Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

AVG Whole PC Scan - Freezes (Won't Complete)

AVG Whole PC Scan Freezing

  • Please log in to reply

#1
anseladams

anseladams

    Member

  • Member
  • PipPip
  • 11 posts

Help please.  PC recently had a Poweliks infection (I worked with RKinner to remove).  Everything working fine except AVG.  Antivirus won't complete a whole computer scan - it freezes at 28% and I have to ALT-CTRL-DEL to stop.  Updates are no problem, it's just the whole computer scan where things hang-up.  Malwarebytes will scan OK; did not detect anything.

 

I then ran the AVG scan in Safe Mode which produced this (again, scan would not complete):

Found registry key that prevents file SVCHOST.EXE from running: HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{8b104b

 

Attached is the OTL log.  Thoughts?

 

 

OTL logfile created on: 2/15/2015 4:27:37 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Thackers\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17633)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.75 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 50.64% Memory free
7.50 Gb Paging File | 5.69 Gb Available in Paging File | 75.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.08 Gb Total Space | 401.18 Gb Free Space | 89.53% Space Free | Partition Type: NTFS
 
Computer Name: THACKERS-PC | User Name: Thackers | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/02/15 16:27:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thackers\Downloads\OTL.exe
PRC - [2015/01/23 05:37:03 | 000,338,032 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2015/01/06 21:58:48 | 003,440,080 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
PRC - [2015/01/06 21:57:06 | 003,674,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgui.exe
PRC - [2015/01/06 21:49:50 | 000,309,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
PRC - [2014/12/03 01:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/02/19 21:32:20 | 001,259,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/11/08 10:55:40 | 000,898,952 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
PRC - [2011/11/03 13:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/01/31 15:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
PRC - [2011/01/26 19:48:52 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/01/18 20:08:08 | 000,620,136 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/01/23 05:37:32 | 003,925,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2012/11/08 10:56:00 | 000,178,056 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
MOD - [2012/11/08 10:56:00 | 000,034,184 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
MOD - [2012/11/08 10:55:58 | 000,149,384 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
MOD - [2012/11/08 10:55:54 | 000,014,728 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
MOD - [2012/11/08 10:55:52 | 000,024,456 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
MOD - [2012/11/08 10:55:52 | 000,015,752 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
MOD - [2012/11/08 10:55:50 | 000,039,816 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
MOD - [2012/11/08 10:55:50 | 000,016,776 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
MOD - [2012/11/08 10:55:48 | 000,239,496 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
MOD - [2012/11/08 10:55:48 | 000,026,504 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
MOD - [2012/11/08 10:55:46 | 000,124,808 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
MOD - [2012/11/08 10:55:44 | 000,092,040 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
MOD - [2012/11/08 10:55:42 | 000,018,312 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
MOD - [2012/11/08 10:54:34 | 000,880,640 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
MOD - [2012/10/23 21:58:36 | 000,798,720 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
MOD - [2011/01/18 20:08:08 | 000,620,136 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
MOD - [2011/01/18 20:08:04 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyHook.dll
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2015/01/11 21:34:30 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/01/31 15:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2009/08/10 18:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2009/08/10 18:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2015/02/04 16:50:39 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/01/23 05:37:25 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/01/06 21:58:48 | 003,440,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2015/01/06 21:49:50 | 000,309,232 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe -- (avgwd)
SRV - [2014/12/03 01:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/04/11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/02/19 21:32:20 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/23 22:02:00 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2011/11/03 13:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/01/26 19:48:52 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/12/08 21:24:26 | 000,260,888 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014/11/18 21:42:04 | 000,203,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014/10/10 15:14:32 | 000,274,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2014/10/05 20:41:40 | 000,124,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014/08/28 20:47:24 | 000,243,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014/07/18 14:53:26 | 000,313,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014/06/18 20:03:34 | 000,153,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014/06/18 20:03:20 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/30 06:05:55 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/08/12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg.com/search?cid={597162E8-1F5F-42EE-BB41-5BAD7F257C0D}&mid=83c377d0028747d18b4b294607c40ae5-a3834a4881403bc714854ecdddc9fe69a0ad2753&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-11-04 22:58:56&v=17.0.1.12&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.highlightCount: 0
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\Thackers\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF - HKCU\Software\MozillaPlugins\revtrax.com/RevTraxPrintMyCoupon: C:\Users\Thackers\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll (RevTrax)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2015/02/08 16:50:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thackers\AppData\Roaming\Mozilla\Extensions
[2015/02/08 17:15:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thackers\AppData\Roaming\Mozilla\Firefox\Profiles\jnjyndog.default\extensions
[2015/02/08 16:48:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/02/08 16:48:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2015/02/08 02:20:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2015\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKCU..\RunOnce: [Adobe Speed Launcher] 1424035075 File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF5734B3-C8D3-4EC6-863D-6B90B39F75E0}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/02/15 09:15:46 | 000,000,000 | ---D | C] -- C:\Users\Thackers\Documents\Scanned Documents
[2015/02/08 18:38:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2015/02/08 18:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
[2015/02/08 18:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Foolish IT
[2015/02/08 18:07:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foolish IT
[2015/02/08 17:38:29 | 000,000,000 | ---D | C] -- C:\Users\Thackers\AppData\Roaming\CrystalIdea Software
[2015/02/08 17:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2015/02/08 17:20:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2015/02/08 16:49:00 | 000,000,000 | ---D | C] -- C:\Users\Thackers\AppData\Roaming\Mozilla
[2015/02/08 16:49:00 | 000,000,000 | ---D | C] -- C:\Users\Thackers\AppData\Local\Mozilla
[2015/02/08 16:48:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2015/02/08 16:48:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2015/02/08 16:48:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015/02/08 15:22:11 | 000,000,000 | ---D | C] -- C:\Users\Thackers\AppData\Roaming\AVG2015
[2015/02/08 15:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2015/02/08 15:21:04 | 000,000,000 | -H-D | C] -- C:\$AVG
[2015/02/08 15:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2015
[2015/02/08 15:17:17 | 000,000,000 | ---D | C] -- C:\Users\Thackers\AppData\Local\MFAData
[2015/02/08 15:17:17 | 000,000,000 | ---D | C] -- C:\Users\Thackers\AppData\Local\Avg2015
[2015/02/08 09:52:26 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2015/02/08 02:22:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2015/02/08 02:22:30 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2015/02/08 01:29:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2015/02/08 01:29:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2015/02/03 22:54:51 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/02/03 22:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/02/03 22:53:07 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/02/03 22:53:07 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015/02/03 22:53:06 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2015/02/03 22:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/02/03 22:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/02/03 22:41:30 | 000,000,000 | ---D | C] -- C:\Users\Thackers\AppData\Local\Programs
[2015/02/03 15:20:04 | 000,000,000 | ---D | C] -- C:\Users\Thackers\AppData\Roaming\TuneUp Software
 
