mcgrotty

Thanks for all the help. I can't express how much I appreciate it! Really, you're a lifesaver.

OK, well, that ESET scan seemed odd. It reported some things as a virus that I know for a fact aren't (they are 100% hand-coded pages for my website that have nothing unique about them). But here's what it found. C:\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\57O5TCQD\nextStory0.exclude[1].htm HTML/Iframe.B.Gen virus C:\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\57O5TCQD\site=cnn&cnn_position=1x1_bot&cnn_rollup=homepage&page.allowcompete=yes&params[7].htm HTML/Iframe.B.Gen virus C:\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\57O5TCQD\site=cnn&cnn_position=336x280_rgt&cnn_rollup=homepage&page.allowcompete=yes&params[7].htm HTML/Iframe.B.Gen virus C:\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7NGMHHPF\pollDataGenUniversal[1].htm HTML/Iframe.B.Gen virus C:\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MSBRZ03R\ads[2].htm HTML/Iframe.B.Gen virus C:\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MSBRZ03R\bannerview[1].htm HTML/Iframe.B.Gen virus C:\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MSBRZ03R\top10hostinglist_com[1].htm HTML/Iframe.B.Gen virus C:\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q8LRB17P\ads[1].htm HTML/Iframe.B.Gen virus C:\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q8LRB17P\pa1-content[1].htm HTML/Iframe.B.Gen virus C:\Administrator\AppData\Local\Microsoft\Windows Defender\FileTracker\{C932559D-F0DC-4848-A0A5-AC229D8FB8F0} Win32/Qhost trojan C:\Administrator\Desktop\test3.html HTML/Iframe.B.Gen virus C:\Downloads\DTLite4461-0328.exe Win32/OpenCandy application C:\FRST\Quarantine\dowiriwi.dat a variant of Win32/Kryptik.BADU trojan C:\FRST\Quarantine\msconfig.lnk Win32/Reveton.M trojan C:\games\SIERRA\kq2vga\manual\_manual.html HTML/Iframe.B.Gen virus C:\images\ManyCamSetup.exe a variant of Win32/Bundled.Toolbar.Ask application C:\Qoobox\Quarantine\C\ProgramData\iwiriwod.js.vir JS/Agent.NID trojan C:\Qoobox\Quarantine\C\ProgramData\Bcool\bhoclass.dll.vir Win32/Adware.MultiPlug.A application C:\Qoobox\Quarantine\C\Windows\System32\aeitpoyf.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\Windows\System32\ecjdvcst.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\Windows\System32\fjvjgobe.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\Windows\System32\hiijRXyb.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\Windows\System32\hiijRXyb.ini2.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\Windows\System32\qtsupjxp.ini.vir Win32/Adware.Virtumonde.NEO application C:\Users\Administrator\Downloads\FotoMorphV13Setup.exe a variant of Win32/Toolbar.Funmoods.B application E:\slabtown\albums\a122c.html HTML/Iframe.B.Gen virus E:\slabtown\albums\a122d.html HTML/Iframe.B.Gen virus E:\slabtown\songs\s101a.html HTML/Iframe.B.Gen virus E:\slabtown\songs\s103f.html HTML/Iframe.B.Gen virus

haven't given up. The Eset scan is taking forever.

OK, had no problems running the programs and the system is running well. Here is the MBAM log, followed by the HijackThis log: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.13.01 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Administrator :: DOC [administrator] 5/12/2013 8:43:38 PM mbam-log-2013-05-12 (20-43-38).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 232349 Time elapsed: 16 minute(s), 46 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ================================== Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:39:53 AM, on 5/13/2013 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16476) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Visioneer OneTouch\OneTouchMon.exe C:\Windows\System32\rundll32.exe C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe C:\Windows\System32\CTHELPER.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\AVG\AVG2013\avgui.exe C:\Program Files\Creative\Creative Live! Cam\Live! Central 2\CTLVCentral2.exe C:\Windows\V0415Mon.exe C:\Windows\System32\Ctxfihlp.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Windows\ehome\ehtray.exe C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Belkin\F7D4101\V1\PBN.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\NETGEAR\WG311T\wlancfg5.exe C:\Program Files\Wisdom-soft ScreenHunter 6.0 Pro\ScreenHunter.exe C:\Windows\ehome\ehmsas.exe C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe C:\Windows\SYSTEM32\CTXFISPI.EXE C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Opera Next\pluginwrapper\opera_plugin_wrapper.exe C:\Windows\Explorer.exe C:\Program Files\ManyCam\Bin\ManyCam.exe C:\Program Files\Opera Next\Opera.exe C:\Program Files\Opera Next\pluginwrapper\opera_plugin_wrapper.exe C:\Windows\system32\Taskmgr.exe C:\Windows\System32\mobsync.exe C:\Windows\notepad.exe C:\Program Files\CMUD\cMUD.exe C:\Program Files\CMUD\cMUD.exe C:\Users\Administrator\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=; R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\26.0.1410.64\npchrome_frame.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [Live! Central 2] "C:\Program Files\Creative\Creative Live! Cam\Live! Central 2\CTLVCentral2.exe" /mode2 O4 - HKLM\..\Run: [V0415Mon.exe] C:\Windows\V0415Mon.exe O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Wisdom-soft ScreenHunter 6.0 Free] 0 O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Desktop Clock-7] "C:\Program Files\Desktop Clock-7\Desktop Clock-7.exe" -autorun -autorun -autorun -autorun -autorun -autorun -autorun -autorun -autorun -autorun -autorun -autorun -autorun -autorun -autorun -autorun -autorun -autorun -autorun -autorun -autorun -autorun -autorun O4 - HKUS\S-1-5-18\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL2 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL2 (User 'Default user') O4 - Startup: ScreenHunter 6.0 Pro.lnk = C:\Program Files\Wisdom-soft ScreenHunter 6.0 Pro\ScreenHunter.exe O4 - Global Startup: Belkin USB Wireless Adaptor Utility.lnk = C:\Program Files\Belkin\F7D4101\V1\PBN.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\26.0.1410.64\npchrome_frame.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c992843baec50) (gupdate1c992843baec50) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: Belkin WLAN service (WLANBelkinService) - Unknown owner - C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe -- End of file - 13826 bytes

No problem. 7-Zip 4.65 AbsoluteTelnet Version 8.14 AC3Filter (remove only) Acoustica MP3 To Wave Converter PLUS Acrobat.com Ad-Aware Adobe Acrobat X Pro - English, Français, Deutsch Adobe After Effects CS4 Adobe After Effects CS4 Presets Adobe After Effects CS4 Third Party Content Adobe AIR Adobe Anchor Service CS4 Adobe Asset Services CS4 Adobe Bridge CS4 Adobe CMaps CS4 Adobe Color - Photoshop Specific CS4 Adobe Color EU Extra Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Recommended Settings CS4 Adobe Color Video Profiles AE CS4 Adobe Color Video Profiles CS CS4 Adobe Contribute CS4 Adobe Creative Suite 4 Master Collection Adobe CS4 American English Speech Analysis Models Adobe CSI CS4 Adobe Default Language CS4 Adobe Device Central CS4 Adobe Download Assistant Adobe Download Manager Adobe Dreamweaver CS4 Adobe Drive CS4 Adobe Dynamiclink Support Adobe Encore CS4 Adobe Encore CS4 Codecs Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Fireworks CS4 Adobe Flash CS4 Adobe Flash CS4 Extension - Flash Lite STI en Adobe Flash CS4 STI-en Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Fonts All Adobe Help Manager Adobe Illustrator CS4 Adobe InDesign CS4 Adobe InDesign CS4 Application Feature Set Files (Roman) Adobe InDesign CS4 Common Base Files Adobe InDesign CS4 Icon Handler Adobe Linguistics CS4 Adobe Media Encoder CS4 Adobe Media Encoder CS4 Additional Exporter Adobe Media Encoder CS4 Dolby Adobe Media Player Adobe MotionPicture Color Files CS4 Adobe OnLocation CS4 Adobe Output Module Adobe PDF Library Files CS4 Adobe Photoshop CS4 Adobe Photoshop CS4 Support Adobe Premiere Pro CS4 Adobe Premiere Pro CS4 Functional Content Adobe Reader X (10.1.4) Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe SGM CS4 Adobe Shockwave Player 11.5 Adobe SING CS4 Adobe Soundbooth CS4 Adobe Type Support CS4 Adobe Update Manager CS4 Adobe Version Cue CS4 Server Adobe Widget Browser Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS4 AdobeColorCommonSetCMYK AdobeColorCommonSetRGB Advanced Audio FX Engine Akamai NetSession Interface Akamai NetSession Interface Service Amazon Send to Kindle Apple Application Support Apple Mobile Device Support Apple Software Update Audacity 1.3.12 (Unicode) AVG 2013 AVS Audio Editor version 4.2 AVS Audio Tools version 4.4 AVS Cover Editor 1.3.1.81 (AVSMedia) AVS DVD Copy version 1.4 AVS DVDMenu Editor 1.2.1.19 AVS TV Box 1.5.1 AVS Video Tools 5.6 AVS4YOU Software Navigator 1.3 Belarc Advisor 8.1 Belkin USB Wireless Adaptor bl Bonjour Browser Defender 2.0.6.15 Caesar IV Camtasia CD Wave Editor 1.98 CDDRV_Installer CDisplay 1.8 CINEMA 4D 12.048 CloneCD CMUD 3.34 ComicRack v0.9.156 Connect CPUID CPU-Z 1.61.3 Creative ALchemy Creative Audio Control Panel Creative Console Launcher Creative Live! Cam Video IM Ultra (VF0415) (1.01.03.00) Creative Live! Central 2 Creative MediaSource 5 Creative Software AutoUpdate Creative Sound Blaster Properties Creative System Information Creative WaveStudio 7 DAEMON Tools Lite dBpoweramp Music Converter Debut Video Capture Software Desktop Clock-7 3.1 Diablo II DivX Converter DivX Plus DirectShow Filters DivX Setup DivX Version Checker DOSBox 0.73 Installer Edgar Cayce Readings CD-Rom eReg erLT Eudora FileZilla Client 3.6.0.2 Filter Forge 3.011 FLAC 1.2.1b (remove only) FLV Player 2.0 (build 25) FotoMorph version 13.7.2 Free YouTube Downloader 3.5.126 GetRight Google Chrome Google Chrome Frame Google Drive Google Earth Google Gmail Notifier Google Talk Plugin Google Translator Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) InterVideo DVDCopy5 Ipswitch WS_FTP Professional 2007 iTunes IZArc 3.81 Java 7 Update 21 Java Auto Updater Java 6 Update 12 JavaFX 2.1.1 JMB36X Raid Configurer KhalInstallWrapper King's Quest VII v1.51 to v2 Patch/DOSBox Installer kuler LAME v3.98.2 for Audacity Logitech SetPoint Magic ISO Maker v5.4 (build 0239) Malwarebytes Anti-Malware version 1.75.0.1300 ManyCam 3.1.43 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2742597) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Microsoft Windows Logo Microsoft WSE 3.0 Runtime Microsoft_VC80_CRT_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 Mobipocket Creator 4.2 Mozilla Firefox 20.0.1 (x86 en-US) Mozilla Maintenance Service MultiCam My Screen Recorder 3.0 My Screen Recorder Pro 3.0 MySQL Connector/ODBC 3.51 Netflix Movie Viewer NETGEAR WG311T Wireless Adapter NexusFont 2.5 (ver 2.5.8.1582) Notepad++ NVIDIA Drivers NVIDIA PhysX OpenAL OpenMG Limited Patch 4.7-07-14-05-01 OpenMG Secure Module 4.7.00 Opera 12.12 Opera Next 12.50 internal build 1497 Origin PageNest PC Probe II PCFriendly PDF Settings CS4 PDF Settings CS6 Personal Audio Driver ph Photoshop Camera Raw PIE Free v6.4 Pirates! Gold PiXCL USB Camera (3ComHC) Driver Update for Windows 7-32 Pixel Bender Toolkit PokerStars.net Police Quest Collection: The 4 Most Wanted Portal QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer RealUpgrade 1.1 Retro City Rampage™ 1.05 Rosetta Stone Version 3 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Sid Meier's Civilization V Sid Meier's Civilization V SDK Sierra Utilities Skype™ 6.3 SonicStage 4.3 Sothink SWF Decompiler Sound Blaster X-Fi SoundTap Streaming Audio Recorder Spirograph Spyware Doctor 7.0 Stamp ID3 Tag Editor Steam Suite Shared Configuration CS4 SurfOffline Professional 2 Switch Sound File Converter System Requirements Lab System Requirements Lab CYRI The Silver Lining The Sims™ 3 Trader's Little Helper 2.6.0 Trapcode 3DStroke Trapcode Form Trapcode Shine Trapcode Starglow Trillian TweetDeck Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition VC80CRTRedist - 8.0.50727.6195 VideoPad Video Editor Visioneer OneTouch 7300 Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VLC media player 2.0.3 Winamp Winamp Detector Plug-in WinDirStat 1.1.2 Windows 7 Upgrade Advisor Beta Windows Installer Clean Up Windows Movie Maker 2.6 WinHTTrack Website Copier 3.43-9C WinRAR archiver Wisdom-soft ScreenHunter 6.0 Pro Xvid 1.2.2 final uninstall Zoom

