infected with PUM.Hijack.StartMenu

[Maniac]

Yes, you did. Is it available at Add or Remove Programs list? If not, could have some leftovers.

[AlphaBeta]

Ad-Aware Antivirus (10.5.2.4379) is on the "Uninstall or Change a program list. It shows a size of 38.5MB.

Ad-Aware Security Add-on (2.5.0.6) is also on the list. The size field is blank.

Both have an installed on date of 3/26/2013

[Maniac]

Please uninstall both of them.

[AlphaBeta]

Hello,

Read your post. I first tried to uninstall Ad-Aware Antivirus. I received this error message:

Ad-Aware Antivirus Installer Information

Error 1772. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action UnRegister64bitProxy.Stub.6C2C1262_EACB_455A_...

I clicked the only option which was cancel and the installer reported performing a rollback and that it has left the system unmodified. I clicked on FINISHED. Another message: Fatal error during installation.

Trying now to uninstall the Ad-Aware Security Add-on. I got this:

An error occurred while trying to uninstall Ad-Aware Security Add-on. It may have already been uninstalled. Would you like to remove Ad-Aware Security Add-on from the Programs and Features list?

I clicked on the NO button (I selected TO NOT REMOVE it from this list).

AlphaBeta

[Maniac]

Please try again and this time choose Yes.

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
    

[AlphaBeta]

Read your post. Thanks. I will do this.

AlphaBeta

[AlphaBeta]

OTL logfile created on: 4/13/2013 12:37:26 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16540)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.78 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 62.18% Memory free

5.57 Gb Paging File | 4.43 Gb Available in Paging File | 79.58% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 119.24 Gb Total Space | 77.47 Gb Free Space | 64.97% Space Free | Partition Type: NTFS

Drive D: | 153.85 Gb Total Space | 153.64 Gb Free Space | 99.86% Space Free | Partition Type: NTFS

Drive F: | 3.73 Gb Total Space | 3.52 Gb Free Space | 94.36% Space Free | Partition Type: FAT32

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/13 12:30:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2011/07/10 10:23:52 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe

PRC - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

PRC - [2011/02/11 14:40:00 | 000,997,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

PRC - [2011/02/11 14:39:58 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

PRC - [2011/02/11 14:39:54 | 000,985,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe

PRC - [2011/02/11 14:39:54 | 000,907,600 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

PRC - [2011/02/01 15:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2011/02/01 15:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2011/01/25 13:32:28 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

PRC - [2010/10/07 16:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

PRC - [2010/09/23 18:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

PRC - [2010/08/17 16:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

PRC - [2010/07/10 00:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe

PRC - [2009/12/15 12:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

PRC - [2009/11/02 16:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

PRC - [2009/07/31 10:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

PRC - [2009/06/19 12:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

PRC - [2009/06/19 12:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

PRC - [2009/06/15 19:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

PRC - [2008/12/22 19:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

PRC - [2008/08/13 23:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

========== Modules (No Company Name) ==========

MOD - [2010/09/23 18:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

MOD - [2009/11/02 16:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

MOD - [2009/11/02 16:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll

========== Services (SafeList) ==========

SRV:64bit: - [2011/03/22 03:10:26 | 001,136,128 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)

SRV:64bit: - [2011/02/23 22:20:56 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)

SRV:64bit: - [2011/02/04 18:34:20 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV:64bit: - [2011/02/04 18:24:24 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV:64bit: - [2011/02/04 18:19:50 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV:64bit: - [2011/01/25 16:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)

SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2013/03/13 12:02:44 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2011/03/01 23:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)

SRV - [2011/02/11 14:40:00 | 000,997,712 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)

SRV - [2011/02/11 14:39:58 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)

SRV - [2011/02/11 14:39:54 | 000,907,600 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)

SRV - [2011/02/01 15:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2011/02/01 15:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [On_Demand | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/12/15 12:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)

SRV - [2009/06/15 19:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/26 11:18:08 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)

DRV:64bit: - [2013/02/11 12:28:41 | 000,038,456 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiark.sys -- (gfiark)

DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/09/12 20:19:38 | 000,082,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/09/04 22:50:49 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)

DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2011/03/24 08:47:04 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)

DRV:64bit: - [2011/03/24 08:47:02 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)

DRV:64bit: - [2011/03/24 08:47:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)

DRV:64bit: - [2011/03/22 03:04:08 | 000,261,632 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)

DRV:64bit: - [2011/03/22 03:04:08 | 000,261,632 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)

DRV:64bit: - [2011/03/18 00:36:18 | 000,074,840 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/06 07:52:22 | 012,264,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/02/24 13:40:20 | 008,591,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)

DRV:64bit: - [2011/01/24 04:24:52 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)

DRV:64bit: - [2011/01/24 04:22:48 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)

DRV:64bit: - [2011/01/24 03:56:06 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)

DRV:64bit: - [2010/12/31 05:30:10 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)

DRV:64bit: - [2010/11/20 08:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 06:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 06:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/11/05 10:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010/10/14 11:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2010/09/23 02:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2010/08/24 04:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)

DRV:64bit: - [2010/06/09 16:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)

DRV:64bit: - [2010/06/09 16:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)

DRV:64bit: - [2010/04/22 18:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)

DRV:64bit: - [2009/11/02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)

DRV:64bit: - [2009/10/04 20:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009/07/20 04:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/06/10 15:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2008/05/23 19:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV - [2010/07/26 15:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/07/02 19:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-48190698-1470970319-3138362171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-48190698-1470970319-3138362171-1000\..\URLSearchHook: - No CLSID value found

IE - HKU\S-1-5-21-48190698-1470970319-3138362171-1000\..\SearchScopes,DefaultScope = {212EDA3D-1754-44C9-9159-51419C16D610}

IE - HKU\S-1-5-21-48190698-1470970319-3138362171-1000\..\SearchScopes\{212EDA3D-1754-44C9-9159-51419C16D610}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7ASUT_enUS456

IE - HKU\S-1-5-21-48190698-1470970319-3138362171-1000\..\SearchScopes\{4A346C9F-8C14-4847-ACCE-7B1641316203}: "URL" = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}

IE - HKU\S-1-5-21-48190698-1470970319-3138362171-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-48190698-1470970319-3138362171-1000\..\SearchScopes\{D0A22B04-B1B8-4D66-946C-9472F34403B7}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=13217E14-0DDB-4B50-9BB8-2A33B462FF0D&apn_sauid=A3445E82-2581-41A1-A3B7-CF14B219D498

IE - HKU\S-1-5-21-48190698-1470970319-3138362171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\npEpicPlayDisplayHost: C:\Program Files (x86)\EpicPlay\npEpicHost.dll ( )

FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru [2011/09/05 10:29:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru [2011/09/05 10:29:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M]

[2011/10/31 11:42:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2013/04/09 13:01:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll File not found

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKU\S-1-5-21-48190698-1470970319-3138362171-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)

O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)

O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [setwallpaper] c:\programdata\SetWallpaper.cmd File not found

O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)

O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)

O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)

O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)

O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)

O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)

O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()

O4 - HKU\S-1-5-21-48190698-1470970319-3138362171-1000..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-48190698-1470970319-3138362171-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-48190698-1470970319-3138362171-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0