========== Files - Modified Within 30 Days ==========
 
[2015/02/15 16:24:52 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/02/15 16:24:52 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/02/15 16:17:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/02/15 16:17:09 | 3019,399,168 | -HS- | M] () -- C:\hiberfil.sys
[2015/02/15 15:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/02/15 09:02:36 | 000,357,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/02/14 23:12:06 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/02/08 18:23:00 | 000,774,632 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2015/02/08 18:23:00 | 000,662,400 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/02/08 18:23:00 | 000,122,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/02/08 18:22:51 | 000,774,632 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/02/08 18:07:18 | 000,053,248 | ---- | M] () -- C:\Windows\SysWow64\zlib.dll
[2015/02/08 18:07:18 | 000,001,185 | ---- | M] () -- C:\Users\Public\Desktop\CryptoPrevent.lnk
[2015/02/08 17:20:44 | 000,001,991 | ---- | M] () -- C:\Users\Thackers\Desktop\FileHippo App Manager.lnk
[2015/02/08 16:48:54 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015/02/08 15:21:26 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2015.lnk
[2015/02/08 02:20:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2015/02/03 22:53:45 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
 
========== Files Created - No Company Name ==========
 
[2015/02/08 18:39:07 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2015/02/08 18:07:18 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2015/02/08 18:07:18 | 000,001,185 | ---- | C] () -- C:\Users\Public\Desktop\CryptoPrevent.lnk
[2015/02/08 17:20:44 | 000,002,021 | ---- | C] () -- C:\Users\Thackers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk
[2015/02/08 17:20:44 | 000,001,991 | ---- | C] () -- C:\Users\Thackers\Desktop\FileHippo App Manager.lnk
[2015/02/08 16:48:54 | 000,001,132 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2015/02/08 16:48:54 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015/02/08 15:21:26 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2015.lnk
[2015/02/03 22:53:45 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/24 23:18:13 | 000,774,632 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2015/02/08 15:22:11 | 000,000,000 | ---D | M] -- C:\Users\Thackers\AppData\Roaming\AVG2015
[2013/05/22 19:55:21 | 000,000,000 | ---D | M] -- C:\Users\Thackers\AppData\Roaming\Catalina – Print Savings
[2015/02/03 14:51:37 | 000,000,000 | ---D | M] -- C:\Users\Thackers\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2015/02/08 17:38:29 | 000,000,000 | ---D | M] -- C:\Users\Thackers\AppData\Roaming\CrystalIdea Software
[2011/11/11 10:17:29 | 000,000,000 | ---D | M] -- C:\Users\Thackers\AppData\Roaming\OEM
[2015/01/10 14:37:21 | 000,000,000 | ---D | M] -- C:\Users\Thackers\AppData\Roaming\RevTrax
[2015/02/03 15:20:04 | 000,000,000 | ---D | M] -- C:\Users\Thackers\AppData\Roaming\TuneUp Software
[2012/02/20 20:45:26 | 000,000,000 | ---D | M] -- C:\Users\Thackers\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,647 posts
  • MVP

Copy the next 2 lines:

reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths" /s > \junk.txt
notepad \junk.txt
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply or if it's too much you can just attach the file c:\junk.txt to a reply.

  • 0

#3
anseladams

anseladams

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Good evening, RKinner.  My apologies for the delayed response (PC is at my parents home so I am not here everyday).  Attached is the notepad text, as requested.  I hope it will provide a clue on why AVG is unable to complete a whole computer scan.

 

As always, thank you for all that you do...

 