OK, so for problems, there weren't any, really. And, the system continues to run the same. Nothing better or worse that I've noticed after either ComboFix runs. The log: ComboFix 13-05-10.03 - Administrator 05/10/2013 18:42:57.1.4 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1819 [GMT -7:00] Running from: c:\users\Administrator\Desktop\ComboFix.exe Command switches used :: c:\users\Administrator\Desktop\CFScript.txt AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B} SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\programdata\iwiriwod.js" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\iwiriwod.js . . ((((((((((((((((((((((((( Files Created from 2013-04-11 to 2013-05-11 ))))))))))))))))))))))))))))))) . . 2013-05-11 02:00 . 2013-05-11 02:06 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-05-11 02:00 . 2013-05-11 02:00 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-06 05:02 . 2013-05-06 05:02 -------- d-----w- c:\program files\Common Files\Java 2013-05-04 19:01 . 2013-05-04 19:01 -------- d-----w- C:\FRST 2013-05-03 18:36 . 2013-05-03 18:37 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-05-03 18:36 . 2013-05-03 18:36 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes 2013-05-03 18:36 . 2013-05-03 18:36 -------- d-----w- c:\programdata\Malwarebytes 2013-05-03 18:36 . 2013-05-03 18:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-05-03 18:36 . 2013-04-04 21:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-05-01 16:25 . 2013-05-01 16:25 -------- d-----w- c:\program files\Common Files\Skype 2013-04-11 10:08 . 2013-02-22 04:10 149616 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2013-04-11 10:08 . 2013-02-22 03:36 768512 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll 2013-04-11 10:08 . 2013-02-22 03:34 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-04-11 10:08 . 2013-02-22 03:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-06 05:01 . 2013-05-06 05:01 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-05-06 05:01 . 2012-08-05 06:23 788896 ----a-w- c:\windows\system32\deployJava1.dll 2013-05-06 05:01 . 2012-08-05 06:23 866720 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-05-05 18:30 . 2012-07-10 00:18 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-05 18:30 . 2012-07-10 00:18 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-29 09:53 . 2013-03-29 09:53 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2013-03-21 10:08 . 2013-03-21 10:08 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2013-03-11 13:25 . 2013-04-10 16:10 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-11 13:25 . 2013-04-10 16:10 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-09 03:45 . 2013-04-10 16:10 49152 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-09 01:28 . 2013-04-10 16:10 64000 ----a-w- c:\windows\system32\smss.exe 2013-03-08 03:53 . 2013-04-10 16:10 376320 ----a-w- c:\windows\system32\winsrv.dll 2013-03-08 03:52 . 2013-04-10 16:10 2067968 ----a-w- c:\windows\system32\mstscax.dll 2013-03-05 01:40 . 2013-04-10 16:10 2049024 ----a-w- c:\windows\system32\win32k.sys 2013-03-03 19:07 . 2013-04-10 16:10 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-03-01 17:32 . 2013-03-01 17:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys 2013-02-28 22:56 . 2013-02-28 22:56 204800 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{237FB6DF-B351-4567-9226-4CE4A9CBBEA8}\NewShortcut3_F3E79F781397493FAF86755C8BA0A711.exe 2013-02-28 22:56 . 2013-02-28 22:56 204800 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{237FB6DF-B351-4567-9226-4CE4A9CBBEA8}\NewShortcut2_01A0B340D90E40E587958DD07FD4AF90.exe 2013-02-28 22:56 . 2013-02-28 22:56 204800 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{237FB6DF-B351-4567-9226-4CE4A9CBBEA8}\NewShortcut1_76930796F2CD426EBFFFA58C266CC45C.exe 2013-02-28 22:56 . 2013-02-28 22:56 204800 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{237FB6DF-B351-4567-9226-4CE4A9CBBEA8}\ARPPRODUCTICON.exe 2013-02-22 03:38 . 2013-04-11 10:07 1129472 ----a-w- c:\windows\system32\wininet.dll 2013-02-18 23:28 . 2009-02-11 07:18 466008 ----a-w- c:\windows\system32\drivers\sptd.sys 2013-02-12 01:57 . 2013-03-21 18:36 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys 2012-08-10 09:31 . 2012-08-10 09:31 36868 ----a-w- c:\program files\uninst-Particular.exe 2013-04-12 06:10 . 2013-04-12 06:10 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2013-04-16 23:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-04-16 23:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2013-04-16 23:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2013-04-16 23:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Wisdom-soft ScreenHunter 6.0 Free"="0" [X] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Akamai NetSession Interface"="c:\users\Administrator\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-03-01 18642024] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320] "Desktop Clock-7"="c:\program files\Desktop Clock-7\Desktop Clock-7.exe" [2012-02-20 163840] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-27 788880] "OneTouch Monitor"="c:\program files\Visioneer OneTouch\OneTouchMon.exe" [2003-08-18 94208] "NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-10 92704] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-10 8530464] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-10 88608] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-12-07 180224] "CTHelper"="CTHELPER.EXE" [2007-03-05 19456] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760] "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-04-29 4408368] "Live! Central 2"="c:\program files\Creative\Creative Live! Cam\Live! Central 2\CTLVCentral2.exe" [2009-08-13 422035] "V0415Mon.exe"="c:\windows\V0415Mon.exe" [2008-08-07 28672] "CTxfiHlp"="CTXFIHLP.EXE" [2010-05-06 25600] "CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CtxfiReg"="CTXFIREG.exe" [2010-05-06 47104] . c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ScreenHunter 6.0 Pro.lnk - c:\program files\Wisdom-soft ScreenHunter 6.0 Pro\ScreenHunter.exe [2012-11-1 8798720] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Belkin USB Wireless Adaptor Utility.lnk - c:\program files\Belkin\F7D4101\V1\PBN.exe [2009-11-25 110592] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-4-8 813584] NETGEAR WG311T Smart Wizard.lnk - c:\program files\NETGEAR\WG311T\wlancfg5.exe [2006-2-22 1486848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Eudora\EuShlExt.dll" [2005-08-09 86016] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32\byXRjiih . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ePrompter.lnk] path=c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ePrompter.lnk backup=c:\windows\pss\ePrompter.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2011-09-05 17:04 2904984 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2012-04-04 13:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2009-08-23 12:37 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager] 2012-03-09 23:26 1073312 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-02-21 04:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusStartupHelp] 2006-11-14 06:25 363008 ----a-r- c:\program files\ASUS\AASP\1.00.17\AsRunHelp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2013-01-08 08:41 3674320 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-02-25 10:12 133104 ----atw- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-03-26 08:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup] 2006-10-30 12:44 36864 ------r- c:\windows\JM\JMInsIDE.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-04-19 03:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-02-10 00:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2012-08-16 10:52 296096 ----a-w- c:\program files\real\realplayer\Update\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2010-12-09 10:45 74752 ----a-w- c:\program files\Winamp\winampa.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "FirewallOverride"=dword:00000001 . R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder . 2013-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-10 18:30] . 2013-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-19 11:20] . 2013-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-19 11:20] . 2013-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1094072716-3345856192-3952908105-500Core.job - c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-25 10:12] . 2013-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1094072716-3345856192-3952908105-500UA.job - c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-25 10:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.cnn.com/ uInternet Settings,ProxyServer = http=;ftp=;https=; uInternet Settings,ProxyOverride = <local> IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm TCP: DhcpNameServer = 192.168.1.1 DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3h6bowwn.default\ . . ************************************************************************** scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTxfiHlp = CTXFIHLP.EXE? . scanning hidden files ... . scan completed successfully hidden files: . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_ca0e279.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (Administrator) "{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,3b,1b,f4,c2,69, 41,94,b0,18,0a,a9,14,6f,12,b5,53,de,de "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,05,46, 3a,c5,08,0d,09,b3,a9,8b,e9,64,6e,03,88 "{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,3b,1b,d5,02,5e, 17,13,c0,f2,05,8f,77,84,02,97,dc,23,0f "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2e,97, 62,f6,63,4a,02,ac,f3,4f,fc,1e,78,e2,67 "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,88,06, 66,c3,85,44,09,ad,e1,90,9a,f2,99,6c,5a "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,da, cb,76,f7,33,0c,a7,7e,d8,65,c2,85,c9,b0 "{ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7}"=hex:51,66,7a,6c,4c,1d,3b,1b,67,db,a1, fc,39,49,d5,0b,a0,5d,3c,b9,ec,a3,0e,be "{11111111-1111-1111-1111-110011441193}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,0e,03, 01,22,42,79,5e,0a,1b,55,40,12,04,50,8a "{7aeae561-714b-45f6-ace3-4a8aed6e227b}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,fa,f8, 6a,78,22,9e,0a,b7,e9,0e,ca,ee,2e,63,62 . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (Administrator) "Timestamp"=hex:1a,cb,73,3d,6d,09,ce,01 . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2a,aa,cb,27,9f,ac,e0,47,8f,4e,98,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0f,28,ac,58,21,91,87,48,be,f6,bd,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,35,3b,5f,98,9d,66,42,88,99,70,\ "027C9CB72E593A8F02C55092F385DBAC99DF56D067"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2a,aa,cb,27,9f,ac,e0,47,8f,4e,98,\ . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.669\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.669" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.AAC" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.aif" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.aiff" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amf\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.amf" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.ASF" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.PlayList" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.au" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice] @Denied: (2) (Administrator) "Progid"="VLC.avi" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avr\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.avr" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.B4S\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.PlayList" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.caf\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.caf" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.CDA" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.div\UserChoice] @Denied: (2) (Administrator) "Progid"="divx_div_file" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice] @Denied: (2) (Administrator) "Progid"="divx_divx_file" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DOC\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\Winword.exe" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (Administrator) "Progid"="ThunderbirdEML" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.far\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.far" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.FLAC" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.FLV" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gam\UserChoice] @Denied: (2) (Administrator) "Progid"="WinTADS game file" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.HLP\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\notepad.exe" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htk\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.htk" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (Administrator) "Progid"="OperaNext.HTML" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (Administrator) "Progid"="OperaNext.HTML" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.iff" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.it\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.it" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itz\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.itz" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.KAR\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.KAR" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.M2V" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.PlayList" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M3U8\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.PlayList" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.M4A" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.M4V" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mat\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.mat" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mdz\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.mdz" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice] @Denied: (2) (Administrator) "Progid"="OperaNext.HTML" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice] @Denied: (2) (Administrator) "Progid"="OperaNext.HTML" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.MID" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.MIDI" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MIZ\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.MIZ" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice] @Denied: (2) (Administrator) "Progid"="divx_mkv_file" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.mod" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp1\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.MP1" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.MP2" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.MP3" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.MP4" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.MPEG" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.MPG" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mtm\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.mtm" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\DAMN NFO Viewer.exe" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NSA\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.NSA" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nst\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.nst" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nsv\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.NSV" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.OGG" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.okt\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.okt" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oma\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\winamp.exe" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.paf\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.paf" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.PlayList" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ptm\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.ptm" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pvf\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.pvf" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.raw" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rf64\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.rf64" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.RMI" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3m\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.s3m" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3z\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.s3z" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sd2\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.sd2" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sds\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.sds" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sf\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.sf" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shn\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AU" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.stm\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.stm" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.stz\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.stz" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swf\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.SWF" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tix\UserChoice] @Denied: (2) (Administrator) "Progid"="divx_tix_file" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\notepad++.exe" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ult\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.ult" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.VLB\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.VLB" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.VOB\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\DVDXPlayer.exe" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.voc\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.voc" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vpj\UserChoice] @Denied: (2) (Administrator) "Progid"="NCH.VideoPad.vpj" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.w64\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.w64" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wal\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.SkinZip" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.wav" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdseml\UserChoice] @Denied: (2) (Administrator) "Progid"="ThunderbirdEML" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wlz\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.LangZip" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.WMA" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMD" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMS" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.WMV" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMZ" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.PlayList" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wsz\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.SkinZip" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wve\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.wve" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (Administrator) "Progid"="OperaNext.HTML" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtm\UserChoice] @Denied: (2) (Administrator) "Progid"="OperaNext.HTML" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (Administrator) "Progid"="OperaNext.HTML" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xi\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.xi" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xm\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.xm" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmz\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.xmz" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\UserChoice] @Denied: (2) (Administrator) "Progid"="WinRAR.ZIP" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CDD5B6A8-36E6-005C-6955-CE620B71758E}*] "haeefifehcpnnldd"=hex:6a,61,63,6f,66,61,68,66,65,6e,6c,66,65,70,62,61,65,61, 64,62,00,58 "iagflggeicnechjpie"=hex:6a,61,63,6f,66,61,68,66,65,6e,6c,66,65,70,62,61,65,61, 64,62,00,00 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:92,35,ee,b0,bf,0b,81,b9,ff,d0,59,d2,a1,17,c9,74,30,69,1a,a8,ba, 20,81,a2,96,94,3f,9d,e9,bc,6b,93,c4,79,24,64,37,43,b0,7d,55,49,c9,5a,b4,95,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDD5B6A8-36E6-005C-6955-CE620B71758E}\InProcServer32*] "jaifdchpgfjbgcpkhced"=hex:6a,61,63,6f,66,61,68,66,65,6e,6c,66,65,70,62,61,65, 61,64,62,00,00 "iaifncbifeanbmpmhg"=hex:6a,61,63,6f,66,61,68,66,65,6e,6c,66,65,70,62,61,65,61, 64,62,00,58 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDDE39F0-4899-B247-D401-5C1AF222E833}\InProcServer32*] "kadmekchphjkkdmhipdnnd"=hex:62,61,64,6e,00,ff "jadmjjccijddckkdndgl"=hex:63,61,69,6e,62,68,00,00 "kadmakfgjnimnjpmlekgcd"=hex:6d,61,61,63,69,69,6e,67,6f,68,69,6f,68,63,70,6b, 6a,6b,6d,61,68,6d,6d,61,6d,62,00,00 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgagD\1*] "value"="?