O7 - HKU\S-1-5-21-48190698-1470970319-3138362171-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O7 - HKU\S-1-5-21-48190698-1470970319-3138362171-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)

O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)

O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)

O13 - gopher Prefix: missing

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{045A4881-F62C-46CD-9535-06E3F8B43193}: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CD8EF6B-5C89-423A-9D05-F5A3FA384961}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/13 12:33:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

[2013/04/11 05:03:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2013/04/09 13:06:06 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013/04/09 13:01:44 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2013/04/08 16:53:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013/04/08 16:53:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013/04/08 16:53:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013/04/08 16:53:02 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/04/08 16:52:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/04/08 16:51:23 | 005,048,663 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe

[2013/04/07 17:53:04 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.com

[2013/04/07 16:53:58 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe

[2013/04/06 15:15:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\adawarebp

[2013/04/06 13:58:20 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013/04/06 13:57:38 | 000,551,587 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Owner\Desktop\JRT.exe

[2013/04/06 13:55:35 | 000,000,000 | ---D | C] -- C:\JRT

[2013/04/06 13:48:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\mitch-malware-diags--4-6-13

[2013/04/04 19:37:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes

[2013/04/04 19:28:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/04/04 19:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/04/04 19:28:09 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013/04/04 19:28:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013/04/04 19:27:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Programs

[2013/03/26 12:51:02 | 000,038,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfiark.sys

[2013/03/26 11:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus

[2013/03/26 11:23:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner

[2013/03/26 11:18:08 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys

========== Files - Modified Within 30 Days ==========

[2013/04/13 12:34:18 | 000,741,824 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/04/13 12:34:18 | 000,635,824 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/04/13 12:34:18 | 000,110,508 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/04/13 12:30:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

[2013/04/13 12:29:11 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/04/13 12:29:11 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/04/13 12:23:11 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/04/13 12:22:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/04/13 12:21:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/04/13 12:21:31 | 2241,503,232 | -HS- | M] () -- C:\hiberfil.sys

[2013/04/12 19:02:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/04/12 08:01:22 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe

[2013/04/11 14:26:25 | 000,418,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/04/09 13:01:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013/04/09 12:49:00 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk

[2013/04/08 14:41:22 | 005,048,663 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe

[2013/04/07 17:50:42 | 000,000,512 | ---- | M] () -- C:\Users\Owner\Desktop\MBR.dat

[2013/04/06 14:14:32 | 000,000,936 | ---- | M] () -- C:\Users\Owner\Desktop\Videos - Shortcut.lnk

[2013/04/06 13:44:14 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe

[2013/04/06 13:42:32 | 016,218,792 | ---- | M] () -- C:\Users\Owner\Desktop\OPSWATAppRemover.exe

[2013/04/06 13:41:38 | 000,551,587 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Owner\Desktop\JRT.exe

[2013/04/06 10:22:18 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.com

[2013/04/05 03:29:05 | 000,001,435 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini

[2013/04/05 03:03:59 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf

[2013/04/05 03:03:55 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf

[2013/04/04 19:28:15 | 000,001,135 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

[2013/04/04 19:28:15 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/03/26 11:48:53 | 000,002,236 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini

[2013/03/26 11:18:08 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys

========== Files Created - No Company Name ==========

[2013/04/08 16:53:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/04/08 16:53:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/04/08 16:53:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/04/08 16:53:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/04/08 16:53:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/04/07 17:50:42 | 000,000,512 | ---- | C] () -- C:\Users\Owner\Desktop\MBR.dat

[2013/04/06 14:20:07 | 016,218,792 | ---- | C] () -- C:\Users\Owner\Desktop\OPSWATAppRemover.exe

[2013/04/06 14:18:11 | 000,000,936 | ---- | C] () -- C:\Users\Owner\Desktop\Videos - Shortcut.lnk

[2013/04/05 03:03:59 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf

[2013/04/05 03:03:55 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf

[2013/04/04 19:28:15 | 000,001,135 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

[2013/04/04 19:28:15 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/03/26 11:23:59 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk

[2012/11/27 13:51:59 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini

[2011/09/07 15:12:15 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat

[2011/05/08 22:28:03 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2011/05/08 22:27:58 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2011/05/08 22:27:56 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/04/01 23:35:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Zeon

[2011/09/08 09:32:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ASUS WebStorage

[2011/09/07 15:19:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Exent Technologies

[2012/03/07 11:59:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Friday's games

[2012/03/19 15:34:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Kareo

[2011/09/16 11:18:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Meridian93

[2011/09/08 10:30:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Nuance

[2011/12/07 15:56:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PlayFirst

[2011/09/08 10:30:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Zeon

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 4/13/2013 12:37:26 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16540)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.78 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 62.18% Memory free

5.57 Gb Paging File | 4.43 Gb Available in Paging File | 79.58% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 119.24 Gb Total Space | 77.47 Gb Free Space | 64.97% Space Free | Partition Type: NTFS

Drive D: | 153.85 Gb Total Space | 153.64 Gb Free Space | 99.86% Space Free | Partition Type: NTFS

Drive F: | 3.73 Gb Total Space | 3.52 Gb Free Space | 94.36% Space Free | Partition Type: FAT32

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{06CFE5E3-9F04-4C5B-B154-CB7AE51EEC3F}" = lport=137 | protocol=17 | dir=in | app=system |

"{0A157D26-DD84-4746-BBD5-3182064976D1}" = rport=445 | protocol=6 | dir=out | app=system |

"{1A165FF4-80F7-488F-A0ED-2A89D740AF12}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{1F71B767-DB1F-40FF-A821-5AFF535E2342}" = lport=10243 | protocol=6 | dir=in | app=system |

"{24A45736-8D91-4390-92EB-F245B2EBA7F6}" = lport=2869 | protocol=6 | dir=in | app=system |

"{2CE2C232-DEBE-48D9-BAB6-AFF70DA911C3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{32CA6032-93C4-4472-A793-FC6A795651DE}" = lport=5353 | protocol=17 | dir=in | name=java platform se binary |

"{3E30A90F-F576-4EC9-AAF8-828C00A5AFAB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{4258F1F5-393F-4D3A-B8A7-1D238FCCF497}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{5D79835F-A7D0-4627-83AE-0610D497366A}" = lport=139 | protocol=6 | dir=in | app=system |

"{60BBE462-786C-434F-A011-AA54694826DD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{6DE5F35E-5978-4612-9A5A-9159501F73A2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

"{7FBC3878-8C57-47D3-AA22-D84EE51E36E0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{86315A17-DE80-44ED-9DB5-8C8C466070A4}" = lport=8182 | protocol=6 | dir=in | name=java platform se binary |

"{8E3114F2-F22A-42D6-B3AA-64559C87257D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{90F4D3B8-9B57-49D3-9FEB-F5AE37E9518C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{9E84C207-02FD-4778-8B86-366029344DA4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{B1F58728-252B-455B-B3E3-B032FB298CD3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{B57CA411-5D35-4ABF-88DA-E744DEAE0019}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{B8AA31FB-15CE-4B5F-94B6-CE022E4111A4}" = rport=139 | protocol=6 | dir=out | app=system |