 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{02ba5e2c-a190-4333-8e01-23bb71fffe47}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %userprofile%\*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{03bb04b4-378f-41fd-bac1-0444dcd584ab}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.wav*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{05fe4557-63e8-459b-a834-5c779e28decd}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.docx*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{07009bfe-899d-4de2-8da7-380bd198c33f}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.gif*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{0b841c43-4a21-420b-8a8f-315df9703da5}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    C:\Users\*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{0bc3c6e0-c9b4-40f6-853d-28a976cf7bbc}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{0c298423-909f-401a-bc67-f45b0f573be2}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.bmp*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{0ea21ca7-7415-4fa9-af8b-e6bf0e475127}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.mp4*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{0f7eb46d-63ae-4054-af3e-7d51c61f7764}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %appdata%\*\*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{0fa415c3-2110-44b5-9858-b819cb88a811}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %userprofile%\AppData\*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{121fa64a-f78c-4b1b-aa81-d706b01754a4}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.7z*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{12f8a319-01af-41d8-a988-935b2be0b6aa}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.divx*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{13d72700-53eb-48ba-a8b3-997ce999c486}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    vssadmin.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{1444ba40-51cf-4858-8bd0-1c8f171ab1dd}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %userprofile%\AppData\*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{14b5147d-fdcc-438c-8be3-cd7298fff8cd}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.txt*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{174cbf3e-d23e-440d-b44a-0afa47855ec8}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %userprofile%\AppData\Roaming\*\*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{196c4b92-2789-43d6-85fc-0da8bcb6201f}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.xls*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{198e8bf2-7aa6-4e9e-bd06-f99d03521cba}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %programdata%\*\svchost.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{1ba15532-4004-4d96-a124-4bfaa12db8f8}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.xlsx*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{1bc8f13d-fe87-4b76-93a4-4ce6107a5ad0}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.divx*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{1bdea445-8862-4504-aa72-b0ba036cf2c0}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.xls*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{215f1b8b-ff36-4854-8fe7-3b1c3077b9b9}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.pptx*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{22211a9b-49e0-4265-a644-95d1e28baaae}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.xlsx*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{2314cae7-77f7-4a1b-85b6-0238a7c2ef8c}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %allusersprofile%\*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{23628963-6126-4e31-b31e-0f113a6c0b1c}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{25f1c417-6e83-4c25-9419-8b76f754347d}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.7z*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{26fb8228-ab0b-4be1-9aa4-2e2e1e2a4e58}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %userprofile%\*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{2b873b9f-60a2-4892-b4bd-465f96bffc76}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %userprofile%\AppData\Roaming\*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{2bdd9440-4034-4834-96a5-496c5d16c42a}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.jpg*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{2c27091d-f84a-4f85-b575-f41dfb83ebcf}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.txt*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{2ce7b00a-00f4-4088-b329-94e29f901a8c}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.wav*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{2e3b1e41-f77f-4af1-9446-8253c63cfa42}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.wmv*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{2fa4ff42-124e-40da-9d5b-2d50712b0cbd}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.doc*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{31aad2a7-3005-4c60-9d6a-2d4f84e9f127}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %userprofile%\*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{32f66f99-739f-4837-aafe-59eed24ecac0}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    lsassvrtdbks.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{39651882-e90f-4dcf-9eb9-ef2f3bab84ac}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.wmv*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{3c383765-c31e-4db8-9501-ed910aa6d76a}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{3d2f1182-d229-4515-993f-2d882aea47a1}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %userprofile%\AppData\Local\*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{427c8ecd-c06d-43b5-9618-cfecc5c0149c}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.jpg*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{45b973e3-f1b5-4dc9-9d48-170866714364}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.png*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{45ee9c32-175a-4f35-b375-ff979a96d60e}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %allusersprofile%\*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{47b8f7ad-2342-4de8-afad-466a689e2f41}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.rar*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{48b7a7b1-46e0-4bc3-bd8a-b2a0df875dec}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %appdata%\*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{49038475-26f9-4c3c-adca-730db06a7d98}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.avi*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{4966da37-3496-49d1-97a5-17c669a7051c}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.bmp*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{49eac174-f3aa-4ac9-a5b2-dae77a8ef7a5}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    cipher.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{4b88324b-bed5-4f23-8565-c372afad1905}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.rtf*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{4f884394-5f7c-4457-9c6d-1f8719991046}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.rtf*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{50764221-d9fc-4754-bf2b-5bbd40f4bead}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %userprofile%\AppData\LocalLow\*\*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{5351da54-2c69-43dc-a003-d13016d29d50}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.png*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{58505025-f2a5-4738-a9aa-ab0aeee6cbaf}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.rar*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{5aadd635-a13b-44fd-9d25-dcc50bf6e723}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.zip*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{5aff0dc5-92b6-4314-a612-3db454db3b24}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %userprofile%\AppData\Roaming\*\*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{5c13c58c-7412-49c3-bf0a-3d3a5a13637c}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.doc*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{5efa506d-efd9-4762-af2a-27b269682eae}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.zip*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{5f881fbb-7d16-4145-88ec-a05e83822890}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.jpeg*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{60a57e25-e4de-4061-a06b-1500bf99c217}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.pub*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{61011cd0-262a-4c97-9f5c-c4428a12715e}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.pptx*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{6127388c-75a2-41fb-9ca3-304c9d50536f}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.bmp*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{61dff179-f7ca-43ff-b5d5-9e10ec77ae9a}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.pptx*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{62336d0b-c5de-4148-ac4d-e6d49bb9e367}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.pub*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{64d8df90-a0c8-462b-9104-82df5fcd17a8}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    C:\Users\*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{66e8b0da-6cdb-422d-80fc-d9baec23eea5}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{67ec4f8a-41a0-4656-9577-46ccf202d1db}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.rar*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{6821ab4d-dbf5-4c79-8ce6-b4e25a0363ac}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.doc*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{68b31cec-f578-48e5-9828-50c8d0f6d61e}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.xls*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{69a91f50-6660-4b38-b938-7821d50fb492}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.wma*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{6a31ffe7-0ad9-4481-9606-182c8a09c8c5}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.docx*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{6b3c7e7c-7d39-46d6-93a8-bcd9787528c4}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %userprofile%\AppData\Roaming\*\*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{6c05a13d-159b-465d-8d27-c01864fd3961}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.gif*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{6c8d69a1-ddf5-4a69-95b9-d9ce5eaa7792}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.avi*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{6d6b9889-662a-453e-8a3e-31668025d1be}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_SZ    *?*

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{720a81c4-807e-4981-a64c-263a974a77e4}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %appdata%\*\*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{724d47a1-3725-4324-a2a4-65579d7344db}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    C:\Users\*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{74f35fd2-5402-4133-98c7-20dcbe370b2c}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.rar*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{750e2d27-2faf-4ee6-85c2-458c93017ae1}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.mp3*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{76688879-2ed9-47a4-8be0-f72d078cc08c}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.wma*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{77f82a4d-fb7c-4623-9e6e-aa3df5018d6e}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.avi*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{79049e5c-8004-4898-aca9-0010feaaf83c}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %userprofile%\AppData\LocalLow\*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{797fb408-f024-4522-9adc-d15439acfa22}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %userprofile%\AppData\Local\*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{7c8d20fc-39fc-4704-9f1c-bb0d2b84e53f}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %appdata%\*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{817c1b2d-cc77-4e0f-a135-f0ff2503c978}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.jpg*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{825f39af-c983-42ad-8f35-cfb0d56b00d2}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.mp3*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{84171b29-696c-4734-b0af-5131cbbf6d65}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.pub*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{84450016-b0b4-4e8c-8f3e-c7f5551fe781}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.zip*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{84d5c9b4-5034-422d-be35-954e873e7d69}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.xlsx*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{84e14385-f64b-4a04-9653-4c387a40aedb}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %userprofile%\AppData\LocalLow\*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{859fceb3-c7d6-4c67-b6d2-98cdc1e9c7e2}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    syskey.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{88425874-cb30-4c32-a960-2e1af45c1013}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.mp3*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{8a735a09-f5dd-4bf9-bb61-3138cd0c52d6}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %allusersprofile%\*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{8b104b72-f87c-4c5a-a484-c8423e289e78}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *:\$Recycle.Bin