\07\03\12\06#\00E" . [HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:92,35,ee,b0,bf,0b,81,b9,ff,d0,59,d2,a1,17,c9,74,30,69,1a,a8,ba, 20,81,a2,96,94,3f,9d,e9,bc,6b,93,c4,79,24,64,37,43,b0,7d,55,49,c9,5a,b4,95,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(6140) c:\program files\Logitech\SetPoint\GameHook.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\System32\ctagent.dll c:\program files\FileZilla FTP Client\fzshellext.dll c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll c:\program files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll c:\windows\system32\nvcpl.dll c:\windows\system32\nvapi.dll . ------------------------ Other Running Processes ------------------------ . c:\progra~1\AVG\AVG2013\avgrsx.exe c:\program files\AVG\AVG2013\avgcsrvx.exe c:\windows\system32\nvvsvc.exe c:\program files\Creative\Shared Files\CTAudSvc.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\program files\Lavasoft\Ad-Aware\AAWService.exe c:\windows\system32\WLANExt.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\AVG\AVG2013\avgidsagent.exe c:\program files\AVG\AVG2013\avgwdsvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe c:\program files\AVG\AVG2013\avgnsx.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\System32\rundll32.exe c:\windows\System32\CTHELPER.EXE c:\windows\System32\Ctxfihlp.exe c:\windows\ehome\ehmsas.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\SYSTEM32\CTXFISPI.EXE c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Completion time: 2013-05-10 19:16:33 - machine was rebooted ComboFix-quarantined-files.txt 2013-05-11 02:16 ComboFix2.txt 2013-05-10 17:47 . Pre-Run: 9,769,455,616 bytes free Post-Run: 9,792,991,232 bytes free . - - End Of File - - 8ED8E88FAEEBF3D519AD11C69D96CB88

Sorry about that. Before the log, I'll say that everything is running smoothly. When running the ComboFix, there were some instance when it couldn't do something because it said it needed admin rights, though I am logged in as admin. But those were the only things I noticed. Also, I am thinking that I didn't get all the antivirus and other protections disabled before I started it. I was only going by what was in the toolbar at the bottom of the screen, but looking at the log, it looks like most of my stuff didn't have toolbar options. Here is the log: ComboFix 13-05-10.03 - Administrator 05/10/2013 10:06:32.1.4 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1596 [GMT -7:00] Running from: c:\downloads\ComboFix.exe AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B} SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\7300.3031120.EN.exe C:\Ahmbed.gz c:\programdata\Amazon.ico c:\programdata\Bcool c:\programdata\Bcool\background.html c:\programdata\Bcool\bhoclass.dll c:\programdata\Bcool\content.js c:\programdata\Bcool\fmoaocpdfbcjbhabgegliliohmndnbnd.crx c:\programdata\Bcool\settings.ini c:\programdata\rundll32.exe C:\Setup.exe c:\users\Public\WINDOWS c:\users\Public\WINDOWS\DigitalLocker\enUs\BITSCTRS.INI c:\users\Public\WINDOWS\DigitalLocker\enUs\DXG.INI c:\users\Public\WINDOWS\Microsoft.Net\Authmen\CORPERFMONSYMBOLS.INI c:\users\Public\WINDOWS\ModemLogs\TCPMOM.INI c:\users\Public\WINDOWS\MSAgent\Chars\DRVLOCK.SYS c:\users\Public\WINDOWS\MSAgent\Chars\SYMBIOS.SYS c:\users\Public\WINDOWS\Panther\UnattendGC\TOGGLE.INI c:\users\Public\WINDOWS\PLA\System\EPCL5UI.INI c:\users\Public\WINDOWS\PLA\System\RASCTRS.INI c:\users\Public\WINDOWS\PolicyDefinitions\enUs\OOBINFO.INI c:\users\Public\WINDOWS\ServiceProfiles\HPFDJ50.INI c:\users\Public\WINDOWS\SoftwareDistribution\DataStore\Logs\EPNPVE3N.INI c:\users\Public\WINDOWS\SoftwareDistribution\DataStore\Logs\MSDFMAP.INI c:\users\Public\WINDOWS\System32\Com\Demp\SQSDMTST.SYS c:\users\Public\WINDOWS\System32\Microsoft\Protect\PERFWCI.INI c:\users\Public\WINDOWS\System32\Wbem\AutoRecover\WMIAPRPL.INI c:\users\Public\WINDOWS\WindowsMobile\enUs\BRMTBIDI.INI c:\users\Public\WINDOWS\WindowsMobile\enUs\EWPKCLNT.INI c:\windows\iun6002.exe c:\windows\system32\aeitpoyf.ini c:\windows\system32\drivers\npf.sys c:\windows\system32\ecjdvcst.ini c:\windows\system32\fjvjgobe.ini c:\windows\System32\hiijRXyb.ini c:\windows\System32\hiijRXyb.ini2 c:\windows\system32\lsprst7.dll c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\qtsupjxp.ini c:\windows\system32\ssprs.dll c:\windows\system32\URTTemp c:\windows\system32\URTTemp\regtlib.exe c:\windows\system32\wpcap.dll . . ((((((((((((((((((((((((( Files Created from 2013-04-10 to 2013-05-10 ))))))))))))))))))))))))))))))) . . 2013-05-10 17:28 . 2013-05-10 17:36 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-05-10 17:28 . 2013-05-10 17:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-06 05:02 . 2013-05-06 05:02 -------- d-----w- c:\program files\Common Files\Java 2013-05-06 05:01 . 2013-05-06 05:01 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-05-04 19:01 . 2013-05-04 19:01 -------- d-----w- C:\FRST 2013-05-04 01:41 . 2013-05-04 01:41 2685 ----a-w- c:\programdata\iwiriwod.js 2013-05-03 18:36 . 2013-05-03 18:37 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-05-03 18:36 . 2013-05-03 18:36 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes 2013-05-03 18:36 . 2013-05-03 18:36 -------- d-----w- c:\programdata\Malwarebytes 2013-05-03 18:36 . 2013-05-03 18:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-05-03 18:36 . 2013-04-04 21:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-05-01 16:25 . 2013-05-01 16:25 -------- d-----w- c:\program files\Common Files\Skype 2013-04-11 10:08 . 2013-02-22 04:10 149616 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2013-04-11 10:08 . 2013-02-22 03:36 768512 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll 2013-04-11 10:08 . 2013-02-22 03:34 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-04-11 10:08 . 2013-02-22 03:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-06 05:01 . 2012-08-05 06:23 788896 ----a-w- c:\windows\system32\deployJava1.dll 2013-05-06 05:01 . 2012-08-05 06:23 866720 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-05-05 18:30 . 2012-07-10 00:18 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-05 18:30 . 2012-07-10 00:18 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-29 09:53 . 2013-03-29 09:53 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2013-03-21 10:08 . 2013-03-21 10:08 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2013-03-11 13:25 . 2013-04-10 16:10 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-11 13:25 . 2013-04-10 16:10 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-09 03:45 . 2013-04-10 16:10 49152 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-09 01:28 . 2013-04-10 16:10 64000 ----a-w- c:\windows\system32\smss.exe 2013-03-08 03:53 . 2013-04-10 16:10 376320 ----a-w- c:\windows\system32\winsrv.dll 2013-03-08 03:52 . 2013-04-10 16:10 2067968 ----a-w- c:\windows\system32\mstscax.dll 2013-03-05 01:40 . 2013-04-10 16:10 2049024 ----a-w- c:\windows\system32\win32k.sys 2013-03-03 19:07 . 2013-04-10 16:10 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-03-01 17:32 . 2013-03-01 17:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys 2013-02-28 22:56 . 2013-02-28 22:56 204800 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{237FB6DF-B351-4567-9226-4CE4A9CBBEA8}\NewShortcut3_F3E79F781397493FAF86755C8BA0A711.exe 2013-02-28 22:56 . 2013-02-28 22:56 204800 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{237FB6DF-B351-4567-9226-4CE4A9CBBEA8}\NewShortcut2_01A0B340D90E40E587958DD07FD4AF90.exe 2013-02-28 22:56 . 2013-02-28 22:56 204800 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{237FB6DF-B351-4567-9226-4CE4A9CBBEA8}\NewShortcut1_76930796F2CD426EBFFFA58C266CC45C.exe 2013-02-28 22:56 . 2013-02-28 22:56 204800 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{237FB6DF-B351-4567-9226-4CE4A9CBBEA8}\ARPPRODUCTICON.exe 2013-02-18 23:28 . 2009-02-11 07:18 466008 ----a-w- c:\windows\system32\drivers\sptd.sys 2013-02-12 01:57 . 2013-03-21 18:36 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys 2012-08-10 09:31 . 2012-08-10 09:31 36868 ----a-w- c:\program files\uninst-Particular.exe 2013-04-12 06:10 . 2013-04-12 06:10 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2013-04-16 23:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-04-16 23:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2013-04-16 23:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2013-04-16 23:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Wisdom-soft ScreenHunter 6.0 Free"="0" [X] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Akamai NetSession Interface"="c:\users\Administrator\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-03-01 18642024] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320] "Desktop Clock-7"="c:\program files\Desktop Clock-7\Desktop Clock-7.exe" [2012-02-20 163840] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-27 788880] "OneTouch Monitor"="c:\program files\Visioneer OneTouch\OneTouchMon.exe" [2003-08-18 94208] "NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-10 92704] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-10 8530464] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-10 88608] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-12-07 180224] "CTHelper"="CTHELPER.EXE" [2007-03-05 19456] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760] "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-04-29 4408368] "Live! Central 2"="c:\program files\Creative\Creative Live! Cam\Live! Central 2\CTLVCentral2.exe" [2009-08-13 422035] "V0415Mon.exe"="c:\windows\V0415Mon.exe" [2008-08-07 28672] "CTxfiHlp"="CTXFIHLP.EXE" [2010-05-06 25600] "CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CtxfiReg"="CTXFIREG.exe" [2010-05-06 47104] . c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ScreenHunter 6.0 Pro.lnk - c:\program files\Wisdom-soft ScreenHunter 6.0 Pro\ScreenHunter.exe [2012-11-1 8798720] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Belkin USB Wireless Adaptor Utility.lnk - c:\program files\Belkin\F7D4101\V1\PBN.exe [2009-11-25 110592] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-4-8 813584] NETGEAR WG311T Smart Wizard.lnk - c:\program files\NETGEAR\WG311T\wlancfg5.exe [2006-2-22 1486848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Eudora\EuShlExt.dll" [2005-08-09 86016] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32\byXRjiih . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ePrompter.lnk] path=c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ePrompter.lnk backup=c:\windows\pss\ePrompter.