)\InboxDollars\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (InboxDollars) - {47980628-3844-42AA-A0DD-E2D86BBA9600} - C:\Program Files (x86)\InboxDollars\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (FLV Runner B Toolbar) - {6ec5b552-6d23-4e05-a153-32aa26f7d9e8} - C:\Program Files (x86)\FLV_Runner_B\prxtbFLV_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files (x86)\MyPoints Point Finder\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods)
O3 - HKCU\..\Toolbar\WebBrowser: (InboxDollars) - {3FABEEE8-9237-CDE4-D1F2-6648F4D1C386} - C:\Program Files (x86)\InboxDollars\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (InboxDollars) - {47980628-3844-42AA-A0DD-E2D86BBA9600} - C:\Program Files (x86)\InboxDollars\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (FLV Runner B Toolbar) - {6EC5B552-6D23-4E05-A153-32AA26F7D9E8} - C:\Program Files (x86)\FLV_Runner_B\prxtbFLV_.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files (x86)\MyPoints Point Finder\Toolbar.dll ()
O4 - HKCU..\Run: [SearchProtect] C:\Users\nancy\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKLM..\Run: [Sendori Tray] C:\Program Files (x86)\Sendori\SendoriTray.exe (Sendori, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\Sendori.dll (Sendori)
[2013/06/11 14:27:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OI App Manager
[2013/06/11 14:27:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileOpenerPro
[2013/06/11 14:27:39 | 000,000,000 | ---D | C] -- C:\Users\nancy\AppData\Local\SwvUpdater
[2013/06/11 14:26:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/06/11 14:26:51 | 000,000,000 | ---D | C] -- C:\Users\nancy\AppData\Roaming\SearchProtect
[2013/06/11 14:26:50 | 000,000,000 | ---D | C] -- C:\Users\nancy\AppData\Local\CRE
[2013/06/11 14:27:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OI App Manager
[2013/06/11 14:27:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileOpenerPro
[2013/06/11 14:27:39 | 000,000,000 | ---D | C] -- C:\Users\nancy\AppData\Local\SwvUpdater
[2013/03/19 09:34:16 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Fighters
[2013/06/11 14:32:26 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\SearchProtect
[2013/01/26 09:59:33 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\SpecialSavings
[2013/01/26 09:59:02 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\StatusWinks
[2013/01/26 09:58:13 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Babylon
@Alternate Data Stream - 181 bytes -> C:\ProgramData\Temp:0B4227B4

:Reg
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3D2B2474-A484-40A1-92D0-0451108D8D50}]
NameServer="68.115.71.53,68.113.206.10,66.189.0.100"

:Files
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#4
Essexboy

Posted 29 June 2013 - 10:41 AM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.