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{8b484e21-7e40-454b-bc5e-b94353d81633}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %appdata%\*\*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{8e0692e9-f198-45a5-9042-a2d8596183de}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.bmp*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{8e27d3fa-efe0-48a1-b90c-ceb0570a1d2f}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.mp4*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{90201b50-bb48-4ec5-9123-ced2e36f1ae2}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.pdf*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{9093a7b5-4ea8-47e5-abb6-86c3673a8b18}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.png*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{928bd6f5-c931-4432-8254-196e565786b8}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.docx*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{92af9311-a7a2-49e7-80b6-56d6c2127b09}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %userprofile%\AppData\LocalLow\*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{983f13ab-fd18-4e87-a946-03b90aeef591}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %userprofile%\AppData\LocalLow\*\*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{9e4c4597-eb4d-4040-a326-496f8e8cabda}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.mp3*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{a290a558-65d9-418d-a941-bb3956274fea}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.wma*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{a3612cfd-edec-409a-b3bf-54fe33615dc8}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{a7e41313-720c-400c-a2f0-aba17d651e31}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.divx*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{a8477058-a4ea-4c89-87ce-faae5d20dae8}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    scsvserv.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{aa97259e-8e70-4753-935a-64bda894de70}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.xls*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{ae37be93-ff3b-4d29-bd24-5068c872158e}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.jpg*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{b039635e-dd65-4cd9-99aa-26fc3cfd92ea}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.pptx*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{b2b611ee-f9d8-4124-8ba3-9db2449531d3}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.rtf*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{b3ef59f9-fedd-432e-8ec3-a7e1203a2537}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.ppt*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{b47821d8-b27a-47c5-81b4-c695b1cd7b67}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.rtf*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{b82c3a44-973f-46bb-895c-9d0986c5f86c}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %userprofile%\AppData\LocalLow\*\*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{b8c96348-6401-484d-9775-e4323133b01f}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.ppt*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{ba0d3d15-37d4-42d6-88b2-04a856dd6d4e}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.wav*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{ba584085-a2a6-470e-bfac-77bd347fbd70}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.mp4*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{be4aac31-8435-45ec-a19b-4f51c517fbd6}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.pdf*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{bfaa8e9a-f883-4ecd-9aa7-14e706dcd526}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %userprofile%\AppData\Roaming\*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{c154b67e-2243-49c9-8101-526e67c04a8c}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.wma*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{c3a42fe4-1984-4185-a505-f776c7140f85}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.docx*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{c4486f58-be64-4db9-bbff-8d902c298058}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %appdata%\*\*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{c50d3752-f053-4663-8d95-0c78d6ecc262}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.pdf*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{c5885b78-286f-419d-ba40-7db5037249e4}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.zip*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{c5a4159b-0d62-4ace-9bfe-bcb22e2286c1}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.divx*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{c695b47a-3629-45fc-926f-7c8efbee1a65}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.jpeg*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{c7ce9d89-e95a-4f03-8143-0d34fd662240}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.pdf*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{c7e21080-2164-4937-b0bd-df4308664720}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.ppt*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{c91699cd-d248-49b3-a9f7-abbf0cb42097}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %appdata%\*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{c9dd8e58-572c-4a31-b5ea-66288b355f2a}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.ppt*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{cb3ac033-46a6-4ae5-9c94-43bab836a0c4}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %userprofile%\AppData\Roaming\*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{ccc821cb-9ea4-46ae-8233-a6b0f0a377e8}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.pub*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{d1f863b4-732b-49a5-9bea-a4ed0b45e966}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %userprofile%\AppData\Roaming\*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{d2bdc98a-85a6-4550-9845-87d8b3abe57f}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.wav*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{d7ce22e9-7ac7-4754-bb05-5c85e659b70e}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %userprofile%\AppData\*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{daadf438-365a-44ad-88a3-5af3dcdadd2d}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %systemdrive%\*\svchost.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{db1335b7-2dca-430d-8c02-92c864b34317}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %userprofile%\AppData\Local\*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{db2863f0-cd0d-4f61-abc3-819932bc6d10}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.txt*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{de4b0930-1d7e-4ad8-8749-11b6985fe817}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.avi*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{df224972-5270-4a20-8777-7b2ec770912c}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %userprofile%\AppData\*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{dfa890a0-9d19-4129-aefb-f966dbbed2a2}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.png*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{e0626f4c-83e7-4118-8474-01538e64eaf9}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    lsassw86s.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{e0d2105a-b765-4efd-8829-d7885ed98673}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.xlsx*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{e0e9ff25-57bd-4f1d-86f7-3ad355850d0c}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.7z*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{e62d06f3-582d-46dd-ba59-afdec23a2238}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.7z*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{e72e4913-03ef-4870-a784-af959f4f629f}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %userprofile%\*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{e9dac45f-75d7-43b3-9f8e-23c8ef6b484d}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.wmv*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{eb96f0c0-7783-48f0-ac26-3b4b536dfa3f}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %userprofile%\AppData\Roaming\*\*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{ec2917d2-c397-40eb-8c35-c7c7b4188b31}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{ed04810f-7828-4102-9d17-d93236fe9f52}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %allusersprofile%\*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{ed709cbb-7988-4edd-9ee2-40df00222c53}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %userprofile%\AppData\LocalLow\*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{efb20439-f022-4280-bc18-7229457a3a33}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %userprofile%\AppData\Local\*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{f106b654-d03a-4ece-b8e3-69c43fe9df9c}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.gif*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{f107525c-da1b-4ef7-b7fc-a11eef1ccf93}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.mp4*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{f1d851a2-3a6c-4714-88f6-a81d9f10f826}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{f274a7fa-fd81-4337-b862-056133a44c83}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %appdata%\*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{f625970c-8ed8-4b02-9124-5ae81fb04a62}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.jpeg*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{f64dad20-e869-4dc8-8970-2ddf4cc4a189}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.gif*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{f71ff81d-6a30-4ddb-b311-701d7d18fa6d}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %userprofile%\AppData\LocalLow\*\*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{f79200a7-02b5-4f87-b6ef-5d4f6cb797ad}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.wmv*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{f99ea6f6-b14b-4823-9288-af557ef83caf}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %programfiles(x86)%\*\svchost.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{faa82045-cb18-4baa-9090-e3d41067110d}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.doc*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{fc0bd973-92b7-496a-92c1-3fd13ccb35e4}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.txt*.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{fc1dae9d-cdf7-4beb-8784-06a57c993afc}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    *.jpeg*.scr

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{fc786ae5-6c42-4c5e-a3f6-ac2ad21cf1de}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{ff57ef85-5c49-4659-bf6d-b36c4f1a76e8}
    Description    REG_SZ    CryptoLocker Prevention
    SaferFlags    REG_DWORD    0x0
    ItemData    REG_EXPAND_SZ    %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif
 


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,647 posts
  • MVP

No problems with delays.  I do not keep track.