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2011-09-05 17:04 2904984 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2012-04-04 13:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2009-08-23 12:37 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager] 2012-03-09 23:26 1073312 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-02-21 04:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusStartupHelp] 2006-11-14 06:25 363008 ----a-r- c:\program files\ASUS\AASP\1.00.17\AsRunHelp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2013-01-08 08:41 3674320 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-02-25 10:12 133104 ----atw- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-03-26 08:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup] 2006-10-30 12:44 36864 ------r- c:\windows\JM\JMInsIDE.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-04-19 03:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-02-10 00:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2012-08-16 10:52 296096 ----a-w- c:\program files\real\realplayer\Update\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2010-12-09 10:45 74752 ----a-w- c:\program files\Winamp\winampa.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "FirewallOverride"=dword:00000001 . R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder . 2013-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-10 18:30] . 2013-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-19 11:20] . 2013-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-19 11:20] . 2013-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1094072716-3345856192-3952908105-500Core.job - c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-25 10:12] . 2013-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1094072716-3345856192-3952908105-500UA.job - c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-25 10:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.cnn.com/ uInternet Settings,ProxyServer = http=;ftp=;https=; uInternet Settings,ProxyOverride = <local> IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm TCP: DhcpNameServer = 192.168.1.1 DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3h6bowwn.default\ . - - - - ORPHANS REMOVED - - - - . BHO-{5E9DCE74-1148-4D94-87BD-E15B752E04DC} - c:\windows\system32\byXRjiih.dll HKCU-Run-AdobeBridge - (no file) HKCU-Run-Zoom - (no file) MSConfigStartUp-Adobe Acrobat Speed Launcher - c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe MSConfigStartUp-BMUpdate - c:\windows\system32\BMUpdate.exe MSConfigStartUp-EmailTray Activator - c:\users\Administrator\bin\etactivator.exe MSConfigStartUp-MSServer - c:\windows\system32\geBrqNEU.dll MSConfigStartUp-POP Peeper - c:\program files\POP Peeper\POPPeeper.exe MSConfigStartUp-RegistryMechanic - c:\program files\Registry Mechanic\RMTray.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe AddRemove-{501451DE-5808-4599-B544-8BD0915B6B24}_is1 - c:\program files\FreeRIP3\unins000.exe AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe AddRemove-{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1 - c:\program files\Yawcam\unins000.exe AddRemove-VisualBee for Microsoft PowerPoint - c:\users\Administrator\AppData\Local\VisualBeeExe\uninst.exe . . . ************************************************************************** scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTxfiHlp = CTXFIHLP.EXE? . scanning hidden files ... . scan completed successfully hidden files: . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_ca0e279.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (Administrator) "{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,3b,1b,f4,c2,69, 41,94,b0,18,0a,a9,14,6f,12,b5,53,de,de "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,05,46, 3a,c5,08,0d,09,b3,a9,8b,e9,64,6e,03,88 "{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,3b,1b,d5,02,5e, 17,13,c0,f2,05,8f,77,84,02,97,dc,23,0f "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2e,97, 62,f6,63,4a,02,ac,f3,4f,fc,1e,78,e2,67 "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,88,06, 66,c3,85,44,09,ad,e1,90,9a,f2,99,6c,5a "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,da, cb,76,f7,33,0c,a7,7e,d8,65,c2,85,c9,b0 "{ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7}"=hex:51,66,7a,6c,4c,1d,3b,1b,67,db,a1, fc,39,49,d5,0b,a0,5d,3c,b9,ec,a3,0e,be "{11111111-1111-1111-1111-110011441193}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,0e,03, 01,22,42,79,5e,0a,1b,55,40,12,04,50,8a "{7aeae561-714b-45f6-ace3-4a8aed6e227b}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,fa,f8, 6a,78,22,9e,0a,b7,e9,0e,ca,ee,2e,63,62 . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (Administrator) "Timestamp"=hex:1a,cb,73,3d,6d,09,ce,01 . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2a,aa,cb,27,9f,ac,e0,47,8f,4e,98,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0f,28,ac,58,21,91,87,48,be,f6,bd,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,35,3b,5f,98,9d,66,42,88,99,70,\ "027C9CB72E593A8F02C55092F385DBAC99DF56D067"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2a,aa,cb,27,9f,ac,e0,47,8f,4e,98,\ . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.669\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.669" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.AAC" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.aif" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.aiff" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amf\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.amf" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.ASF" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.PlayList" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.au" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice] @Denied: (2) (Administrator) "Progid"="VLC.avi" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avr\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.avr" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.B4S\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.PlayList" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.caf\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.caf" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.CDA" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.div\UserChoice] @Denied: (2) (Administrator) "Progid"="divx_div_file" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice] @Denied: (2) (Administrator) "Progid"="divx_divx_file" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DOC\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\Winword.exe" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (Administrator) "Progid"="ThunderbirdEML" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.far\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.far" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.FLAC" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.FLV" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gam\UserChoice] @Denied: (2) (Administrator) "Progid"="WinTADS game file" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.HLP\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\notepad.exe" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htk\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.htk" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (Administrator) "Progid"="OperaNext.HTML" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (Administrator) "Progid"="OperaNext.HTML" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.iff" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.it\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.it" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itz\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.itz" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.KAR\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.KAR" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.M2V" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.PlayList" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M3U8\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.PlayList" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.M4A" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.M4V" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mat\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.mat" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mdz\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.mdz" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice] @Denied: (2) (Administrator) "Progid"="OperaNext.HTML" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice] @Denied: (2) (Administrator) "Progid"="OperaNext.HTML" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.MID" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.MIDI" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MIZ\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.MIZ" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice] @Denied: (2) (Administrator) "Progid"="divx_mkv_file" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.mod" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp1\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.MP1" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.MP2" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.MP3" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.MP4" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.MPEG" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.MPG" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mtm\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.mtm" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\DAMN NFO Viewer.exe" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NSA\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.NSA" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nst\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.nst" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nsv\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.NSV" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.OGG" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.okt\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.okt" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oma\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\winamp.exe" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.paf\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.paf" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.PlayList" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ptm\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.ptm" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pvf\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.pvf" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.raw" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rf64\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.rf64" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.RMI" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3m\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.s3m" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3z\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.s3z" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sd2\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.sd2" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sds\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.sds" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sf\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.sf" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shn\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AU" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.stm\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.stm" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.stz\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.stz" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swf\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.SWF" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tix\UserChoice] @Denied: (2) (Administrator) "Progid"="divx_tix_file" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\notepad++.exe" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ult\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.ult" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.VLB\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.VLB" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.VOB\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\DVDXPlayer.exe" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.voc\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.voc" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vpj\UserChoice] @Denied: (2) (Administrator) "Progid"="NCH.VideoPad.vpj" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.w64\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.w64" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wal\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.SkinZip" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.wav" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdseml\UserChoice] @Denied: (2) (Administrator) "Progid"="ThunderbirdEML" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wlz\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.LangZip" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.WMA" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMD" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMS" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.WMV" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMZ" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.PlayList" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wsz\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.SkinZip" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wve\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.wve" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (Administrator) "Progid"="OperaNext.HTML" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtm\UserChoice] @Denied: (2) (Administrator) "Progid"="OperaNext.HTML" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (Administrator) "Progid"="OperaNext.HTML" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xi\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.xi" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xm\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.xm" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmz\UserChoice] @Denied: (2) (Administrator) "Progid"="Winamp.File.xmz" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\UserChoice] @Denied: (2) (Administrator) "Progid"="WinRAR.ZIP" . [HKEY_USERS\S-1-5-21-1094072716-3345856192-3952908105-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CDD5B6A8-36E6-005C-6955-CE620B71758E}*] "haeefifehcpnnldd"=hex:6a,61,63,6f,66,61,68,66,65,6e,6c,66,65,70,62,61,65,61, 64,62,00,58 "iagflggeicnechjpie"=hex:6a,61,63,6f,66,61,68,66,65,6e,6c,66,65,70,62,61,65,61, 64,62,00,00 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:92,35,ee,b0,bf,0b,81,b9,ff,d0,59,d2,a1,17,c9,74,30,69,1a,a8,ba, 20,81,a2,96,94,3f,9d,e9,bc,6b,93,c4,79,24,64,37,43,b0,7d,55,49,c9,5a,b4,95,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDD5B6A8-36E6-005C-6955-CE620B71758E}\InProcServer32*] "jaifdchpgfjbgcpkhced"=hex:6a,61,63,6f,66,61,68,66,65,6e,6c,66,65,70,62,61,65, 61,64,62,00,00 "iaifncbifeanbmpmhg"=hex:6a,61,63,6f,66,61,68,66,65,6e,6c,66,65,70,62,61,65,61, 64,62,00,58 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDDE39F0-4899-B247-D401-5C1AF222E833}\InProcServer32*] "kadmekchphjkkdmhipdnnd"=hex:62,61,64,6e,00,ff "jadmjjccijddckkdndgl"=hex:63,61,69,6e,62,68,00,00 "kadmakfgjnimnjpmlekgcd"=hex:6d,61,61,63,69,69,6e,67,6f,68,69,6f,68,63,70,6b, 6a,6b,6d,61,68,6d,6d,61,6d,62,00,00 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsi[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsi[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsi[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsi[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsi[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsi[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsi[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgagD\1*] "value"="?\07\03\12\06#\00E" . [HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:92,35,ee,b0,bf,0b,81,b9,ff,d0,59,d2,a1,17,c9,74,30,69,1a,a8,ba, 20,81,a2,96,94,3f,9d,e9,bc,6b,93,c4,79,24,64,37,43,b0,7d,55,49,c9,5a,b4,95,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(2696) c:\program files\Logitech\SetPoint\GameHook.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\System32\ctagent.dll c:\program files\FileZilla FTP Client\fzshellext.dll c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . ------------------------ Other Running Processes ------------------------ . c:\progra~1\AVG\AVG2013\avgrsx.exe c:\program files\AVG\AVG2013\avgcsrvx.exe c:\windows\system32\nvvsvc.exe c:\program files\Creative\Shared Files\CTAudSvc.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\program files\Lavasoft\Ad-Aware\AAWService.exe c:\windows\system32\WLANExt.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\AVG\AVG2013\avgidsagent.exe c:\program files\AVG\AVG2013\avgwdsvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe c:\program files\AVG\AVG2013\avgnsx.exe c:\windows\System32\rundll32.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\System32\rundll32.exe c:\windows\System32\CTHELPER.EXE c:\windows\Sys

Wanted to say that I have not given up this step of the process. I have gotten sidetracked for a day or two, as something came up.

All right, here we go. First, AdwCleaner log: # AdwCleaner v2.300 - Logfile created 05/04/2013 at 18:15:36 # Updated 28/04/2013 by Xplode # Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits) # User : Administrator - DOC # Boot Mode : Normal # Running from : C:\Users\Administrator\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlndmljfcnlkbcbbneenigbpikmdfcdh File Deleted : C:\END Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\FreeRIP3 Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\ProgramData\FreeRIP Folder Deleted : C:\ProgramData\InstallMate Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeRIP3 Folder Deleted : C:\ProgramData\Premium Folder Deleted : C:\ProgramData\visualbee Folder Deleted : C:\Users\Administrator\AppData\Local\Conduit Folder Deleted : C:\Users\Administrator\AppData\Local\Coupon Companion Plugin Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlndmljfcnlkbcbbneenigbpikmdfcdh Folder Deleted : C:\Users\Administrator\AppData\Local\visualbeeexe Folder Deleted : C:\Users\Administrator\AppData\Local\Zoom_Downloader Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Administrator\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Toolbar4 ***** [Registry] ***** Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKCU\Software\Google\Chrome\Extensions\nlndmljfcnlkbcbbneenigbpikmdfcdh Key Deleted : HKCU\Software\Headlight Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441193} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441193} Key Deleted : HKCU\Software\PIP Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011441193} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442293} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO.1 Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445593} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446693} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3268494 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444493} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nlndmljfcnlkbcbbneenigbpikmdfcdh Key Deleted : HKLM\Software\Headlight Key Deleted : HKLM\Software\Iminent Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441193} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441193} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP Key Deleted : HKLM\Software\PIP Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Deleted : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Deleted : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16476 [OK] Registry is clean. -\\ Mozilla Firefox v20.0.1 (en-US) File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3h6bowwn.default\prefs.js [OK] File is clean. -\\ Google Chrome v27.0.1453.73 File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. -\\ Opera v12.12.1707.0 File : C:\Users\Administrator\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[s1].txt - [10812 octets] - [04/05/2013 18:15:36] ########## EOF - C:\AdwCleaner[s1].txt - [10873 octets] ########## ========================== Now the RogueKIller report: RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo...13-roguekiller/ Website : http://tigzy.geeksto...roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User : Administrator [Admin rights] Mode : Remove -- Date : 05/04/2013 18:59:45 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 18 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : ROC_ROC_APR2013_AV (C:\Users\Administrator\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 9bd91ced0236ddd956d8444368354257-9538cccb7c8d629332e6e6e5eb61d9704d36226a --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013) [x] -> DELETED [TASK][sUSP PATH] VisualBeeRecovery : C:\Users\Administrator\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe /s [x] -> DELETED [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=;ftp=;hxxps= -> NOT REMOVED, USE PROXYFIX [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DLL][sUSP PATH] HKLM\[...]\ControlSet001\Services\winmgmt\Parameters : ServiceDll (C:\ProgramData\dowiriwi.dat) [x] -> REPLACED (%SystemRoot%\system32\wbem\WMIsvc.dll) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] b8fb8c59bbab10cbda67449902b48b68 [bSP] 2981b5f528e6239c6fd6d97ab7a50763 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 290834 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 595630080 | Size: 100000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 800430080 | Size: 86104 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: +++++ --- User --- [MBR] f5928dae1a86e8d625eaf1be2d9d6913 [bSP] cb0f4f97cba6f36de8f0bcd96f74954a : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[2]_D_05042013_02d1859.txt >> RKreport[1]_S_05042013_02d1850.txt ; RKreport[2]_D_05042013_02d1859.txt