"{BBE57015-0834-4F03-AB52-7572282CFAD7}" = rport=10243 | protocol=6 | dir=out | app=system |

"{C596342B-8615-4764-8F1F-42FE2B9A4E23}" = rport=137 | protocol=17 | dir=out | app=system |

"{D84246DE-88C0-4FF6-8EC7-8DCFA7D6D0FA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{E4F86FD1-E4FE-4CDD-A69E-97954E468395}" = lport=445 | protocol=6 | dir=in | app=system |

"{E7A56822-7579-480B-906D-02BD94A075F6}" = rport=138 | protocol=17 | dir=out | app=system |

"{F48B9323-AEF5-4EB4-B41C-4D7A386F4672}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{2B0A300F-2FA9-4EE6-98F0-44D93A1F0EB4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{2CF89BD0-7F03-4B6A-B4AF-48243BBBAF75}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe |

"{507C5431-9CB4-4398-A270-86FDD41BE064}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |

"{53397BBE-E921-4796-8E3C-BED56B080943}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |

"{5AC0EC9B-005B-42C7-9A47-AA59EDA9BCB9}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |

"{5DF1E85D-416F-4D22-B9DA-FC6C3E21C1B7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{6CFFEEBF-8981-499E-9AEE-D7655F4C9128}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{6DD5D60F-27E4-4086-9B83-B59B85623944}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{753D4197-7EC4-46E1-9D57-56C3D6A1ABB3}" = protocol=6 | dir=out | app=system |

"{791077C2-119B-483E-ACC9-A0ED846C0768}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{8C8A69AA-4DCB-4274-82D9-1405B42BF093}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe |

"{8D87F61C-4672-4A89-817A-293D824A9F27}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{8EBBD080-87DD-4E0A-A7E9-B3C05DE66AC4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{92073BDA-A4E2-412B-BA3E-2878833E0A5C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{939D3F45-D1D6-420A-B738-6E77946B62F9}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |

"{959A9CC6-EB46-4B51-B7A9-034DB1EF8811}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{A012AD0D-F871-45E1-922B-067438B7A5EF}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |

"{AF125071-7D6D-4307-B781-B3D71B832B4D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{B0F1D659-CA16-4F8F-981C-B5DB58232C74}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{BBF30AD4-7CB9-43E4-BE24-283D1F6FBD2E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{BC811A0E-2A63-4C19-8D68-F43040EB5067}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{BE21EC8A-E891-43ED-B661-661E6ECB3392}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{C612397A-D5AE-4D1A-9882-1F54724ED905}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{C6D03BFC-C570-4352-A264-08AD6A5D1865}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{C9EDE084-DAE5-41E6-808F-518B333F7FF2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{CA73471C-E270-46FA-8904-3A4F55A2BD3C}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |

"{CB9DD92F-FC34-4B04-9BC5-1DFC9503A1FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{D521FBDC-2607-483D-8666-C3BE9946170F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{D66B0E39-DF24-439B-8BCA-264D3A45F356}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{DD2EE3F4-EFD3-47B6-B77E-3C17DB2D1055}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |

"{DDCA8FB7-F828-4510-BF66-982FBCC0E543}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |

"{DE4B055F-A8EB-4257-9E61-B9A3EDD35705}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{E6B0EF51-00A0-4BC8-8249-D6D366A96D6E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{EB941928-C6B8-4DE7-9418-921C4B312753}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"TCP Query User{9D77BF49-0CAE-470E-89FC-71603F0F77BF}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |

"UDP Query User{447B1484-EE80-41F1-88D0-B543FDCA9360}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0308919C-E317-4293-8D3C-97EF307BCDBC}" = HP Officejet Pro 8500 A910 Product Improvement Study

"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot

"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources

"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources

"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety

"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display

"{2D5E3D2B-919F-407C-8757-E64827518BB6}" = HP Officejet Pro 8600 Basic Device Software

"{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety

"{401C50F6-B443-43EE-8F27-A80DB19B03FD}" = Windows Live Family Safety

"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety

"{48B261AB-E622-435F-BADD-CE585AE58BC7}" = ScrewDrivers Client v4 x64 (rdp only)

"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{794E5C90-96E5-4413-B3F5-C803205AE30C}" = Intel® PROSet/Wireless WiFi Software

"{821B4CA1-D404-4CCA-AEA4-C7D3F40841B1}" = Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{911519EB-BD75-4B3B-BD17-BA3747C9B854}" = Windows Live Family Safety

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid

"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources

"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources

"{C7B40C35-85AE-4303-9EEA-1A1EA779664D}" = Intel® PROSet/Wireless Software for Bluetooth® Technology

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{EE7C94CC-BECB-4000-B5E3-D895307B9D5E}" = HP Officejet Pro 8500 A910 Basic Device Software

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F792E5B0-11C4-4C68-8A63-FB5F52749180}" = HP Officejet Pro 8600 Product Improvement Study

"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources

"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety

"Elantech" = ETDWare PS/2-X64 8.0.5.1_WHQL

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2

"ProInst" = Intel PROSet Wireless

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common

"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包

"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas

"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack

"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology

"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail

"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live

"{124CA4D3-B532-4D1F-98C4-E8035DB39E2F}" = Microsoft Store Download Manager

"{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3

"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3

"{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{25680C01-6753-4FE9-A891-7857F26457C1}" = Intel® WiDi

"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail

"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java 6 Update 30

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common

"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger

"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player

"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart

"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh

"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE

"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{352DD60D-301E-4657-8263-1F4AAE686644}" = Report Master 600

"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack

"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common

"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery

"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"{4555BB9E-E715-4260-A178-E8EFD2B653E3}" = Alcor Micro USB Card Reader

"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live

"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger

"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack

"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh

"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker

"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger

"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項

"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources

"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger

"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011

"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker

"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources

"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail

"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack

"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh

"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库

"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh

"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update

"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Help

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail

"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)

"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader

"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials

"{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}" = HP Officejet Pro 8600 Help

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C7C5AE33-9030-4603-8138-2CD6192E447C}" = Kareo

"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common

"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas

"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer

"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources

"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera

"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心

"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集

"{F075020E-43B2-4F2C-9723-C81CE162E7B6}" = Ad-Aware Antivirus

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{F992409C-9D10-4AE2-BAEB-B5409AD3785E}" = 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文)

"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"A_Free_Ride_Games_Bar Toolbar" = A Free Ride Games Bar Toolbar

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AmUStor" = Alcor Micro USB Card Reader

"Asus Vibe2.0" = AsusVibe2.0

"ASUS WebStorage" = ASUS WebStorage

"AsusScr_K3 Series_ENG" = AsusScr_K3 Series_ENG

"EpicPlay" = EpicPlay

"ESET Online Scanner" = ESET Online Scanner v3

"Google Chrome" = Google Chrome

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"InstallShield_{C7C5AE33-9030-4603-8138-2CD6192E447C}" = Kareo

"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-48190698-1470970319-3138362171-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"JoinMe" = join.me

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 4/11/2013 7:35:01 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Program Files (x86)\ESET\ESET

Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line

. A component version required by the application conflicts with another component

version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 4/11/2013 10:50:24 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "c:\program files (x86)\ESET\eset

online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line

. A component version required by the application conflicts with another component

version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 4/12/2013 9:35:34 AM | Computer Name = Owner-PC | Source = MsiInstaller | ID = 11722

Description =

Error - 4/12/2013 10:11:14 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "c:\program files (x86)\ESET\eset

online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line

. A component version required by the application conflicts with another component

version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 4/13/2013 1:36:07 PM | Computer Name = Owner-PC | Source = MsiInstaller | ID = 11722

Description =

[ System Events ]

Error - 4/11/2013 5:39:06 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000

Description = The X5XSEx service failed to start due to the following error: %%3

Error - 4/11/2013 5:40:01 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10016

Description =

Error - 4/11/2013 3:26:42 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000

Description = The X5XSEx service failed to start due to the following error: %%3

Error - 4/11/2013 3:27:57 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10016

Description =

Error - 4/11/2013 4:05:08 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000

Description = The X5XSEx service failed to start due to the following error: %%3

Error - 4/11/2013 4:06:04 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10016

Description =

Error - 4/12/2013 9:01:23 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000

Description = The X5XSEx service failed to start due to the following error: %%3

Error - 4/12/2013 9:02:19 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10016

Description =

Error - 4/13/2013 1:22:00 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000

Description = The X5XSEx service failed to start due to the following error: %%3

Error - 4/13/2013 1:23:01 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10016

Description =

< End of report >

[Maniac]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

  :OTL
  IE - HKU\S-1-5-21-48190698-1470970319-3138362171-1000\..\SearchScopes\{D0A22B04-B1B8-4D66-946C-9472F34403B7}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=13217E14-0DDB-4B50-9BB8-2A33B462FF0D&apn_sauid=A3445E82-2581-41A1-A3B7-CF14B219D498
  [2013/04/06 15:15:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\adawarebp
  [2013/03/26 11:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
  [2013/04/09 12:49:00 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
  :files
  c:\program files (x86)\adawaretb
  :reg
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
  "{507C5431-9CB4-4398-A270-86FDD41BE064}" =-
  "{5AC0EC9B-005B-42C7-9A47-AA59EDA9BCB9}" =-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
  "{F075020E-43B2-4F2C-9723-C81CE162E7B6}" =-
  :files
  ipconfig /flushdns /c
  :Commands
  [emptytemp]
  [clearallrestorepoints]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
  
• Please post the OTL fix log in your next reply.
  

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

[AlphaBeta]

I read your post. I am doing this. Thanks.

[AlphaBeta]

I've been keeping the laptop off the net whenever possible. I copied the text from your post into a text editor on my linux machine. I noticed the full URL address for the hotlink to websearch,ask.com did not of course get included since I was using a text editor. So I copied the text for the link (as you can see below) and pasted it in where the full URL I presumed was intended to be. One other data point: I noticed that the copy and paste process removed all the line breaks by the time your quote was pasted into OTL custom fix. I do notice that the text I have returned below from OTL does has line breaks. Did I do something wrong?

Here's what I got. It's the entire content from the only file that is in c:\_OTL\MovedFiles .

It is named: 04132013_180825.log

There is a correspondingly named subfolder in this folder but it is empty.

All processes killed

Error: Unable to interpret <:OTL

IE - HKU\S-1-5-21-48190698-1470970319-3138362171-1000\..\SearchScopes\{D0A22B04-B1B8-4D66-946C-9472F34403B7}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=13217E14-0DDB-4B50-9BB8-2A33B462FF0D&apn_sauid=A3445E82-2581-41A1-A3B7-CF14B219D498

[2013/04/06 15:15:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\adawarebp

[2013/03/26 11:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus

[2013/04/09 12:49:00 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk

:files

c:\program files (x86)\adawaretb

:reg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{507C5431-9CB4-4398-A270-86FDD41BE064}" =-

"{5AC0EC9B-005B-42C7-9A47-AA59EDA9BCB9}" =-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{F075020E-43B2-4F2C-9723-C81CE162E7B6}" =-

:file> in the current context!

Error: Unable to interpret <s

ipconfig /flushdns /c

:Commands

[emptytemp]

[clearallrestorepoints]

> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 04132013_180825

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Maniac]

The script did not work. Please try again and make sure that looks like the same as this:

:OTL

IE - HKU\S-1-5-21-48190698-1470970319-3138362171-1000\..\SearchScopes\{D0A22B04-B1B8-4D66-946C-9472F34403B7}: "URL" = http://websearch.ask...B7-CF14B219D498

[2013/04/06 15:15:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\adawarebp

[2013/03/26 11:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus

[2013/04/09 12:49:00 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk

:files

c:\program files (x86)\adawaretb

:reg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{507C5431-9CB4-4398-A270-86FDD41BE064}" =-

"{5AC0EC9B-005B-42C7-9A47-AA59EDA9BCB9}" =-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{F075020E-43B2-4F2C-9723-C81CE162E7B6}" =-

:files

ipconfig /flushdns /c

:Commands

[emptytemp]

[clearallrestorepoints]

[AlphaBeta]

I manually re-created the line breaks to match the text as displayed in the post. This time it apears that it worked. I saw no error messages. The content of the file 04132013_190240.log is below:

All processes killed

========== OTL ==========

Registry key HKEY_USERS\S-1-5-21-48190698-1470970319-3138362171-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D0A22B04-B1B8-4D66-946C-9472F34403B7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0A22B04-B1B8-4D66-946C-9472F34403B7}\ not found.

C:\Users\Owner\AppData\Local\adawarebp\data folder moved successfully.

C:\Users\Owner\AppData\Local\adawarebp folder moved successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus folder moved successfully.

C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk moved successfully.

========== FILES ==========

File\Folder c:\program files (x86)\adawaretb not found.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{507C5431-9CB4-4398-A270-86FDD41BE064} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{507C5431-9CB4-4398-A270-86FDD41BE064}\ not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5AC0EC9B-005B-42C7-9A47-AA59EDA9BCB9} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AC0EC9B-005B-42C7-9A47-AA59EDA9BCB9}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{F075020E-43B2-4F2C-9723-C81CE162E7B6} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F075020E-43B2-4F2C-9723-C81CE162E7B6}\ not found.

========== FILES ==========

< ipconfig /flushdns /c

>

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Owner\Desktop\cmd.bat deleted successfully.

C:\Users\Owner\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Owner

->Temp folder emptied: 3195361 bytes

->Temporary Internet Files folder emptied: 76302340 bytes

->Java cache emptied: 20220651 bytes

->Flash cache emptied: 101665 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 40980 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67758 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 95.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 04132013_190240

Files\Folders moved on Reboot...

C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Maniac]

How are things now?

[AlphaBeta]

I tried the same action that elicited the Windows alert before: I did a right-click on a file. The Windows Alert showed up informing me that Windows installer is doing something unless I hit cancel. I hit cancel. I couldn't make out what it reported any more than that. I did the right-click again and this time the right-click menu showed up. This sequence of "appearing to operate normally" once I cancel the install is what happened before.

I restarted Windows. I did the right-click on a file action and the Windows alert appeared. I was very careful to read as much of what appeared before I clicked cancel. It appears to have said: Windows was preparing to configure Ad-Aware Antivirus.

[Maniac]

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

• 
  
• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  :folderfind
  *aware*
  
  :regfind
  aware

  
  

• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

[AlphaBeta]

I ran SystemLook.exe with the settings in your post. Here's the log:

SystemLook 30.07.11 by jpshortstuff

Log created at 04:50 on 14/04/2013 by Owner

Administrator - Elevation successful

========== folderfind ==========

Searching for "*aware*"

C:\Qoobox\Quarantine\C\Program Files (x86)\Ad-Aware Antivirus d------ [17:58 09/04/2013]

C:\Qoobox\Quarantine\C\ProgramData\Ad-Aware Antivirus d------ [17:58 09/04/2013]

C:\Qoobox\Quarantine\C\ProgramData\Ad-Aware Browsing Protection d------ [17:58 09/04/2013]

C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Ad-Aware Antivirus d------ [17:59 09/04/2013]

C:\_OTL\MovedFiles\04132013_190240\C_ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus d------ [16:23 26/03/2013]

C:\_OTL\MovedFiles\04132013_190240\C_Users\Owner\AppData\Local\adawarebp d------ [20:15 06/04/2013]

========== regfind ==========

Searching for "aware"

[HKEY_CURRENT_USER\S-1-5-21-48190698-1470970319-3138362171-1000\Software\adawaretb]

[HKEY_CURRENT_USER\Software\Ad-Aware Search Protection]

[HKEY_CURRENT_USER\Software\Ad-Aware Search Protection]

"Name"="Ad-Aware Search Protection"

[HKEY_CURRENT_USER\Software\AppDataLow\Software\adawarebp]

[HKEY_CURRENT_USER\Software\AppDataLow\Software\adawaretb]

[HKEY_CURRENT_USER\Software\AppDataLow\Software\adawaretb]

"AutoSearchURL"="http://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=url&toolbarid=adawaretb&u=A2CCD136EC282C66B38E185151CB68B6&q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness]

[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]

"C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe"="Ad-Aware Antivirus Launcher"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AdAware.AdAwareApplication]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AdAware.AdAwareApplication]

@="AdAwareApplication Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AdAware.AdAwareApplication\CurVer]

@="AdAware.AdAwareApplication.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AdAware.AdAwareApplication.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AdAware.AdAwareApplication.1]

@="AdAwareApplication Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AdAwareService.ServiceApplication]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AdAwareService.ServiceApplication\CurVer]

@="AdAwareService.ServiceApplication.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AdAwareService.ServiceApplication.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AdAwareShellExtension.AdAwareContextM.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AdAwareShellExtension.AdAwareContextM.1]

@="AdAwareContextMenu Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AdAwareShellExtension.AdAwareContextMen]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AdAwareShellExtension.AdAwareContextMen]

@="AdAwareContextMenu Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AdAwareShellExtension.AdAwareContextMen\CurVer]

@="AdAwareShellExtension.AdAwareContextM.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AdAwareShellExtension64.AdAwareContex.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AdAwareShellExtension64.AdAwareContex.1]

@="AdAwareContextMenu Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AdAwareShellExtension64.AdAwareContextM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AdAwareShellExtension64.AdAwareContextM]

@="AdAwareContextMenu Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AdAwareShellExtension64.AdAwareContextM\CurVer]

@="AdAwareShellExtension64.AdAwareContex.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\AdAwareContextMenu]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\AdAwareContextMenu64]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\AdAware.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\AdAwareService.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\AdAwareShellExtension.DLL]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\AdAwareShellExtension64.DLL]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{28044BC2-1CFE-4EC4-ADC7-37EA384D7157}]

@="AdAwareShellExtension64"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{7C7C1AC9-F894-423B-AE6C-558286658538}]

"LocalService"="Ad-Aware Service"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{7C7C1AC9-F894-423B-AE6C-558286658538}]

@="AdAwareService"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{815E3070-A914-4A36-BC40-2F35AAD1C91E}]

@="AdAwareShellExtension"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{81E1B6B6-1956-4746-BD22-43F8D3A68AB2}]

@="AdAware"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93E7AF4B-ED49-4F4A-82CF-60471B6F0E25}\InprocServer32]

@="C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareShellExtension64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2582700-05E6-4FD2-9EF9-80B13128624C}\InProcServer32]

@="C:\Program Files (x86)\Ad-Aware Antivirus\x64\sbamsvcps.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E110352D-007C-444F-851E-97EC0F161C99}]

@="AdAwareContextMenu Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E110352D-007C-444F-851E-97EC0F161C99}\InprocServer32]

@="C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareShellExtension64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E110352D-007C-444F-851E-97EC0F161C99}\ProgID]

@="AdAwareShellExtension64.AdAwareContex.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E110352D-007C-444F-851E-97EC0F161C99}\VersionIndependentProgID]

@="AdAwareShellExtension64.AdAwareContextM"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\AdAwareContextMenu]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\AdAwareContextMenu64]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E020570F2B34C2F479328CC11E267E6B]

"ProductName"="Ad-Aware Antivirus"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8279FEB8-5CA4-45C4-BE27-770DCDEA1DEB}]

@="ITopViewAwareItem"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{93E7AF4B-ED49-4F4A-82CF-60471B6F0E25}]

@="IAdAwareContextMenu"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5E1AAC62-2A56-42A0-A6E3-48D12EF3CE32}\1.0]

@="AdAware 1.0 Type Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5E1AAC62-2A56-42A0-A6E3-48D12EF3CE32}\1.0\0\win32]

@="C:\PROGRA~2\AD-AWA~1\AdAware.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6E2A22B9-BB74-4738-8A3A-5E76DE734DE1}\1.0]

@="AdAwareService 1.0 Type Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFCD28B9-9853-42EF-BF78-92E0202C49AA}\1.0]

@="AdAwareShellExtension64 1.0 Type Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AFCD28B9-9853-42EF-BF78-92E0202C49AA}\1.0\HELPDIR]

@="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CD6D67F4-E331-4F02-A773-FBA9F6EBF7F6}\1.0]

@="AdAwareShellExtension 1.0 Type Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CD6D67F4-E331-4F02-A773-FBA9F6EBF7F6}\1.0\HELPDIR]

@="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{132436F2-0B58-4D65-8A1F-B84E4075C5F2}\InprocServer32]

@="C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareShellExtension.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5B64240D-5B36-4B9F-A75F-4925B6A53D5B}]

@="AdAwareContextMenu Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5B64240D-5B36-4B9F-A75F-4925B6A53D5B}\InprocServer32]

@="C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareShellExtension.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5B64240D-5B36-4B9F-A75F-4925B6A53D5B}\ProgID]

@="AdAwareShellExtension.AdAwareContextM.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5B64240D-5B36-4B9F-A75F-4925B6A53D5B}\VersionIndependentProgID]

@="AdAwareShellExtension.AdAwareContextMen"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{706FFEF5-7E90-4149-B038-B39106ECDB99}\ProgID]

@="AdAwareService.ServiceApplication.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{706FFEF5-7E90-4149-B038-B39106ECDB99}\VersionIndependentProgID]

@="AdAwareService.ServiceApplication"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B08ECEC8-805C-49F5-A388-3A769E2ED33D}]

@="AdAwareApplication Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B08ECEC8-805C-49F5-A388-3A769E2ED33D}\LocalServer32]

@="C:\PROGRA~2\AD-AWA~1\AdAware.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B08ECEC8-805C-49F5-A388-3A769E2ED33D}\ProgID]

@="AdAware.AdAwareApplication"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C2582700-05E6-4FD2-9EF9-80B13128624C}\InprocServer32]

@="C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvcPS.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{132436F2-0B58-4D65-8A1F-B84E4075C5F2}]

@="IAdAwareContextMenu"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{417BE87B-98D8-444F-A88F-8AD02E9C6CFC}]

@="IAdAwareApplication"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8279FEB8-5CA4-45C4-BE27-770DCDEA1DEB}]

@="ITopViewAwareItem"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\AdAware.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\AdAwareService.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\AdAwareShellExtension.DLL]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\AdAwareShellExtension64.DLL]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{28044BC2-1CFE-4EC4-ADC7-37EA384D7157}]

@="AdAwareShellExtension64"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{7C7C1AC9-F894-423B-AE6C-558286658538}]

"LocalService"="Ad-Aware Service"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{7C7C1AC9-F894-423B-AE6C-558286658538}]

@="AdAwareService"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{815E3070-A914-4A36-BC40-2F35AAD1C91E}]

@="AdAwareShellExtension"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{81E1B6B6-1956-4746-BD22-43F8D3A68AB2}]

@="AdAware"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{5E1AAC62-2A56-42A0-A6E3-48D12EF3CE32}\1.0]

@="AdAware 1.0 Type Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{5E1AAC62-2A56-42A0-A6E3-48D12EF3CE32}\1.0\0\win32]

@="C:\PROGRA~2\AD-AWA~1\AdAware.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6E2A22B9-BB74-4738-8A3A-5E76DE734DE1}\1.0]

@="AdAwareService 1.0 Type Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{AFCD28B9-9853-42EF-BF78-92E0202C49AA}\1.0]

@="AdAwareShellExtension64 1.0 Type Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{AFCD28B9-9853-42EF-BF78-92E0202C49AA}\1.0\HELPDIR]

@="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CD6D67F4-E331-4F02-A773-FBA9F6EBF7F6}\1.0]

@="AdAwareShellExtension 1.0 Type Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CD6D67F4-E331-4F02-A773-FBA9F6EBF7F6}\1.0\HELPDIR]

@="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\Ad-Aware Antivirus\cart\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\Ad-Aware Antivirus\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\Ad-Aware Antivirus\cart\amd64\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\Ad-Aware Antivirus\cart\definitions\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\Ad-Aware Antivirus\cart\i386\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\Ad-Aware Antivirus\x64\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\Ad-Aware Antivirus\Drivers\amd64\wlh\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\Ad-Aware Antivirus\Drivers\amd64\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\Ad-Aware Antivirus\Drivers\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\Ad-Aware Antivirus\Drivers\i386\wlh\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\Ad-Aware Antivirus\Drivers\i386\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"C:\Program Files (x86)\Ad-Aware Antivirus\x32\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\05DE9363A90CE2A459FDC24349CB03EC]

"E020570F2B34C2F479328CC11E267E6B"="C?\Program Files (x86)\Ad-Aware Antivirus\SBAMTray.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\083B3A6D7B7F6FB4DB9A45972E2DF34D]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\Drivers\i386\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1064CCD7FA67955438950C9963B33D12]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12DAE6646A0239F4EAB1A9CE60218869]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F1DD5FAF16F4FF44B57EB11157A47D2]

"E020570F2B34C2F479328CC11E267E6B"="C?\Program Files (x86)\Ad-Aware Antivirus\cart\CartSdk64.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B8CAE3DF2AECA844AA0DDC0D32B32B4]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2C4702EA33BF673438726B95BA292CC7]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E4D81ECDD42CC74C8B9C586979107EB]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\Drivers\amd64\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2F7096852B431014BB7824578C5A2CB0]

"E020570F2B34C2F479328CC11E267E6B"="C?\Program Files (x86)\Ad-Aware Antivirus\SBSetupDrivers.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30981813F597C834B8D5CF18966D5BA1]

"E020570F2B34C2F479328CC11E267E6B"="C?\Program Files (x86)\Ad-Aware Antivirus\cart\amd64\sbbd.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\31DBE53704309124AB32EC6ECD2A69D3]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\x32\sbbd.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\35A4403F7BF13C94C8FABDF06E789AAE]

"E020570F2B34C2F479328CC11E267E6B"="C?\Program Files (x86)\Ad-Aware Antivirus\Statistics.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3D1F90C57425FF549B68409015EA4834]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\422BBF82DEAE02448B124FDB9E1531F7]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\gfiarksh.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46921E6A0DCDFAD4A889CC2A5DE1CE02]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\cart\definitions\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4E6FA5066F6FD07419F30F3B07A8475A]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\SpursDownload.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4E98092863667BF4598DF6936A1F235B]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareShellExtension64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51F84231BDBBAD04C9029DD4BB33E1AD]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\cart\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\54B2CD938C709724F88711B0D91C98B1]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\unrar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5517297FA3B85E346BA68C0D8E9457E1]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\55D590FD6C4152A4A88B9CB8B907C663]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\59853B5650111894AB623B9EC72BD0DE]

"E020570F2B34C2F479328CC11E267E6B"="C?\Program Files (x86)\Ad-Aware Antivirus\cart\sbrc.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6905E9E235C4A25478FEF66DDE8ABC08]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6EC3E347C30D12D49A3EE14EA484BF35]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\cart\i386\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6EFDFFE9D7BB012429D2ACFD1D94B3C7]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\72965D54147057942A752677F7467A58]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\73CCBB9E9EB2B584189281AAD777A3B5]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareShellExtension.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7791ADD970521BA4B99E2E6CF941D57E]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\799CA8ED769A086418C29C30ACC707BF]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\cart\amd64\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B745670A65FB6848BEF8F4026F44FBB]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\x64\sbbd.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7C3F9AE515DEF4940BED84F5ED60612D]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\847433FF272B2ED4B8CB6E4374A97DB6]

"E020570F2B34C2F479328CC11E267E6B"="C?\Program Files (x86)\Ad-Aware Antivirus\AdAwareStatistics.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9669531A62D0A774E91D44ECB6A4589B]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98B7212DEA7283742BB2E253FD7C5A6B]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D350A6AA4963A342B63AE80583FB068]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\x64\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A8B57F15B79202644B3675803509DF2A]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\SBTE.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC819F79F0B9EDD4DAB83C851A11EC45]

"E020570F2B34C2F479328CC11E267E6B"="C?\Program Files (x86)\Ad-Aware Antivirus\cart\CartSdk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACA11E2F3906F134382476510EF32B07]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\Drivers\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B07BF8CE39102CC4E905D08238DF630F]

"E020570F2B34C2F479328CC11E267E6B"="C?\Program Files (x86)\Ad-Aware Antivirus\SBAMWsc.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B60EEFECE5E32BF4E9723647F2B392FD]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BDF0BEF83486ECB479B0724B3D3E4E38]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BE0258105DB8A5846BA051D34B88F652]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BE44D0AF315BD7F46B4C2FDAEB3A468F]