 

The PC has  CryptoLocker Prevention installed:  

 

I recommend a similar product in my "goodbye" package: 

 



Due to a recent rise in the number of Cryptolocker infections I am now recommending you install:
 
CryptoPrevent
 
 
The free version does not update on its own so you should check for updated versions once in a while.

 

 

 
Mine can be uninstalled the usual way.  Don't know about yours.  If it doesn't show in the uninstall list  we can remove it fairly easily.  It should show up in a FRST scan:
 

 
Please download Farbar Recovery Scan Tool and save it to your Desktop. 
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
 
  •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • click on the Addition.txt box. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste that log back here and also the second log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  

    • 0

    #5
    anseladams

    anseladams

      Member

    • Topic Starter
    • Member
    • PipPip
    • 11 posts

    Yes - CryptoLocker was installed per your goodbye instructions during our Poweliks exchange.  Not sure I'm clear on the uninstall (are you saying it is incompatible with AVG)?

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2015 01
    Ran by Thackers (administrator) on THACKERS-PC on 07-03-2015 22:53:18
    Running from C:\Users\Thackers\Desktop
    Loaded Profiles: Thackers & UpdatusUser (Available profiles: Thackers & UpdatusUser)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
    () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    (Acer Incorporated) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    () C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060320 2010-02-09] (Realtek Semiconductor)
    HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [620136 2011-01-18] ()
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [898952 2012-11-08] (Sony Corporation)
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3710416 2015-02-19] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
    HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: ** <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
    HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
    HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKU\S-1-5-21-1853160511-3213668173-3947774843-1000\...\RunOnce: [Adobe Speed Launcher] => 1425781844
    HKU\S-1-5-21-1853160511-3213668173-3947774843-1003\...\RunOnce: [ScrSav] => C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [154144 2010-07-29] ()
    HKU\S-1-5-21-1853160511-3213668173-3947774843-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\eMachines.scr [456224 2010-07-29] ()

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1853160511-3213668173-3947774843-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
    HKU\S-1-5-21-1853160511-3213668173-3947774843-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1853160511-3213668173-3947774843-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1853160511-3213668173-3947774843-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1853160511-3213668173-3947774843-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={597162E8-1F5F-42EE-BB41-5BAD7F257C0D}&mid=83c377d0028747d18b4b294607c40ae5-a3834a4881403bc714854ecdddc9fe69a0ad2753&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-11-04 22:58:56&v=17.0.1.12&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Thackers\AppData\Roaming\Mozilla\Firefox\Profiles\jnjyndog.default
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-01-26] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-01-26] (NVIDIA Corporation)
    FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2012-11-08] (Sony Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1853160511-3213668173-3947774843-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Thackers\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [2013-02-14] (Catalina Marketing Corporation)
    FF Plugin HKU\S-1-5-21-1853160511-3213668173-3947774843-1000: revtrax.com/RevTraxPrintMyCoupon -> C:\Users\Thackers\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll [2014-10-15] (RevTrax)