Success with the normal boot! And the fixlog it spit out: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-05-2013 02 Ran by SYSTEM at 2013-05-04 12:47:36 Run:1 Running from H:\ Boot Mode: Recovery ============================================== HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe => Value deleted successfully. C:\Windows\system32\byXRjiih => File/Directory not found. C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk => Moved successfully. C:\PROGRA~2\dowiriwi.dat => Moved successfully. C:\ProgramData\iwiriwod.pad => Moved successfully. C:\ProgramData\as98213.txt => Moved successfully. C:\Users\Administrator\5337881.dll => Moved successfully. C:\ProgramData\dowiriwi.dat => File/Directory not found. C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\\msconfig.lnk => File/Directory not found. ==== End of Fixlog ====

That did the job, for this part. Thanks. Here are the log results: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-05-2013 02 Ran by SYSTEM on 04-05-2013 11:02:03 Running from H:\ Windows Vista ™ Home Premium (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-18] (Microsoft Corporation) HKLM\...\Run: [updReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM\...\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [788880 2010-01-27] (Lavasoft) HKLM\...\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe [94208 2003-08-18] (Visioneer Inc) HKLM\...\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [92704 2008-01-10] (NVIDIA Corporation) HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [8530464 2008-01-10] (NVIDIA Corporation) HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [88608 2008-01-10] (NVIDIA Corporation) HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x] HKLM\...\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r [180224 2006-12-06] (Creative Technology Ltd) HKLM\...\Run: [CTHelper] CTHELPER.EXE [x] HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated) HKLM\...\Run: [] [x] HKLM\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2011-09-05] (Adobe Systems Incorporated) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM\...\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [4394032 2013-03-13] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [Live! Central 2] "C:\Program Files\Creative\Creative Live! Cam\Live! Central 2\CTLVCentral2.exe" /mode2 [422035 2009-08-12] (Creative Technology Ltd) HKLM\...\Run: [V0415Mon.exe] C:\Windows\V0415Mon.exe [28672 2008-08-06] (Creative Technology Ltd.) HKLM\...\Run: [CTxfiHlp] CTXFIHLP.EXE [x] HKLM\...\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s [57344 2009-01-29] (SlySoft, Inc.) HKLM\...\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe [479232 2005-07-15] (Google Inc.) HKU\Administrator\...\Run: [AdobeBridge] [x] HKU\Administrator\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2008-01-18] (Microsoft Corporation) HKU\Administrator\...\Run: [Akamai NetSession Interface] "C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe" [x] HKU\Administrator\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-18] (Microsoft Corporation) HKU\Administrator\...\Run: [Wisdom-soft ScreenHunter 6.0 Free] 0 [x] HKU\Administrator\...\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [ 2013-02-28] (Skype Technologies S.A.) HKU\Administrator\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [ 2013-01-08] (DT Soft Ltd) HKU\Administrator\...\Run: [Google Update] "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c [ 2009-02-25] (Google Inc.) HKU\Administrator\...\Run: [Zoom] [x] HKU\Administrator\...\Run: [Desktop Clock-7] "C:\Program Files\Desktop Clock-7\Desktop Clock-7.exe" -autorun -autorun -autorun -autorun -autorun -autorun -autorun -autorun -autorun -autorun -autorun -autorun -autorun -autorun -autorun -autorun -autorun -autorun -autorun -autorun -autorun -autorun -autorun [ 2012-02-19] () HKU\Administrator\...\Run: [ROC_ROC_APR2013_AV] C:\Users\Administrator\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 9bd91ced0236ddd956d8444368354257-9538cccb7c8d629332e6e6e5eb61d9704d36226a --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013 [x] HKU\Administrator\...\Run: [ctfmon.exe] C:\PROGRA~2\rundll32.exe C:\PROGRA~2\dowiriwi.dat,FG00 [ 2013-05-03] (Microsoft Corporation) Lsa: [Authentication Packages] msv1_0 C:\Windows\system32\byXRjiih Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk ShortcutTarget: msconfig.lnk -> C:\PROGRA~2\dowiriwi.dat () Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ScreenHunter 6.0 Pro.lnk ShortcutTarget: ScreenHunter 6.0 Pro.lnk -> C:\Program Files\Wisdom-soft ScreenHunter 6.0 Pro\ScreenHunter.exe (Wisdom Software Inc. ) Startup: C:\ProgramData\Start Menu\Programs\Startup\Belkin USB Wireless Adaptor Utility.lnk ShortcutTarget: Belkin USB Wireless Adaptor Utility.lnk -> C:\Program Files\Belkin\F7D4101\V1\PBN.exe () Startup: C:\ProgramData\Start Menu\Programs\Startup\Logitech SetPoint.lnk ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) Startup: C:\ProgramData\Start Menu\Programs\Startup\NETGEAR WG311T Smart Wizard.lnk ShortcutTarget: NETGEAR WG311T Smart Wizard.lnk -> C:\Program Files\NETGEAR\WG311T\wlancfg5.exe () BootExecute: autocheck autochk * lsdelete ========================== Services (Whitelisted) ================= S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [288112 2009-08-25] (Adobe Systems Incorporated) S2 Akamai; c:\program files\common files\akamai/netsession_win_ca0e279.dll [4561152 2013-03-25] (Akamai Technologies, Inc.) S2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4937264 2013-02-27] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [282624 2013-02-19] (AVG Technologies CZ, s.r.o.) S2 Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [112592 2010-01-22] (Threat Expert Ltd.) S3 Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-12-27] (Creative Labs) S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.) S2 gupdate1c992843baec50; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-19] (Google Inc.) S2 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [1181328 2010-02-04] (Lavasoft) S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] () S3 sdAuxService; C:\Program Files\Spyware Doctor\pctsAuxs.exe [366840 2010-03-11] (PC Tools) S3 sdCoreService; C:\Program Files\Spyware Doctor\pctsSvc.exe [1142224 2010-03-15] (PC Tools) S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation) S3 SSScsiSV; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation) S2 Winmgmt; C:\PROGRA~2\dowiriwi.dat [163840 2013-05-03] () S2 WLANBelkinService; C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe [36864 2009-12-28] () S2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x] S3 msiserver; %systemroot%\system32\msiexec /V [x] ==================== Drivers (Whitelisted) ==================== S3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) S3 AR5211; C:\Windows\System32\DRIVERS\WG311T13.sys [456768 2005-09-20] (Atheros Communications, Inc.) S1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12664 2006-10-18] () S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-02-26] (AVG Technologies CZ, s.r.o.) S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-02-08] (AVG Technologies CZ, s.r.o.) S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.) S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [170808 2013-02-08] (AVG Technologies CZ, s.r.o.) S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [245048 2013-02-08] (AVG Technologies CZ, s.r.o.) S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-02-08] (AVG Technologies CZ, s.r.o.) S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-02-08] (AVG Technologies CZ, s.r.o.) S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-02-14] (AVG Technologies CZ, s.r.o.) S3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [699896 2009-11-06] (Broadcom Corporation) S3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [98616 2007-03-05] (Creative Technology Ltd) S2 cpuz133; C:\Windows\system32\drivers\cpuz133_x32.sys [20968 2010-03-30] (Windows ® Win 7 DDK provider) S3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [552248 2007-03-05] (Creative Technology Ltd) S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [347144 2010-05-05] (Creative Technology Ltd) S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [174392 2007-03-05] (Creative Technology Ltd) S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [286520 2007-03-05] (Creative Technology Ltd) S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [134968 2007-03-05] (Creative Technology Ltd) S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [329528 2007-03-05] (Creative Technology Ltd) S3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [101176 2007-03-05] (Creative Technology Ltd) S3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [566584 2007-03-05] (Creative Technology Ltd) S3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-15] (SlySoft, Inc.) S1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24232 2009-02-17] (Elaborate Bytes AG) S3 GT680xNT; C:\Windows\System32\drivers\gt680x.sys [17376 2003-08-29] ( ) S3 Iviaspi; C:\Windows\System32\drivers\iviaspi.sys [10368 2005-09-20] (InterVideo, Inc.) S0 JGOGO; C:\Windows\System32\DRIVERS\JGOGO.sys [6912 2006-02-07] (JMicron ) S0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [43648 2006-10-29] (JMicron Technology Corp.) S0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2009-09-23] (Lavasoft AB) S3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [37392 2009-06-17] (Logitech, Inc.) S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-07-20] (ManyCam LLC) S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-05-03] (Malwarebytes Corporation) S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [22656 2013-01-31] (ManyCam LLC) S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-17] () S3 NCHSSVAD; C:\Windows\System32\drivers\nchssvad.sys [27136 2009-07-31] (NCH Swift Sound) S0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [218592 2010-03-29] (PC Tools) S0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45968 2011-11-03] (Rovi Corporation) S3 scvad_simple; C:\Windows\System32\drivers\SplitCamAudio.sys [18944 2012-03-27] (Windows ® Win 7 DDK provider) S0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-02-18] (Duplex Secure Ltd.) S3 V0415Vid; C:\Windows\System32\DRIVERS\V0415Vid.sys [286208 2009-08-03] (Creative Technology Ltd.) S3 VICAMUSB; C:\Windows\System32\drivers\vicamusb.sys [36104 1999-04-27] (Vista Imaging Incorporated) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x] S3 CT20XUT.DLL; \SystemRoot\System32\CT20XUT.DLL [x] S3 CTEXFIFX.DLL; \SystemRoot\System32\CTEXFIFX.DLL [x] S3 CTHWIUT.DLL; \SystemRoot\System32\CTHWIUT.DLL [x] S1 dlhudzhh; \??\C:\Windows\system32\drivers\dlhudzhh.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S1 ldeoydov; \??\C:\Windows\system32\drivers\ldeoydov.