"E020570F2B34C2F479328CC11E267E6B"="C?\Program Files (x86)\Ad-Aware Antivirus\cart\i386\sbbd.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6866000665126E40AF1EEA8421B7FDE]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\Drivers\amd64\wlh\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA837D1DF5BD3E94A8FCC59F4D7F156E]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\SBCA.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFFE92E606CE2BE4792F515471B9C85A]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvcPS.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D59045FF08CD28544AFD4E70ABAF8B69]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\sbap.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D9C03168B4C462B46891CAB358A800DB]

"00000000000000000000000000000000"="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D9C03168B4C462B46891CAB358A800DB]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DABCE7BD22717D247947F6AFAA733BAC]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD9C1FBC81AD02445BA8197A41E4B359]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\vipre.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DF70F012B42E3F24DB0A6A886901CB63]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E0087A6E2BE5CA945994A4A00490B98D]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\Drivers\i386\wlh\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E3F698B9C5EDADF4380A5319BA64CEC9]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E9931F9246B5E244A83A89DFE9F69443]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96756C97455024FA837BB41A7EBE19]

"E020570F2B34C2F479328CC11E267E6B"="C:\Program Files (x86)\Ad-Aware Antivirus\SBArva.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E020570F2B34C2F479328CC11E267E6B\InstallProperties]

"DisplayName"="Ad-Aware Antivirus"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E020570F2B34C2F479328CC11E267E6B\InstallProperties]

"InstallLocation"="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SMI\WinSxS Settings\amd64_microsoft-windows-settings_31bf3856ad364e35_none_5e7b0013834d1c8b\6.1.7600.16385\Settings]

"dpiAware"="xsd:string"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SMI\WinSxS Settings\x86_microsoft-windows-settings_31bf3856ad364e35_none_025c648fcaefab55\6.1.7600.16385\Settings]

"dpiAware"="xsd:string"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]

"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]

"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90D7513B-E2F7-4F30-82F6-180BECDAF7A3}]

"Path"="\Ad-Aware Antivirus Scheduled Scan"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Antivirus Scheduled Scan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\adawaretb]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lfffjahnfbocnaooecgijfnbpcfekoik]

"path"="C:\ProgramData\adawaretb\shortcuts\chrome\adawaretb.crx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Lavasoft\AdAware10]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934c42-161d-45bc-8cef-ef18abe2a30c}]

"AppPath"="C:\Program Files (x86)\adawaretb"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B9BF5E1-0E0E-418D-B9C7-7A7EB56B22B3}]

"AppPath"="C:\Program Files (x86)\adawaretb"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB2DE08D-AF76-42f2-80E9-E5EEE624A973}]

"AppPath"="C:\Program Files (x86)\adawaretb"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\adawarebp_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\adawarebp_RASMANCS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdawareBrowsingProtection_setup_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdawareBrowsingProtection_setup_RASMANCS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Adaware_Installer_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Adaware_Installer_RASMANCS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdAware_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdAware_RASMANCS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Aware Browsing Protection]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Aware Browsing Protection]

"InstallLocation"="C:\ProgramData\Ad-Aware Browsing Protection"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Aware Browsing Protection]

"UninstallString"="C:\ProgramData\Ad-Aware Browsing Protection\uninstall.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F075020E-43B2-4F2C-9723-C81CE162E7B6}]

"DisplayName"="Ad-Aware Antivirus"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F075020E-43B2-4F2C-9723-C81CE162E7B6}]

"InstallLocation"="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]

"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]

"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processo

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SBAMSvc]

"InstallEXEName"="AdAwareLauncher.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SBAMSvc]

"INSTALLDIR"="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SBAMSvc]

"Product"="Ad-Aware"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{132436F2-0B58-4D65-8A1F-B84E4075C5F2}\InprocServer32]

@="C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareShellExtension.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5B64240D-5B36-4B9F-A75F-4925B6A53D5B}]

@="AdAwareContextMenu Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5B64240D-5B36-4B9F-A75F-4925B6A53D5B}\InprocServer32]

@="C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareShellExtension.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5B64240D-5B36-4B9F-A75F-4925B6A53D5B}\ProgID]

@="AdAwareShellExtension.AdAwareContextM.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5B64240D-5B36-4B9F-A75F-4925B6A53D5B}\VersionIndependentProgID]

@="AdAwareShellExtension.AdAwareContextMen"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{706FFEF5-7E90-4149-B038-B39106ECDB99}\ProgID]

@="AdAwareService.ServiceApplication.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{706FFEF5-7E90-4149-B038-B39106ECDB99}\VersionIndependentProgID]

@="AdAwareService.ServiceApplication"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B08ECEC8-805C-49F5-A388-3A769E2ED33D}]

@="AdAwareApplication Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B08ECEC8-805C-49F5-A388-3A769E2ED33D}\LocalServer32]

@="C:\PROGRA~2\AD-AWA~1\AdAware.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B08ECEC8-805C-49F5-A388-3A769E2ED33D}\ProgID]

@="AdAware.AdAwareApplication"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C2582700-05E6-4FD2-9EF9-80B13128624C}\InprocServer32]

@="C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvcPS.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{132436F2-0B58-4D65-8A1F-B84E4075C5F2}]

@="IAdAwareContextMenu"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{417BE87B-98D8-444F-A88F-8AD02E9C6CFC}]

@="IAdAwareApplication"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{8279FEB8-5CA4-45C4-BE27-770DCDEA1DEB}]

@="ITopViewAwareItem"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\AdAware.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\AdAwareService.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\AdAwareShellExtension.DLL]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\AdAwareShellExtension64.DLL]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{28044BC2-1CFE-4EC4-ADC7-37EA384D7157}]

@="AdAwareShellExtension64"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{7C7C1AC9-F894-423B-AE6C-558286658538}]

"LocalService"="Ad-Aware Service"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{7C7C1AC9-F894-423B-AE6C-558286658538}]

@="AdAwareService"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{815E3070-A914-4A36-BC40-2F35AAD1C91E}]

@="AdAwareShellExtension"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{81E1B6B6-1956-4746-BD22-43F8D3A68AB2}]

@="AdAware"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{5E1AAC62-2A56-42A0-A6E3-48D12EF3CE32}\1.0]

@="AdAware 1.0 Type Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{5E1AAC62-2A56-42A0-A6E3-48D12EF3CE32}\1.0\0\win32]

@="C:\PROGRA~2\AD-AWA~1\AdAware.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6E2A22B9-BB74-4738-8A3A-5E76DE734DE1}\1.0]

@="AdAwareService 1.0 Type Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{AFCD28B9-9853-42EF-BF78-92E0202C49AA}\1.0]

@="AdAwareShellExtension64 1.0 Type Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{AFCD28B9-9853-42EF-BF78-92E0202C49AA}\1.0\HELPDIR]

@="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CD6D67F4-E331-4F02-A773-FBA9F6EBF7F6}\1.0]

@="AdAwareShellExtension 1.0 Type Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CD6D67F4-E331-4F02-A773-FBA9F6EBF7F6}\1.0\HELPDIR]

@="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetDiagFx\Microsoft\HostDLLs\WPPTrace\HelperClasses\DirectAccess_DBG\Providers\{1ac55562-d4ff-4bc5-8ef3-a18e07c4668e}]

"Name"="Network Location Awareness Trace"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\SBAMSvc]

"EventMessageFile"="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\SBAMSvc]

"CategoryMessageFile"="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SBHIPS\Parameters\Packages\Common]

"INSTALLDIR"="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\NetDiagFx\Microsoft\HostDLLs\WPPTrace\HelperClasses\DirectAccess_DBG\Providers\{1ac55562-d4ff-4bc5-8ef3-a18e07c4668e}]

"Name"="Network Location Awareness Trace"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\SBAMSvc]

"EventMessageFile"="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\SBAMSvc]

"CategoryMessageFile"="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SBHIPS\Parameters\Packages\Common]

"INSTALLDIR"="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetDiagFx\Microsoft\HostDLLs\WPPTrace\HelperClasses\DirectAccess_DBG\Providers\{1ac55562-d4ff-4bc5-8ef3-a18e07c4668e}]

"Name"="Network Location Awareness Trace"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\SBAMSvc]

"EventMessageFile"="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\SBAMSvc]

"CategoryMessageFile"="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SBHIPS\Parameters\Packages\Common]

"INSTALLDIR"="C:\Program Files (x86)\Ad-Aware Antivirus\"

[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\278\52C64B7E]

"@%SystemRoot%\System32\nlasvc.dll,-1"="Network Location Awareness"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness]

[HKEY_USERS\S-1-5-21-48190698-1470970319-3138362171-1000\S-1-5-21-48190698-1470970319-3138362171-1000\Software\adawaretb]

[HKEY_USERS\S-1-5-21-48190698-1470970319-3138362171-1000\Software\Ad-Aware Search Protection]

[HKEY_USERS\S-1-5-21-48190698-1470970319-3138362171-1000\Software\Ad-Aware Search Protection]

"Name"="Ad-Aware Search Protection"

[HKEY_USERS\S-1-5-21-48190698-1470970319-3138362171-1000\Software\AppDataLow\Software\adawarebp]

[HKEY_USERS\S-1-5-21-48190698-1470970319-3138362171-1000\Software\AppDataLow\Software\adawaretb]

[HKEY_USERS\S-1-5-21-48190698-1470970319-3138362171-1000\Software\AppDataLow\Software\adawaretb]

"AutoSearchURL"="http://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=url&toolbarid=adawaretb&u=A2CCD136EC282C66B38E185151CB68B6&q=%s"

[HKEY_USERS\S-1-5-21-48190698-1470970319-3138362171-1000\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness]

[HKEY_USERS\S-1-5-21-48190698-1470970319-3138362171-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]

"C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe"="Ad-Aware Antivirus Launcher"

[HKEY_USERS\S-1-5-21-48190698-1470970319-3138362171-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]

"C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe"="Ad-Aware Antivirus Launcher"

[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\278\52C64B7E]

"@%SystemRoot%\System32\nlasvc.dll,-1"="Network Location Awareness"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness]

-= EOF =-

[Maniac]

Download and install Ad-Aware and uninstall it. On this way, all of these leftovers should be gone.

http://www.lavasoft.com/

[AlphaBeta]

Can you tell which version of AdAware? THe lavasoft.com website has 3 different AdAware security program (AdAware Free Antivirus+, AdAware Personal Security, AdAware Pro. The laptop I'm working on belongs to a friend. I do not know which of these 3 products he installed.

[Maniac]

Me too. Don't you have an opportunity to ask him?

[AlphaBeta]

Yes. But not until later.

[Maniac]

No problem.

[AlphaBeta]

I do have a complete backup of his drive that I made booting his machine from Linux before I did anything. I need to get some sleep now. I will try to get in touch with him later today. If I can't reach him, I will mount that image file in my Linux machine and look through the AdAware folders and the registry. Thank you for working with me on this. It means a lot to me.

[Maniac]

You're welcome!

[AlphaBeta]

Good morning,

I was able to retrieve the actual installer exe from the 2 backup's of the laptop's drive that I made before I began any diagnostics. By doing this, I have a high degree of certainty I have the I have the correct version. My friend could not remember. BTW, the Adaware_Installer.exe file has a date of 3/26/2013 which is likely the date it was downloaded and run.

I put it onto a flash drive and plugged the flash into the laptop. I started the installer and received the following message: "AdAware has detected an incompatible software. To avoid any conflicts AdAware will be installed in Compatible mode."

I clicked a big blue rectangle that contained the words "Compatible Install" to see what would happen. I received a new error message: An error occurred during the downloading process." With buttons: RETRY CANCEL. AdAware needed a connection to the internet and couldn't find it. My error. I realized I had not moved the ethernet cable over to the laptop to plug it in yet. I clicked cancel.

I connected to the internet and restarted the Adaware_installer.exe. This time I got a message that AdAware had already been installed.

So, I tried to uninstall AdAware. I got an error: An alert from the Windows Installer with the message: "Error opening installation log file. Verify that the expected logfile locations exists and that you can write to it." OK button is only option. I clicked OK and got another alert, this time from Programs and Features. Same content however: "Error opening installation log file. Verify that the expected logfile location exists and that you can write to it."

On a hunch, to get more data, I tried the following: I disconnected from the internet (pulled out the cable) and restarted Adaware_installer.exe. I got the message that "AdAware has detected an incompatible software. To avoid any conflicts AdAware will be installed in Compatible mode."

I clicked the big blue rectangle that contained the words "Compatible Install" and when I got the error message: "An error occurred during the downloading process." (with buttons: RETRY CANCEL) I connected the cable and when the internet was ready I clicked on RETRY.

This time, AdAware began downloading from the internet and when it finished informed me that AdAware had been installed successfully.

I tried, once again, to move to the next step and uninstall it. Again, I was told AdAware was not installed. I got the same error messages I got from before: "Error opening installation log file. Verify that the expected logfile location exists and that you can write to it." OK button is only option. I clicked OK and got another alert, this time from Programs and Features. Same content however: "Error opening installation log file. Verify that the expected logfile location exists and that you can write to it."

It appears I can neither install it nor uninstall it.

One more bit of data:

Earlier, after my first encounter with the "Incompatible software" message, I checked Lavasoft's website and found Kaspersky on the list of incompatible programs as well as Eset. I uninstalled the Eset Online Scanner's remnants (Eset recommended I leave their definitions intact after I ran the online scan a day or so ago.) I then ran the AdAware installer again. Same message: "AdAware has detected an incompatible software. To avoid any conflicts AdAware will be installed in Compatible mode."

My friend may have received the same "incompatible software" message when he installed AdAware because Kaspersky was installed long before AdAware had been. Regardless, I think it is fair to presume that at least I am approximately duplicating the conditions under which he installed it: Kaspersky installed, Eset not present on the drive.

So, to summarize, it appears I can neither install it nor uninstall it. I restarted Windows and ran the right-click on a file test and got the same alert from Windows Installer: "Preparing to install. Please wait while Windows configures AdAware."

It's been another very long day. I am going to sleep again. I will check for your reply when I get up.

Thanks.

[AlphaBeta]

Hi Maniac, are you still there?

I am writing to ask if you are working on this or if other matters of importance have taken your time. I am certainly willing to wait. I am only wondering if I should wait. Hope you're OK.

AlphaBeta