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-19] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-19] (AVG Technologies CZ, s.r.o.)
    R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()
    R2 Live Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [244624 2011-01-31] (Acer Incorporated)
    R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()
    S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2012-10-23] (Sony Corporation) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [270816 2015-02-19] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-01-23] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [284128 2015-01-16] (AVG Technologies CZ, s.r.o.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-07 22:53 - 2015-03-07 22:53 - 00024297 _____ () C:\Users\Thackers\Desktop\FRST.txt
    2015-03-07 22:52 - 2015-03-07 22:53 - 00000000 ____D () C:\FRST
    2015-03-07 22:50 - 2015-03-07 22:50 - 02094592 _____ (Farbar) C:\Users\Thackers\Desktop\FRST64.exe
    2015-03-07 21:50 - 2015-03-07 21:50 - 00044073 _____ () C:\junk.txt
    2015-02-27 16:32 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
    2015-02-27 16:32 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
    2015-02-27 16:32 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
    2015-02-27 16:32 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
    2015-02-24 18:29 - 2015-01-08 18:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
    2015-02-24 18:29 - 2015-01-08 18:43 - 00419936 _____ () C:\Windows\system32\locale.nls
    2015-02-19 21:26 - 2015-02-19 21:26 - 00270816 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
    2015-02-15 16:34 - 2015-02-15 16:34 - 00050008 _____ () C:\Users\Thackers\Downloads\Extras.Txt
    2015-02-15 16:33 - 2015-02-15 16:33 - 00060352 _____ () C:\Users\Thackers\Downloads\OTL.Txt
    2015-02-15 16:27 - 2015-02-15 16:27 - 00602112 _____ (OldTimer Tools) C:\Users\Thackers\Downloads\OTL.exe
    2015-02-15 14:23 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-02-15 14:23 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-02-15 14:23 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-02-15 14:23 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-02-15 09:45 - 2015-02-15 09:45 - 00018432 ___SH () C:\Users\Thackers\Documents\Thumbs.db
    2015-02-14 20:15 - 2015-02-03 22:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-02-14 20:15 - 2015-02-03 22:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-02-14 20:15 - 2015-02-03 22:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-02-14 20:15 - 2015-02-03 22:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-02-14 20:15 - 2015-02-03 22:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-02-14 20:15 - 2015-02-03 22:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-02-14 20:15 - 2015-02-03 22:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-02-14 20:15 - 2015-01-27 18:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2015-02-14 20:15 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-02-14 20:15 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-02-14 20:15 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-02-14 20:15 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-02-14 20:15 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-02-14 20:15 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-02-14 20:15 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-02-14 20:15 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-02-14 20:15 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-02-14 20:15 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-02-14 20:15 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-02-14 20:15 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-02-14 20:15 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-02-14 20:15 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-02-14 20:14 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-02-14 20:14 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-02-14 20:14 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-02-14 20:14 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-02-14 20:14 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-02-14 20:14 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-02-14 20:14 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-02-14 20:14 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-02-14 20:14 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-02-14 20:14 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-02-14 20:14 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-02-14 20:14 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-02-14 20:14 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-02-14 20:14 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-02-14 20:14 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-02-14 20:14 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-02-14 20:14 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-02-14 20:14 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-02-14 20:14 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-02-14 20:14 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-02-14 20:14 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-02-14 20:14 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-02-14 20:14 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-02-14 20:14 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-02-14 20:14 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-02-14 20:14 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-02-14 20:14 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-02-14 20:14 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-02-14 20:14 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-02-14 20:14 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-02-14 20:14 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-02-14 20:14 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-02-14 20:14 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-02-14 20:14 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-02-14 20:14 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-02-14 20:14 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-02-14 20:14 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-02-14 20:14 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-02-14 20:14 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-02-14 20:14 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-02-14 20:14 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-02-14 20:14 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-02-14 20:14 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-02-14 20:14 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-02-14 20:14 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-02-14 20:14 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-02-14 20:14 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-02-14 20:14 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-02-14 20:14 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-02-14 20:14 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-02-14 20:14 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-02-14 20:14 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-02-14 20:13 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-02-14 20:13 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-02-14 20:13 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-02-14 20:13 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-02-14 20:13 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-02-14 20:13 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-02-14 20:13 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-02-14 20:13 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-02-14 20:13 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-02-14 20:13 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-02-14 20:13 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-02-14 20:13 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-02-14 20:13 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-02-14 20:13 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-02-14 20:13 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-02-14 20:13 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-02-14 20:13 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-02-14 20:13 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-02-14 20:13 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-02-14 20:13 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-02-14 20:12 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-02-14 20:12 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2015-02-14 20:12 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2015-02-14 20:12 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2015-02-14 20:12 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2015-02-14 20:12 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2015-02-14 20:11 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-02-14 20:10 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2015-02-14 20:10 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2015-02-14 20:10 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2015-02-14 20:10 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
    2015-02-14 20:09 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2015-02-14 20:09 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
    2015-02-14 20:08 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-02-14 20:08 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-02-14 20:08 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-02-14 20:08 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-02-14 20:08 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-02-14 20:08 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-02-14 20:08 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-02-14 20:08 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2015-02-14 20:08 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2015-02-14 20:07 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-02-08 18:39 - 2015-02-08 18:39 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2015-02-08 18:27 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
    2015-02-08 18:27 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
    2015-02-08 18:27 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2015-02-08 18:27 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
    2015-02-08 18:27 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
    2015-02-08 18:27 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
    2015-02-08 18:27 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
    2015-02-08 18:27 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
    2015-02-08 18:27 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
    2015-02-08 18:27 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
    2015-02-08 18:27 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
    2015-02-08 18:27 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2015-02-08 18:27 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
    2015-02-08 18:27 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
    2015-02-08 18:27 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2015-02-08 18:18 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2015-02-08 18:18 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
    2015-02-08 18:18 - 2012-08-23 09:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
    2015-02-08 18:18 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
    2015-02-08 18:18 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
    2015-02-08 18:07 - 2015-02-08 18:07 - 00053248 _____ () C:\Windows\SysWOW64\zlib.dll
    2015-02-08 18:07 - 2015-02-08 18:07 - 00001185 _____ () C:\Users\Public\Desktop\CryptoPrevent.lnk
    2015-02-08 18:07 - 2015-02-08 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
    2015-02-08 18:07 - 2015-02-08 18:07 - 00000000 ____D () C:\ProgramData\Foolish IT
    2015-02-08 18:07 - 2015-02-08 18:07 - 00000000 ____D () C:\Program Files (x86)\Foolish IT
    2015-02-08 17:38 - 2015-02-08 17:38 - 00000000 ____D () C:\Users\Thackers\AppData\Roaming\CrystalIdea Software
    2015-02-08 17:20 - 2015-02-08 17:20 - 00002021 _____ () C:\Users\Thackers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk
    2015-02-08 17:20 - 2015-02-08 17:20 - 00001991 _____ () C:\Users\Thackers\Desktop\FileHippo App Manager.lnk
    2015-02-08 17:20 - 2015-02-08 17:20 - 00000000 ____D () C:\ProgramData\IsolatedStorage
    2015-02-08 17:20 - 2015-02-08 17:20 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
    2015-02-08 16:49 - 2015-02-08 16:50 - 00000000 ____D () C:\Users\Thackers\AppData\Roaming\Mozilla
    2015-02-08 16:49 - 2015-02-08 16:50 - 00000000 ____D () C:\Users\Thackers\AppData\Local\Mozilla
    2015-02-08 16:48 - 2015-02-08 16:48 - 00001132 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-02-08 16:48 - 2015-02-08 16:48 - 00001120 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-02-08 16:48 - 2015-02-08 16:48 - 00000000 ____D () C:\ProgramData\Mozilla
    2015-02-08 16:48 - 2015-02-08 16:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-02-08 16:48 - 2015-02-08 16:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-02-08 15:22 - 2015-02-08 15:22 - 00000000 ____D () C:\Users\Thackers\AppData\Roaming\AVG2015
    2015-02-08 15:21 - 2015-02-27 16:32 - 00000934 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
    2015-02-08 15:21 - 2015-02-27 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2015-02-08 15:21 - 2015-02-15 16:12 - 00000000 ____D () C:\ProgramData\AVG2015
    2015-02-08 15:21 - 2015-02-08 15:21 - 00000000 ___HD () C:\$AVG
    2015-02-08 15:17 - 2015-02-08 18:40 - 00000000 ____D () C:\Users\Thackers\AppData\Local\Avg2015
    2015-02-08 15:17 - 2015-02-08 15:17 - 00000000 ____D () C:\Users\Thackers\AppData\Local\MFAData
    2015-02-08 09:52 - 2015-02-08 09:52 - 00000000 ___HD () C:\Windows\AxInstSV
    2015-02-08 01:29 - 2015-02-15 10:24 - 00000000 ____D () C:\Qoobox
    2015-02-08 01:29 - 2015-02-08 02:21 - 00000000 ____D () C:\Windows\erdnt