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-04 11:01 - 2013-05-04 11:01 - 00000000 ____D C:\FRST 2013-05-03 20:13 - 2013-05-03 21:46 - 00001539 ____A C:\Windows\setupact.log 2013-05-03 20:13 - 2013-05-03 20:13 - 00000000 ____A C:\Windows\setuperr.log 2013-05-03 17:41 - 2013-05-03 17:41 - 00002685 ____A C:\ProgramData\iwiriwod.js 2013-05-03 17:40 - 2013-05-03 17:40 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe 2013-05-03 10:36 - 2013-05-03 10:37 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys 2013-05-03 10:36 - 2013-05-03 10:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes 2013-05-03 10:36 - 2013-05-03 10:36 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-05-03 10:36 - 2013-05-03 10:36 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-05-03 10:36 - 2013-04-04 13:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-05-03 04:23 - 2013-05-03 21:45 - 95023320 ___AT C:\ProgramData\iwiriwod.pad 2013-05-03 04:23 - 2013-05-03 21:44 - 00000000 ____A C:\ProgramData\as98213.txt 2013-05-03 04:22 - 2013-05-03 04:22 - 00163840 ____A C:\Users\Administrator\5337881.dll 2013-05-03 04:22 - 2013-05-03 04:22 - 00163840 ____A C:\ProgramData\dowiriwi.dat 2013-05-01 08:25 - 2013-05-01 08:25 - 00000000 ____D C:\Program Files\Common Files\Skype 2013-04-11 22:10 - 2013-04-19 21:24 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-04-11 02:08 - 2013-02-21 19:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-04-11 02:08 - 2013-02-21 19:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-04-11 02:08 - 2013-02-21 19:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-04-11 02:07 - 2013-02-21 20:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-04-11 02:07 - 2013-02-21 19:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-04-11 02:07 - 2013-02-21 19:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-04-11 02:07 - 2013-02-21 19:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-04-11 02:07 - 2013-02-21 19:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-04-11 02:07 - 2013-02-21 19:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-04-11 02:07 - 2013-02-21 19:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-04-11 02:07 - 2013-02-21 19:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-04-11 02:07 - 2013-02-21 19:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-04-11 02:07 - 2013-02-21 19:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-04-11 02:07 - 2013-02-21 19:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-04-11 02:07 - 2013-02-21 19:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-04-11 02:07 - 2013-02-21 19:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-04-10 08:10 - 2013-03-11 05:25 - 03603816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2013-04-10 08:10 - 2013-03-11 05:25 - 03551080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-04-10 08:10 - 2013-03-08 19:45 - 00049152 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll 2013-04-10 08:10 - 2013-03-08 17:28 - 00064000 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe 2013-04-10 08:10 - 2013-03-07 19:53 - 00376320 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2013-04-10 08:10 - 2013-03-07 19:52 - 02067968 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll 2013-04-10 08:10 - 2013-03-04 17:40 - 02049024 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-04-10 08:10 - 2013-03-03 11:07 - 01082232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys ==================== One Month Modified Files and Folders ======== 2013-05-04 11:01 - 2013-05-04 11:01 - 00000000 ____D C:\FRST 2013-05-03 21:47 - 2006-11-02 05:01 - 00032648 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-05-03 21:47 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-03 21:47 - 2006-11-02 04:52 - 02049163 ____A C:\Windows\WindowsUpdate.log 2013-05-03 21:46 - 2013-05-03 20:13 - 00001539 ____A C:\Windows\setupact.log 2013-05-03 21:45 - 2013-05-03 04:23 - 95023320 ___AT C:\ProgramData\iwiriwod.pad 2013-05-03 21:45 - 2012-11-11 13:48 - 00000000 ____D C:\screencaps 2013-05-03 21:45 - 2010-03-26 22:19 - 00000000 ____D C:\Program Files\Common Files\Akamai 2013-05-03 21:44 - 2013-05-03 04:23 - 00000000 ____A C:\ProgramData\as98213.txt 2013-05-03 21:44 - 2009-07-27 15:38 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-03 21:44 - 2009-02-15 22:56 - 00079062 ____A C:\aaw7boot.log 2013-05-03 21:44 - 2006-11-02 04:47 - 00004048 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-03 21:44 - 2006-11-02 04:47 - 00004048 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-03 20:13 - 2013-05-03 20:13 - 00000000 ____A C:\Windows\setuperr.log 2013-05-03 19:22 - 2009-02-07 17:34 - 00001356 ____A C:\Users\Administrator\AppData\Local\d3d9caps.dat 2013-05-03 19:19 - 2012-07-05 19:18 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype 2013-05-03 18:34 - 2009-07-27 19:56 - 00000940 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1094072716-3345856192-3952908105-500UA.job 2013-05-03 17:53 - 2012-07-10 00:37 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-03 17:53 - 2009-07-27 15:38 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-03 17:41 - 2013-05-03 17:41 - 00002685 ____A C:\ProgramData\iwiriwod.js 2013-05-03 17:40 - 2013-05-03 17:40 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe 2013-05-03 17:40 - 2009-02-07 02:29 - 00824680 ____A C:\Windows\PFRO.log 2013-05-03 17:39 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\twain_32 2013-05-03 16:03 - 2012-07-06 08:36 - 00000000 ____D C:\ProgramData\MFAData 2013-05-03 12:40 - 2012-08-15 03:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\vlc 2013-05-03 10:37 - 2013-05-03 10:36 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys 2013-05-03 10:36 - 2013-05-03 10:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes 2013-05-03 10:36 - 2013-05-03 10:36 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-05-03 10:36 - 2013-05-03 10:36 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-05-03 10:17 - 2009-02-09 16:23 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Azureus 2013-05-03 10:06 - 2009-02-09 16:15 - 00101376 ____A C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-05-03 08:53 - 2012-07-12 17:15 - 00000000 ____D C:\images 2013-05-03 04:22 - 2013-05-03 04:22 - 00163840 ____A C:\Users\Administrator\5337881.dll 2013-05-03 04:22 - 2013-05-03 04:22 - 00163840 ____A C:\ProgramData\dowiriwi.dat 2013-05-03 04:22 - 2009-02-07 17:34 - 00000000 ____D C:\users\Administrator 2013-05-03 00:34 - 2009-07-27 19:56 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1094072716-3345856192-3952908105-500Core.job 2013-05-02 15:30 - 2013-02-13 09:28 - 00000477 ____A C:\new 2 2013-05-02 15:29 - 2013-02-28 15:25 - 00000155 ____A C:\vagina 2013-05-01 23:17 - 2006-11-02 02:33 - 00716862 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-01 18:24 - 2009-07-27 15:49 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla 2013-05-01 08:25 - 2013-05-01 08:25 - 00000000 ____D C:\Program Files\Common Files\Skype 2013-05-01 08:25 - 2013-02-14 03:58 - 00000000 ___RD C:\Program Files\Skype 2013-05-01 08:25 - 2012-07-05 19:18 - 00000000 ____D C:\ProgramData\Skype 2013-05-01 07:29 - 2012-07-08 09:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\FileZilla 2013-04-27 17:59 - 2013-03-02 04:27 - 00000000 ____D C:\Program Files\Origin 2013-04-21 02:31 - 2013-02-05 17:22 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-04-19 21:24 - 2013-04-11 22:10 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-04-11 02:33 - 2006-11-02 04:47 - 03823784 ____A C:\Windows\System32\FNTCACHE.DAT 2013-04-11 02:09 - 2009-07-31 20:49 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-04-11 02:02 - 2006-11-02 02:24 - 70490256 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2013-04-04 15:23 - 2010-06-15 00:57 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\dvdcss 2013-04-04 13:50 - 2013-05-03 10:36 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-04-04 08:57 - 2012-09-28 18:20 - 00000802 ____A C:\Users\Public\Desktop\AVG 2013.lnk Other Malware: =========== C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\\msconfig.lnk ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 16% Total physical RAM: 3006.56 MB Available physical RAM: 2510.73 MB Total Pagefile: 2792.66 MB Available Pagefile: 2642.93 MB Total Virtual: 2047.88 MB Available Virtual: 1975.72 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:284.02 GB) (Free:30.89 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (New Volume) (Fixed) (Total:97.66 GB) (Free:0.47 GB) NTFS Drive e: (New Volume) (Fixed) (Total:84.09 GB) (Free:0.72 GB) NTFS Drive f: (DEADLIKEME_S1D1) (CDROM) (Total:7.22 GB) (Free:0 GB) UDF Drive h: () (Removable) (Total:14.53 GB) (Free:14.32 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 466 GB 1017 KB Disk 1 Online 15 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 284 GB 1024 KB Partition 2 Primary 98 GB 284 GB Partition 3 Primary 84 GB 382 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C NTFS Partition 284 GB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 D New Volume NTFS Partition 98 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 E New Volume NTFS Partition 84 GB Healthy ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 15 GB 4032 KB ================================================================================== Disk: 1 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 0 H NTFS Removable 15 GB Healthy ========================================================= ============================== MBR & Partition Table ================== ==================================================================== Disk: 0 (MBR Code: Windows Vista) (Size: 466 GB) (Disk ID: 11CCB566) Partition 1: (Active) - (Size=284 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=98 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=84 GB) - (Type=07 NTFS) ==================================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=15 GB) - (Type=07 NTFS) Last Boot: 2013-05-03 20:04 ==================== End Of Log ============================

Whoops. I am sorry. I am using 32-bit Vista (home premium).

Thanks for the help. Ran into a quick roadblock. When I went into Advanced Boot Options, Repair Your Computer was not an option. I have: Safe Mode Safe Mode w/ network Safe Mode w/ command prompt Enable boot logging Enable low-resolution video (640X480) Last Known Good Config (advanced) Directory service restore mode Debugging mode Disable automatic restart on system failure Disable driver signature enforcement Start Windows normally ----------------- I did copy farbar to a flash drive and it is plugged into a port (and the PC does detect it when the BIOS loads). When I first do the F8 to enter advanced boot, before I am at the advanced screen, I do get a popup prompt asking me what drive I want to boot from, and the flash drive is an option. If I choose that, it does ask me what OS I want to load, but I never tried to select it.

I just recently got back on-line after an extended medical problem and immediately either something I did or something someone else did while I was away has ended up with me having a computer locked by what appears to be this particularly nasty virus. using ctrl-alt-del, I was able to restart, and then cancel the restart, which allowed me to run malwarebytes (and a couple other antivirus programs), but this didn't solve the problem. In fact, the only thing that running it did was make it so even the aborting of a reset workaround not work anymore. And it wont' even let me start in safe mode, either. So, as others have done, I turn to you, asking for assistance in this problem. Thanks.