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-07 22:47 - 2012-12-28 20:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-03-07 21:37 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-03-07 21:37 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-03-07 21:34 - 2011-11-11 10:44 - 00000000 ____D () C:\ProgramData\MFAData
    2015-03-07 21:33 - 2009-07-07 03:24 - 01326857 _____ () C:\Windows\WindowsUpdate.log
    2015-03-07 21:30 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-03-07 21:30 - 2009-07-13 23:51 - 00086402 _____ () C:\Windows\setupact.log
    2015-03-07 21:30 - 2009-07-07 03:23 - 00000000 ____D () C:\ProgramData\NVIDIA
    2015-03-06 17:19 - 2009-07-13 23:45 - 00357416 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-03-01 16:34 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
    2015-02-15 17:29 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
    2015-02-15 17:28 - 2011-11-11 11:02 - 00000000 ____D () C:\Windows\System32\Tasks\Games
    2015-02-15 10:27 - 2010-11-20 22:47 - 00277982 _____ () C:\Windows\PFRO.log
    2015-02-15 09:18 - 2011-11-20 14:26 - 00000000 ____D () C:\Users\Thackers\Documents\Bob
    2015-02-15 09:14 - 2011-03-31 04:22 - 00000000 ____D () C:\ProgramData\Adobe
    2015-02-15 09:13 - 2011-11-11 10:16 - 00000000 ____D () C:\Users\Thackers\AppData\Roaming\Adobe
    2015-02-15 09:11 - 2011-11-26 19:02 - 00000000 ____D () C:\Users\Thackers\AppData\Local\CrashDumps
    2015-02-15 09:00 - 2014-12-11 17:05 - 00000000 ____D () C:\Windows\system32\appraiser
    2015-02-15 09:00 - 2014-04-29 22:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2015-02-15 00:59 - 2012-06-16 20:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-02-15 00:53 - 2013-08-16 22:16 - 00000000 ____D () C:\Windows\system32\MRT
    2015-02-15 00:50 - 2012-11-23 15:31 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-02-14 23:12 - 2015-02-03 22:54 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-02-08 18:38 - 2011-11-11 10:16 - 00000000 ____D () C:\Users\Thackers\AppData\Local\Adobe
    2015-02-08 18:38 - 2011-03-31 04:22 - 00000000 ____D () C:\Program Files (x86)\Adobe
    2015-02-08 18:31 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-02-08 18:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2015-02-08 18:23 - 2014-02-24 23:18 - 00774632 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2015-02-08 18:22 - 2009-07-14 00:13 - 00774632 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-08 15:20 - 2011-11-11 10:45 - 00000000 ____D () C:\Program Files (x86)\AVG
    2015-02-08 15:12 - 2011-11-11 10:46 - 00000000 ____D () C:\ProgramData\AVG2012
    2015-02-08 15:10 - 2013-09-09 21:34 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
    2015-02-08 14:34 - 2009-07-07 03:36 - 00000000 ____D () C:\Program Files (x86)\Windows Live
    2015-02-08 14:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
    2015-02-08 02:22 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
    2015-02-08 02:20 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini

    Some content of TEMP:
    ====================
    C:\Users\Thackers\AppData\Local\Temp\UNINSTALL.EXE


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-02-15 17:21

    ==================== End Of Log ============================

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-03-2015 01
    Ran by Thackers at 2015-03-07 22:54:16
    Running from C:\Users\Thackers\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: AVG AntiVirus 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG AntiVirus 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
    Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5751 - AVG Technologies)
    AVG 2015 (Version: 15.0.4299 - AVG Technologies) Hidden
    AVG 2015 (Version: 15.0.5751 - AVG Technologies) Hidden
    Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
    Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
    CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
    eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)
    eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0221.2011 - Acer Incorporated)
    eMachines Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3005 - Acer Incorporated)
    FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
    Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3014 - Acer Incorporated)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
    NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.10 - NVIDIA Corporation)
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
    NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7316 - NVIDIA Corporation)
    NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
    NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.6684 - NVIDIA Corporation)
    NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
    Reader for PC (HKLM-x32\...\{BAE1CCA6-AB32-4D27-AE69-203436D54EC8}) (Version: 2.0.01.11080 - Sony Corporation)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6045 - Realtek Semiconductor Corp.)
    RevTraxPrintMyCoupon (HKLM-x32\...\{19E8EBBF-55F3-41FB-AC8E-373BA0436939}) (Version: 1.0.0.0 - RevTrax) <==== ATTENTION
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    TeamViewer 6 (HKLM-x32\...\TeamViewer 6) (Version: 6.0.11656 - TeamViewer GmbH)
    Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
    Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
    Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points  =========================

    08-02-2015 14:25:53 Installed Microsoft Fix it 50688
    08-02-2015 14:31:04 Windows Live Essentials
    08-02-2015 14:31:34 WLSetup
    08-02-2015 15:09:10 Removed AVG 2012
    08-02-2015 15:11:13 Removed AVG 2012
    08-02-2015 15:20:16 Installed AVG 2015
    08-02-2015 15:20:39 Installed AVG 2015
    08-02-2015 16:15:11 OTL Restore Point - 2/8/2015 4:15:10 PM
    08-02-2015 18:17:22 Windows Update
    08-02-2015 18:37:42 Installed Adobe Reader XI.
    15-02-2015 00:48:35 Windows Update
    15-02-2015 15:55:28 Windows Update
    24-02-2015 18:29:38 Windows Update
    27-02-2015 17:15:13 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2015-02-08 02:20 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1       localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0CC30E12-DE7E-4CD8-B035-B2944840A510} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {492E73E7-EE00-4FA3-9E24-16E06D96DF50} - System32\Tasks\eMachines Registration - Reminder Recall task => C:\Program Files (x86)\eMachines\Registration\GREG.exe
    Task: {D0ED809B-7544-4B2B-9438-24CE257EA5FF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
    Task: {E1D13BB9-5632-48F9-B90C-5EDC3C42D73B} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

    ==================== Loaded Modules (whitelisted) ==============

    2013-04-12 23:24 - 2013-01-31 04:25 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2009-08-10 18:01 - 2009-08-10 18:01 - 00626208 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    2009-08-10 18:00 - 2009-08-10 18:00 - 00070176 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
    2009-08-10 18:01 - 2009-08-10 18:01 - 00578592 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
    2009-08-10 18:01 - 2009-08-10 18:01 - 00206880 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    2011-01-18 20:08 - 2011-01-18 20:08 - 00620136 _____ () C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
    2011-01-18 20:08 - 2011-01-18 20:08 - 00151656 _____ () C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyHook.dll
    2012-11-08 10:54 - 2012-11-08 10:54 - 00880640 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
    2012-11-08 10:55 - 2012-11-08 10:55 - 00039816 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
    2012-11-08 10:55 - 2012-11-08 10:55 - 00239496 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
    2012-11-08 10:55 - 2012-11-08 10:55 - 00026504 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
    2012-10-23 21:58 - 2012-10-23 21:58 - 00798720 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
    2012-11-08 10:55 - 2012-11-08 10:55 - 00124808 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
    2012-11-08 10:55 - 2012-11-08 10:55 - 00015752 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
    2012-11-08 10:55 - 2012-11-08 10:55 - 00024456 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
    2012-11-08 10:55 - 2012-11-08 10:55 - 00016776 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
    2012-11-08 10:55 - 2012-11-08 10:55 - 00014728 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
    2012-11-08 10:56 - 2012-11-08 10:56 - 00034184 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
    2012-11-08 10:55 - 2012-11-08 10:55 - 00018312 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
    2012-11-08 10:55 - 2012-11-08 10:55 - 00092040 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
    2012-11-08 10:55 - 2012-11-08 10:55 - 00149384 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
    2012-11-08 10:56 - 2012-11-08 10:56 - 00178056 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
    2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1853160511-3213668173-3947774843-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Thackers\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1853160511-3213668173-3947774843-500 - Administrator - Disabled)
    Guest (S-1-5-21-1853160511-3213668173-3947774843-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1853160511-3213668173-3947774843-1002 - Limited - Enabled)
    Thackers (S-1-5-21-1853160511-3213668173-3947774843-1000 - Administrator - Enabled) => C:\Users\Thackers
    UpdatusUser (S-1-5-21-1853160511-3213668173-3947774843-1003 - Limited - Enabled) => C:\Users\UpdatusUser

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/15/2015 09:11:13 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
    Faulting module name: SHELL32.dll, version: 6.1.7601.18517, time stamp: 0x53aa2e07
    Exception code: 0xc0000005
    Fault offset: 0x000000000028d152
    Faulting process id: 0xab4
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3

    Error: (02/08/2015 01:16:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============
    Error: (02/20/2015 05:18:40 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 20) (User: NT AUTHORITY)
    Description: A fatal hardware error has occurred.

    Component: AMD Northbridge
    Error Source: 3
    Error Type: 2
    Processor ID: 0

    The details view of this entry contains further information.

    Error: (02/20/2015 05:15:24 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.

    Error: (02/20/2015 05:15:23 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.

    Error: (02/20/2015 05:15:22 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.

    Error: (02/20/2015 05:15:21 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.

    Error: (02/20/2015 05:15:20 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.

    Error: (02/20/2015 05:15:19 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.

    Error: (02/20/2015 05:15:18 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.

    Error: (02/20/2015 05:15:17 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.

    Error: (02/20/2015 05:15:16 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.


    Microsoft Office Sessions:
    =========================
    Error: (02/15/2015 09:11:13 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Explorer.EXE6.1.7601.175674d672ee4SHELL32.dll6.1.7601.1851753aa2e07c0000005000000000028d152ab401d04928c5014a60C:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dll7f2dcfd0-b51c-11e4-a431-f80f4120e316

    Error: (02/08/2015 01:16:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    CodeIntegrity Errors:
    ===================================
      Date: 2015-02-08 02:12:00.776
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2015-02-08 02:12:00.604
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: AMD Athlon™ II X2 260 Processor
    Percentage of memory in use: 35%
    Total physical RAM: 3839.37 MB
    Available physical RAM: 2479.98 MB
    Total Pagefile: 7676.92 MB
    Available Pagefile: 6199.82 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB

    ==================== Drives ================================

    Drive c: (eMachines) (Fixed) (Total:448.08 GB) (Free:397.67 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 35D5C1F3)
    Partition 1: (Not Active) - (Size=17.6 GB) - (Type=27)
    Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=448.1 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================


    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,647 posts
    • MVP

    It's odd that Cryptoprevent would stop AVG from running.  The key your message flagged:

     

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{8b104b72-f87c-4c5a-a484-c8423e289e78}
        Description    REG_SZ    CryptoLocker Prevention
        SaferFlags    REG_DWORD    0x0
        ItemData    REG_EXPAND_SZ    *:\$Recycle.Bin

     

     

    Tells it not to run stuff in the recycle bin.  

     

    There is one that might be interpreted to prevent svchost from running.  We can remove it with FRST and see if anything changes:

     

    Download the attached fixlist.txt to the same location as FRST
     
    [attachment=75888:fixlist.txt]
     
    Run FRST and press Fix
    A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
    If AVG still complains then uninstall Cryptoprevent.

     

    To uninstall Cryptoprevent you just go into the Control panel, Programs and Features, click on Cryptoprevent then on uninstall.

     

    Then reboot and see if you can get AVG to run.  

     


    • 0

    #7
    anseladams

    anseladams

      Member

    • Topic Starter
    • Member
    • PipPip
    • 11 posts

    Success!  Post the fix, I was able to run a whole computer scan with no freezes.  A big ol' hug to you, RKinner :spoton: - -

     

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-03-2015 01
    Ran by Thackers at 2015-03-08 09:50:23 Run:1
    Running from C:\Users\Thackers\Desktop
    Loaded Profiles: Thackers & UpdatusUser (Available profiles: Thackers & UpdatusUser)
    Boot Mode: Normal
    ==============================================
    Content of fixlist:
    *****************
    HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
    *****************
    HKLM => Group Policy Restriction on software restored successfully.

    ==== End of Fixlog 09:50:23 ====


    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,647 posts
    • MVP

    Could you look in Control Panel, Programs and Features and see if it gives a version number for CryptoPrevent?  I am posting about this on their support forum.


    • 0

    #9
    anseladams

    anseladams

      Member

    • Topic Starter
    • Member
    • PipPip
    • 11 posts

    I did check & the CryptoPrevent version field is blank (size was 3.38MB).  Sorry.


    • 0

    #10
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,647 posts
    • MVP

    No problem.  I got the date you installed it from the FRST log so that should tell them what version.  


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP