Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox/IE Claro search redirectory upon opening new tabs before. Now they both freeze. (more inside)


  • Please log in to reply
7 replies to this topic

#1 Kinglit

Kinglit

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 05 February 2013 - 01:20 PM

Hello BC, it's been awhile (three years to be exact). :P

Anyway, the problem started off as just a simple redirectory to Claro search upon opening a new tab in Firefox and IE. Like a fool I ignored it because it seemed like just a minor inconvenience.

Now I can barely load up both browsers without them freezing and giving me a Not Responding error. And once AGAIN I can't use System Restore... <_<


As always, any help is much appreciated:


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 10.11.2
Run by trace at 22:40:43 on 2013-02-02
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Morgan\m3jpegV3\MMTray.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\Comcast\pcTrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe
C:\Windows\ehome\ehtray.exe
C:\Users\trace\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\hp\kbd\kbd.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\app\trace\product\11.1.0\db_1\BIN\TNSLSNR.exe
C:\app\trace\product\11.1.0\db_1\bin\OraVSSW.exe
C:\app\trace\product\11.1.0\db_1\bin\nmesrvc.exe
C:\app\trace\product\11.1.0\db_1\perl\5.8.3\bin\MSWin32-x86-multi-thread\perl.exe
C:\app\trace\product\11.1.0\db_1\jdk\bin\java.exe
C:\app\trace\product\11.1.0\db_1\bin\LSNRCTL.EXE
C:\Program Files\Comcast\pcBrowser.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\app\trace\product\11.1.0\db_1\bin\emagent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Comcast\pcBrowser.exe
C:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe
C:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Giraffic\Veoh_Giraffic.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Comcast\pcBrowser.exe
C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\app\trace\product\11.1.0\db_1\bin\emdctl.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k WindowsMobile
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Windows Internet Explorer provided by Comcast
mStart Page = hxxp://www.xfinity.com/?cid=xfstart_eg_self_main
mWindow Title = Windows Internet Explorer provided by Comcast
uProxyServer = :0
BHO: Claro LTD Helper Object: {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - c:\program files\claro ltd\claro\1.6.4.1\bh\claro.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Savings Sidekick: {11111111-1111-1111-1111-110011501160} - c:\program files\savings sidekick\Savings Sidekick.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - c:\program files\startnow toolbar\Toolbar32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Updater For Simppull Toolbar: {C4B8BAB4-1667-11DF-A242-BA9455D89593} -
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - <orphaned>
BHO: NJStarBHO Class: {E74F179F-F6CC-4BE0-9638-DEA49583953F} - c:\program files\njstar communicator\NJStarBHO32.dll
BHO: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Veoh Web Player Video Finder: {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - c:\program files\startnow toolbar\Toolbar32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Claro LTD Toolbar: {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - c:\program files\claro ltd\claro\1.6.4.1\claroTlbr.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [PMCRemote] c:\program files\pinnacle\shared files\programs\remote\Remoterm.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [ooVoo.exe] c:\program files\oovoo\oovoo.exe /minimized
uRun: [Octoshape Streaming Services] "c:\users\trace\appdata\roaming\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [Windows Time] rundll32.exe
uRun: [Google Update] "c:\users\trace\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [googletalk] c:\users\trace\appdata\roaming\google\google talk\googletalk.exe /autostart
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [DPService] "c:\program files\hp\dvdplay\DPService.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe" -delete
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [USBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [CloneCDElbyCDFL] "c:\program files\elaborate bytes\clonecd\ElbyCheck.exe" /L ElbyCDFL
mRun: [CloneCDTray] "c:\program files\elaborate bytes\clonecd\CloneCDTray.exe"
mRun: [WINDVDPatch] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"
mRun: [DevconDefaultDB] c:\windows\READREG /PSCONV={NO} /NO_DEFPS
mRun: [Windows Mobile Device Center] c:\windows\windowsmobile\wmdc.exe
mRun: [MMTray] "c:\program files\morgan\m3jpegv3\MMTray.exe"
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Google Updater] "c:\program files\google\google updater\GoogleUpdater.exe" -check_deprecation
mRun: [StartNowToolbarHelper] "c:\program files\startnow toolbar\ToolbarHelper.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Comcast_McciTrayApp] "c:\program files\comcast\pcTrayApp.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:149
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1C517DEB-59CF-4806-A1BA-A71265252F3D} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs= c:\progra~2\bprote~1\261123~1.78\{eab34~1\protec~1.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\trace\appdata\roaming\mozilla\firefox\profiles\3kafcqd4.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - component: c:\users\trace\appdata\roaming\mozilla\firefox\profiles\3kafcqd4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\trace\appdata\roaming\mozilla\firefox\profiles\3kafcqd4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\trace\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\trace\appdata\local\yahoo!\browserplus\2.9.2\plugins\npybrowserplus_2.9.2.dll
FF - plugin: c:\users\trace\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\trace\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\trace\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\trace\appdata\roaming\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2019-09-25 23:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\users\trace\appdata\roaming\mozilla\firefox\profiles\3kafcqd4.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
.
---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, false);FF - user.js: general.useragent.extra.brc - BRI/1
FF - user.js: extentions.y2layers.installId - bf1cb5bd-3d57-4781-86f3-32263cb4ab80
FF - user.js: extensions.claro.id - 569f3c4300000000000000235402abfb
FF - user.js: extensions.claro.instlDay - 15562
FF - user.js: extensions.claro.vrsn - 1.6.4.1
FF - user.js: extensions.claro.vrsni - 1.6.4.1
FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.112:17:01
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
.
============= SERVICES / DRIVERS ===============
.
R? avast! Antivirus;avast! Antivirus
R? avast! Mail Scanner;avast! Mail Scanner
R? avast! Web Scanner;avast! Web Scanner
R? BBSvc;BingBar Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? gupdate1c9976ea5c9c3b0;Google Update Service (gupdate1c9976ea5c9c3b0)
R? McComponentHostService;McAfee Security Scan Component Host Service
R? OracleJobSchedulerORCL;OracleJobSchedulerORCL
R? OracleServiceORCL;OracleServiceORCL
R? PAC207;SoC PC-Camera
R? SkypeUpdate;Skype Updater
R? vaxscsi;vaxscsi
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? AntiVirSchedulerService;Avira AntiVir Scheduler
S? AntiVirService;Avira AntiVir Guard
S? aswFsBlk;aswFsBlk
S? aswMonFlt;aswMonFlt
S? aswSP;avast! Self Protection
S? avgio;avgio
S? avgntflt;avgntflt
S? BBUpdate;BBUpdate
S? bProtector;bProtector
S? ElbyVCD;ElbyVCD
S? Giraffic;Veoh Giraffic Video Accelerator
S? HSXHWBS3;HSXHWBS3
S? OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener
S? OracleVssWriterORCL;Oracle ORCL VSS Writer Service
S? pcCMService;pcCMService
S? PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver
S? Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar
.
=============== File Associations ===============
.
FileExt: .txt: Applications\WordPad.exe="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [UserChoice]
FileExt: .vbe: VBEFile="c:\windows\system32\CScript.exe" "%1" %* [default=Open2]
FileExt: .vbs: VBSFile="c:\windows\system32\CScript.exe" "%1" %* [default=Open2]
FileExt: .js: JSFile=c:\windows\system32\CScript.exe "%1" %* [default=Open2]
FileExt: .jse: JSEFile=c:\windows\system32\CScript.exe "%1" %* [default=Open2]
FileExt: .wsf: WSFFile="c:\windows\system32\CScript.exe" "%1" %* [default=Open2]
.
=============== Created Last 30 ================
.
2013-02-01 07:04:56 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2032332a-1982-4706-975f-730ffb76f0ef}\offreg.dll
2013-02-01 06:38:43 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2032332a-1982-4706-975f-730ffb76f0ef}\mpengine.dll
2013-01-29 08:44:50 -------- d-----w- C:\4f9ec24fd52facd772673d5f6d982f1b
2013-01-25 22:34:40 -------- d-----w- C:\02178a91cfa18893ae7b8d
2013-01-25 19:55:12 -------- d-----w- c:\users\trace\appdata\local\join.me
2013-01-25 19:44:51 -------- d-----w- c:\programdata\Ask
2013-01-25 19:42:41 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-22 06:37:53 -------- d-----w- C:\935521260fc29050f4608b16
2013-01-18 23:28:06 -------- d-----w- C:\ece0d26fb629e074d5ade44204
2013-01-15 15:17:22 -------- d-----w- C:\9fd02e85e69bbc6e18546274f3b08ac3
2013-01-15 06:26:12 -------- d-----w- C:\TEMP
2013-01-15 05:47:06 -------- d-----w- C:\app
2013-01-15 05:45:19 -------- d-----w- c:\program files\Oracle
2013-01-11 18:00:05 -------- d-----w- C:\5af066e0d50a31cf82d8e6
2013-01-10 08:02:57 -------- d-----w- C:\817c56463a83b7f0d795
2013-01-08 13:01:33 -------- d-----w- C:\218fcc3ff9304e47ae01
2013-01-04 19:40:40 -------- d-----w- C:\b41ae8e93938a58f443f22a20e
.
==================== Find3M ====================
.
2013-01-25 19:39:35 859552 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-01-25 19:39:30 780192 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-17 06:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-09 19:51:20 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 19:51:20 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 23:32:18.16 ===============

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:06 PM

Posted 05 February 2013 - 02:47 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

Running AdwCleaner

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Copy and Paste the following code into the Posted Image textbox.

    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    CreateRestorePoint
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    svchost.exe
    tdx.sys
    afd.sys
    netbt.sys
    services.exe
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



Running aswMBR.exe

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image



NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. adwCleaner[R1].txt log file.
3. OTL.txt & Extras.txt log files.
4. aswMBR.txt log file.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 Kinglit

Kinglit
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 08 February 2013 - 10:38 PM

An apology for the long delay in a response. My internet got turned off before I had a chance to do anything.

 

Comp is still acting up.

 

 

ADWCLEANER LOGFILE

 

# AdwCleaner v2.111 - Logfile created 02/08/2013 at 20:22:00
# Updated 05/02/2013 by Xplode
# Operating system : Windows Vista ™ Ultimate Service Pack 1 (32 bits)
# User : trace - TRACE-PC
# Boot Mode : Normal
# Running from : C:\Users\trace\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****

Found : bProtector
Found : Updater Service for StartNow Toolbar

***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\user.js
File Found : C:\Users\Public\Desktop\eBay.lnk
File Found : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\bprotector_extensions.sqlite
File Found : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\bprotector_prefs.js
File Found : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\searchplugins\askcomsearch.xml
File Found : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\searchplugins\bProtect.xml
File Found : C:\Users\trace\Desktop\Free Animated Desktop Wallpaper.lnk
File Found : C:\Users\trace\Desktop\Free Dolphin Screensaver.lnk
File Found : C:\Users\trace\Desktop\searchplugins\bProtect.xml
File Found : C:\Users\trace\Documents\searchplugins\bProtect.xml
File Found : C:\Windows\system32\searchplugins\bProtect.xml
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Program Files\Claro LTD
Folder Found : C:\Program Files\DAEMON Tools Toolbar
Folder Found : C:\Program Files\Free Offers from Freeze.com
Folder Found : C:\Program Files\Savings Sidekick
Folder Found : C:\Program Files\Yontoo Layers Runtime
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\bProtectorForWindows
Folder Found : C:\ProgramData\IBUpdaterService
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freeze.com
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartShopper
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Folder Found : C:\Users\trace\AppData\Local\OpenCandy
Folder Found : C:\Users\trace\AppData\Local\Savings Sidekick
Folder Found : C:\Users\trace\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\trace\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\trace\AppData\Roaming\Babylon
Folder Found : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\Conduit
Folder Found : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\ConduitCommon
Folder Found : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\CT2438727
Folder Found : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
Folder Found : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
Folder Found : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\crossriderapp5060@crossrider.com
Folder Found : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\plugin@yontoo.com
Folder Found : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\toolbar@ask.com
Folder Found : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\FCTB
Folder Found : C:\Users\trace\Desktop\bProtectorForWindows
Folder Found : C:\Users\trace\Documents\bProtectorForWindows
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Folder Found : C:\Windows\system32\bProtectorForWindows

***** [Registry] *****

Key Found : HKCU\Software\5e0d78fb76fe842
Key Found : HKCU\Software\AppDataLow\AskToolbarInfo
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Savings Sidekick
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Claro LTD
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Freeze.com
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\claro
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Savings Sidekick
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StartNow Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011501160}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\StartNow Toolbar
Key Found : HKCU\Software\Zugo
Key Found : HKLM\SOFTWARE\5e0d78fb76fe842
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BabylonToolbar
Key Found : HKLM\Software\Claro LTD
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\claro.claroappCore
Key Found : HKLM\SOFTWARE\Classes\claro.claroappCore.1
Key Found : HKLM\SOFTWARE\Classes\claro.clarodskBnd
Key Found : HKLM\SOFTWARE\Classes\claro.clarodskBnd.1
Key Found : HKLM\SOFTWARE\Classes\claro.claroHlpr
Key Found : HKLM\SOFTWARE\Classes\claro.claroHlpr.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{05340575-7D2A-4266-9A84-7EEBDC476884}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011501160}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022502260}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033503360}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97C47A30-3CFB-474B-94E3-6019A7EE0610}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EE4FC43F-84CE-4E20-88C2-2188525B47FB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0005060.FBApi
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0005060.FBApi.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\esrv.claroESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.claroESrvc.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505560}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506660}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077507760}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044504460}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\SOFTWARE\Classes\ZGClnt.Mngr
Key Found : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60295942-9E5F-4EE8-B785-3A655904D24F}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011501160}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\claro
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Savings Sidekick
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar
Key Found : HKLM\SOFTWARE\Software
Key Found : HKLM\Software\StartNow Toolbar
Key Found : HKLM\Software\Tarma Installer
Key Found : HKU\S-1-5-21-889684394-3566908023-1206495480-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-889684394-3566908023-1206495480-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9E131A93-EED7-4BEB-B015-A0ADB30B5646}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [StartNowToolbarHelper]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6001.18000

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("extensions.claro.admin", false);
Found : user_pref("extensions.claro.aflt", "babsst");
Found : user_pref("extensions.claro.dfltLng", "en");
Found : user_pref("extensions.claro.excTlbr", false);
Found : user_pref("extensions.claro.id", "569f3c4300000000000000235402abfb");
Found : user_pref("extensions.claro.instlDay", "15562");
Found : user_pref("extensions.claro.instlRef", "sst");
Found : user_pref("extensions.claro.prdct", "claro");
Found : user_pref("extensions.claro.prtnrId", "claro");
Found : user_pref("extensions.claro.tlbrId", "claro");
Found : user_pref("extensions.claro.vrsn", "1.6.4.1");
Found : user_pref("extensions.claro.vrsni", "1.6.4.1");
Found : user_pref("extensions.claro_i.smplGrp", "none");
Found : user_pref("extensions.claro_i.vrsnTs", "1.6.4.112:17:01");

-\\ Google Chrome v24.0.1312.57

File : C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [21842 octets] - [08/02/2013 20:22:00]

########## EOF - C:\AdwCleaner[R1].txt - [21903 octets] ##########
 

 

 

OTL LOGFILE:

 

OTL logfile created on: 2/8/2013 8:34:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\trace\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.87 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 48.55% Memory free
3.99 Gb Paging File | 2.16 Gb Available in Paging File | 54.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.03 Gb Total Space | 8.49 Gb Free Space | 6.15% Space Free | Partition Type: NTFS
Drive D: | 11.02 Gb Total Space | 1.46 Gb Free Space | 13.29% Space Free | Partition Type: NTFS
Drive G: | 983.72 Mb Total Space | 909.67 Mb Free Space | 92.47% Space Free | Partition Type: FAT
 
Computer Name: TRACE-PC | User Name: trace | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/02/08 20:10:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\trace\Desktop\OTL.exe
PRC - [2013/02/08 20:06:32 | 000,582,209 | ---- | M] () -- C:\Users\trace\Desktop\AdwCleaner.exe
PRC - [2013/01/31 06:11:06 | 002,561,488 | ---- | M] () -- C:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe
PRC - [2012/09/19 05:21:18 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/08/18 04:45:45 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/07/02 10:25:14 | 002,232,504 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
PRC - [2012/07/02 10:24:54 | 003,790,504 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Veoh_Giraffic.exe
PRC - [2012/06/22 08:55:48 | 000,265,952 | ---- | M] () -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
PRC - [2012/02/10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2012/01/18 16:03:20 | 001,939,968 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Comcast\pcTrayApp.exe
PRC - [2012/01/18 16:01:52 | 000,361,472 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\pcCMService.exe
PRC - [2011/06/28 17:17:59 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/27 19:43:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/01/10 14:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/12/08 16:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/04/30 13:56:04 | 000,344,064 | ---- | M] () -- C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
PRC - [2009/01/08 08:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\trace\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
PRC - [2008/10/15 16:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe
PRC - [2008/09/12 11:45:48 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/09/04 21:14:24 | 000,226,576 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe
PRC - [2008/01/20 21:22:50 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2008/01/20 21:22:34 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/20 21:21:57 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2008/01/20 21:21:42 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2008/01/20 21:21:41 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/20 21:21:41 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2007/10/03 15:09:42 | 000,163,840 | ---- | M] () -- C:\app\trace\product\11.1.0\db_1\BIN\oravssw.exe
PRC - [2007/09/13 00:03:30 | 000,025,600 | ---- | M] (Oracle Corporation) -- C:\app\trace\product\11.1.0\db_1\BIN\nmesrvc.exe
PRC - [2007/09/13 00:03:26 | 000,006,656 | ---- | M] (Oracle Corporation) -- C:\app\trace\product\11.1.0\db_1\BIN\emagent.exe
PRC - [2007/09/07 14:23:24 | 000,471,040 | ---- | M] () -- C:\app\trace\product\11.1.0\db_1\BIN\TNSLSNR.EXE
PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/28 18:58:00 | 000,049,248 | ---- | M] (Sun Microsystems, Inc.) -- C:\app\trace\product\11.1.0\db_1\jdk\bin\java.exe
PRC - [2007/02/20 11:07:40 | 000,199,752 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
PRC - [2006/11/03 14:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
PRC - [2006/11/02 04:45:50 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\verclsid.exe
PRC - [2004/11/15 11:35:30 | 000,016,384 | ---- | M] () -- C:\app\trace\product\11.1.0\db_1\perl\5.8.3\bin\MSWin32-x86-multi-thread\perl.exe
PRC - [2002/12/02 09:17:37 | 000,073,728 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
PRC - [2002/07/02 16:56:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTHELPER.EXE
PRC - [2001/11/08 19:19:16 | 000,053,248 | ---- | M] (Morgan Multimedia) -- C:\Program Files\Morgan\m3jpegV3\MMTray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/02/08 20:06:32 | 000,582,209 | ---- | M] () -- C:\Users\trace\Desktop\AdwCleaner.exe
MOD - [2013/02/07 05:50:30 | 003,023,256 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/01/31 06:11:06 | 002,561,488 | ---- | M] () -- C:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe
MOD - [2013/01/31 06:10:04 | 002,231,248 | ---- | M] () -- c:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\protector.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/06/29 23:12:54 | 000,061,440 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/06/29 23:12:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/06/29 23:12:42 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2010/06/29 23:12:40 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2010/06/29 23:12:40 | 000,007,680 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2010/06/29 23:12:40 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2010/06/29 23:12:36 | 000,018,944 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2010/06/29 23:12:18 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/04/30 13:56:04 | 000,344,064 | ---- | M] () -- C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
MOD - [2008/12/09 00:29:13 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2008/09/12 11:45:48 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
MOD - [2008/01/20 21:53:33 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\75438038f0d98e04583d0168d671981e\PresentationFramework.Aero.ni.dll
MOD - [2008/01/20 21:53:32 | 015,040,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7606ee23b2b3fd1d5d3d1c10011d3ecc\PresentationFramework.ni.dll
MOD - [2008/01/20 21:53:06 | 012,570,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\adcba7206e27f493c9f161339a668cd1\PresentationCore.ni.dll
MOD - [2008/01/20 21:53:06 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\c9b8f70286ecf69cbf8c0d09dbcbf69a\UIAutomationTypes.ni.dll
MOD - [2008/01/20 21:52:48 | 003,395,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fcdc39d38a36b04796da6d0e66c48c7c\WindowsBase.ni.dll
MOD - [2008/01/20 21:52:26 | 001,064,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3faf6c0dd4b29ada10b11269abb62653\System.Management.ni.dll
MOD - [2008/01/20 21:50:48 | 013,193,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\45ee94a63c463b93e3ff694c6ecd0820\System.Windows.Forms.ni.dll
MOD - [2008/01/20 21:50:23 | 007,049,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\11afb76c8f51ad01fb460ab76e120f7c\System.Data.ni.dll
MOD - [2008/01/20 21:50:15 | 001,667,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a35f567c4c67d6b1ca9a0023852847a2\System.Drawing.ni.dll
MOD - [2008/01/20 21:50:00 | 000,815,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\8fe7232e97fdf63c6b146e93f432d7d7\System.Runtime.Remoting.ni.dll
MOD - [2008/01/20 21:49:50 | 005,771,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\02cf61328d59df9b3ec09544f449a781\System.Xml.ni.dll
MOD - [2008/01/20 21:49:43 | 001,011,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15366cc16c2550064601b5167821667d\System.Configuration.ni.dll
MOD - [2008/01/20 21:49:41 | 008,265,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\267d4c344058092e6950c11594244f90\System.ni.dll
MOD - [2008/01/20 21:49:32 | 011,722,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5b3e3b0551bcaa722c27dbb089c431e4\mscorlib.ni.dll
MOD - [2008/01/20 21:22:49 | 003,036,160 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2007/09/20 21:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/02/07 21:51:54 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/07 05:50:30 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/31 06:11:06 | 002,561,488 | ---- | M] () [Auto | Running] -- C:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe -- (bProtector)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/02 10:25:14 | 002,232,504 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2012/06/22 08:55:48 | 000,265,952 | ---- | M] () [Auto | Running] -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
SRV - [2012/02/10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/01/18 16:01:52 | 000,361,472 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2011/06/28 17:17:59 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 19:43:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/10/15 16:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)
SRV - [2008/01/20 21:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/03 16:42:52 | 089,702,400 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- c:\app\trace\product\11.1.0\db_1\bin\ORACLE.EXE -- (OracleServiceORCL)
SRV - [2007/10/03 15:09:42 | 000,163,840 | ---- | M] () [Auto | Running] -- C:\app\trace\product\11.1.0\db_1\bin\OraVSSW.exe -- (OracleVssWriterORCL)
SRV - [2007/10/03 14:45:46 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- c:\app\trace\product\11.1.0\db_1\Bin\extjob.exe -- (OracleJobSchedulerORCL)
SRV - [2007/09/13 00:03:30 | 000,025,600 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\app\trace\product\11.1.0\db_1\BIN\nmesrvc.exe -- (OracleDBConsoleorcl)
SRV - [2007/09/07 14:23:24 | 000,471,040 | ---- | M] () [Auto | Running] -- C:\app\trace\product\11.1.0\db_1\BIN\TNSLSNR.exe -- (OracleOraDb11g_home1TNSListener)
SRV - [2007/05/31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Disabled | Stopped] -- System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | Auto | Stopped] --  -- (MCSTRM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\ctsfm2k.sysServices\ctsfm2k -- (ctsfm2k)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\trace\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Auto | Stopped] --  -- (ASPI32)
DRV - [2012/01/18 16:01:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/01/18 16:01:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/06/28 17:17:59 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 17:17:59 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/11/24 18:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 18:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 18:49:48 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009/11/24 18:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 18:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/08/19 16:49:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/07/01 20:58:43 | 000,223,128 | ---- | M] (Alcohol Soft Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vaxscsi.sys -- (vaxscsi)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/07/09 17:49:02 | 000,444,800 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvb7700all.sys -- (mod7700)
DRV - [2008/06/06 14:13:40 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/06/06 14:13:10 | 000,145,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008/05/22 14:20:54 | 000,020,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc.pkms -- (PCD5SRVC{BD6912E3-AC9D80E8-05040000})
DRV - [2008/05/22 09:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/22 04:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/05/21 06:44:10 | 001,049,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/02/12 10:27:34 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS3.sys -- (HSXHWBS3)
DRV - [2008/02/12 10:25:22 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 10:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/08/21 04:13:04 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2006/12/12 10:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/12/05 14:34:42 | 000,507,136 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2005/12/21 08:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 08:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 08:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005/12/12 12:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005/09/23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/02/23 17:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2002/11/28 09:18:04 | 000,015,360 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2002/11/28 05:43:49 | 000,022,016 | ---- | M] (Elaborate Bytes AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ElbyVCD.sys -- (ElbyVCD)
DRV - [2002/07/24 12:52:26 | 000,998,004 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HA10KX2K.SYS -- (ha10kx2k)
DRV - [2002/07/19 09:48:32 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EMUPIA2K.SYS -- (emupia)
DRV - [2002/07/19 09:48:08 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTPRXY2K.SYS -- (ctprxy2k)
DRV - [2002/07/19 09:48:04 | 000,195,432 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTOSS2K.SYS -- (ossrv)
DRV - [2002/07/19 09:47:52 | 000,837,548 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTAUD2K.SYS -- (ctaud2k)
DRV - [2002/07/19 09:46:28 | 000,127,948 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTAC32K.SYS -- (ctac32k)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.xfinity.com/?cid=xfstart_eg_self_main
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = ComcastSearch
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{3A9A5C13-2D3F-49E8-8BD6-F8DD111E6162}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{4ECD9BFB-55E9-42E0-A875-21F5822773FC}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\ComcastSearch: "URL" = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_self_search
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.google.com/
IE - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.xfinity.com/?cid=xfstart_eg_self_main
IE - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\..\SearchScopes,bProtectorDefaultScope =
IE - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.claro-search.com/?q={searchTerms}&affID=111917&tt=090812_clr_3212_1&babsrc=SP_ss&mntrId=569f3c4300000000000000235402abfb
IE - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = http://www.bing.com/search?FORM=OCYTDF&PC=OCDY&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000030&src=crm&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000
IE - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\..\SearchScopes\{3A9A5C13-2D3F-49E8-8BD6-F8DD111E6162}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\..\SearchScopes\{4ECD9BFB-55E9-42E0-A875-21F5822773FC}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\..\SearchScopes\{63140ECF-C629-BE59-8F0E-90B4FF340C03}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z128&form=ZGAIDF&install_date=20111013&iesrc={referrer:source}
IE - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\..\SearchScopes\ComcastSearch: "URL" = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_self_search
IE - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\trace\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\trace\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\trace\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\trace\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\trace\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\trace\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.2: C:\Users\trace\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/24 11:28:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/24 11:28:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/18 04:47:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/07 05:50:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/11 03:16:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\web@veoh.com: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2008/12/17 06:46:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/07 05:50:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/11 03:16:51 | 000,000,000 | ---D | M]
 
[2010/10/02 12:48:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\trace\AppData\Roaming\Mozilla\Extensions
[2010/10/02 12:48:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\trace\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2013/02/08 14:32:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions
[2012/12/11 04:09:29 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2012/10/15 13:39:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/02/08 14:32:08 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2012/11/19 12:03:28 | 000,000,000 | ---D | M] ("Savings Sidekick") -- C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\crossriderapp5060@crossrider.com
[2009/06/05 22:09:16 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\moveplayer@movenetworks.com
[2011/04/04 05:39:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\nostmp
[2011/10/12 22:02:23 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\plugin@yontoo.com
[2010/05/04 16:19:36 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\searchrecs@veoh.com
[2009/12/26 02:16:57 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\toolbar@ask.com
[2012/11/19 12:03:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\crossriderapp5060@crossrider.com\chrome\content\extensionCode
[2013/01/04 22:18:24 | 000,220,411 | ---- | M] () (No name found) -- C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/01/25 14:44:59 | 000,002,306 | ---- | M] () -- C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\searchplugins\askcomsearch.xml
[2011/10/12 22:01:42 | 000,001,945 | ---- | M] () -- C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\searchplugins\bing-zugo.xml
[2012/08/10 11:16:56 | 000,006,531 | ---- | M] () -- C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\searchplugins\bProtect.xml
[2013/01/25 14:33:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/15 00:40:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/08 16:17:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/05 02:26:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/02/07 05:50:31 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/18 04:46:06 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/08/10 11:16:56 | 000,006,531 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/08/29 23:40:01 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/06 13:45:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/08/10 11:16:56 | 000,006,531 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bProtect.xml
[2012/10/14 16:22:40 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.claro-search.com/?affID=111917&tt=090812_clr_3212_1&babsrc=HP_ss&mntrId=569f3c4300000000000000235402abfb
CHR - Extension: No name found = C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: No name found = C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: No name found = C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlklhlmekdhcfmndodpbjmgpepoeiiaf\3.0.2_0\
CHR - Extension: No name found = C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
CHR - Extension: No name found = C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\
 
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files\Claro LTD\claro\1.6.4.1\bh\claro.dll (Montera Technologeis LTD)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Savings Sidekick) - {11111111-1111-1111-1111-110011501160} - C:\Program Files\Savings Sidekick\Savings Sidekick.dll (215 Apps)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Updater For Simppull Toolbar) - {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files\simppulltoolbar\auxi\simppulltoolbAu.dll File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No CLSID value found.
O2 - BHO: (NJStarBHO Class) - {E74F179F-F6CC-4BE0-9638-DEA49583953F} - C:\Program Files\NJStar Communicator\NJStarBHO32.dll (NJStar Software Corp.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files\Claro LTD\claro\1.6.4.1\claroTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\..\Toolbar\WebBrowser: (no name) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No CLSID value found.
O3 - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CloneCDElbyCDFL] C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [Comcast_McciTrayApp] C:\Program Files\Comcast\pcTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [DevconDefaultDB] C:\Windows\READREG.exe (Creative Technology Limited)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DPService] C:\Program Files\HP\DVDPlay\DPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe ()
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [MMTray] C:\Program Files\Morgan\m3jpegV3\MMTray.exe (Morgan Multimedia)
O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [StartNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe" File not found
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.dll (Pinnacle Systems)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WINDVDPatch] C:\Windows\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-21-889684394-3566908023-1206495480-1000..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKU\S-1-5-21-889684394-3566908023-1206495480-1000..\Run: [googletalk] C:\Users\trace\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-889684394-3566908023-1206495480-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-889684394-3566908023-1206495480-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-889684394-3566908023-1206495480-1000..\Run: [Octoshape Streaming Services] C:\Users\trace\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKU\S-1-5-21-889684394-3566908023-1206495480-1000..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKU\S-1-5-21-889684394-3566908023-1206495480-1000..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe (Pinnacle Systems)
O4 - HKU\S-1-5-21-889684394-3566908023-1206495480-1000..\Run: [SetDefaultMIDI] C:\Windows\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-21-889684394-3566908023-1206495480-1000..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\S-1-5-21-889684394-3566908023-1206495480-1000..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKU\S-1-5-21-889684394-3566908023-1206495480-1000..\Run: [Windows Time] rundll32.exe  File not found
O4 - HKU\S-1-5-21-889684394-3566908023-1206495480-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\trace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Socialbox.lnk = C:\Program Files\Socialbox\Socialbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C517DEB-59CF-4806-A1BA-A71265252F3D}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\bprote~1\261123~1.78\{eab34~1\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\protector.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c2b38ce0-f729-11de-9991-00235402abfb}\Shell - "" = AutoRun
O33 - MountPoints2\{c2b38ce0-f729-11de-9991-00235402abfb}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{c2b38ce2-f729-11de-9991-00235402abfb}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\CueBuD.ExE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: rootrepeal.sys - Reg Error: Value error.
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {23036C23-ECDE-47F5-A908-BEC94EE0456F} - Security Update for Microsoft Visual Basic 2005 Express Edition - ENU (KB2251481)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {355AD171-6294-4265-95EC-741E081E98F3} - Microsoft Visual Basic 2005 Express Edition - ENU Service Pack 1 (KB926747)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9AD2FB23-AC50-435C-8ABC-8119D29CF0C1} - Update for Microsoft Visual Basic 2005 Express Edition - ENU (KB932232)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dmb1 - C:\Windows\System32\m3jpeg32.dll (Morgan Multimedia)
Drivers32: vidc.dvsd - C:\Windows\System32\pdvcodec.dll (Matsubleepa Electric Industrial Co., Ltd.)
Drivers32: VIDC.FFDS - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\Windows\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.MJPG - C:\Windows\System32\m3jpeg32.dll (Morgan Multimedia)
Drivers32: VIDC.VP70 - C:\Windows\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/08 20:19:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\trace\Desktop\OTL.exe
[2013/02/08 20:19:32 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\trace\Desktop\aswMBR.exe
[2013/01/29 03:44:50 | 000,000,000 | ---D | C] -- C:\4f9ec24fd52facd772673d5f6d982f1b
[2013/01/25 17:34:40 | 000,000,000 | ---D | C] -- C:\02178a91cfa18893ae7b8d
[2013/01/25 14:55:12 | 000,000,000 | ---D | C] -- C:\Users\trace\AppData\Local\join.me
[2013/01/25 14:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2013/01/25 14:44:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/01/22 01:37:53 | 000,000,000 | ---D | C] -- C:\935521260fc29050f4608b16
[2013/01/18 18:28:06 | 000,000,000 | ---D | C] -- C:\ece0d26fb629e074d5ade44204
[2013/01/15 10:17:22 | 000,000,000 | ---D | C] -- C:\9fd02e85e69bbc6e18546274f3b08ac3
[2013/01/15 01:26:12 | 000,000,000 | ---D | C] -- C:\TEMP
[2013/01/15 01:10:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio .NET 2003
[2013/01/15 01:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle - OraDb11g_home1
[2013/01/15 00:47:06 | 000,000,000 | ---D | C] -- C:\app
[2013/01/15 00:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2013/01/11 13:00:05 | 000,000,000 | ---D | C] -- C:\5af066e0d50a31cf82d8e6
[2013/01/10 03:02:57 | 000,000,000 | ---D | C] -- C:\817c56463a83b7f0d795
[2 C:\Users\trace\Desktop\*.tmp files -> C:\Users\trace\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\trace\Documents\*.tmp files -> C:\Users\trace\Documents\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/08 20:27:46 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/08 20:15:20 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\trace\Desktop\aswMBR.exe
[2013/02/08 20:10:30 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-889684394-3566908023-1206495480-1000UA.job
[2013/02/08 20:10:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\trace\Desktop\OTL.exe
[2013/02/08 20:06:32 | 000,582,209 | ---- | M] () -- C:\Users\trace\Desktop\AdwCleaner.exe
[2013/02/08 19:51:45 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/08 19:46:21 | 000,000,410 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for trace.job
[2013/02/08 19:46:13 | 000,006,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/08 19:46:13 | 000,006,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/08 19:45:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/07 06:27:39 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/06 20:38:29 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFortrace.job
[2013/02/06 20:19:00 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2013/02/05 12:08:45 | 000,000,820 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013/02/05 11:10:18 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-889684394-3566908023-1206495480-1000Core.job
[2013/02/05 10:53:13 | 000,619,382 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/05 10:53:13 | 000,108,826 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/02 22:09:01 | 000,000,689 | ---- | M] () -- C:\Windows\m3jpeg.ini
[2013/02/02 22:09:00 | 000,112,128 | ---- | M] () -- C:\Users\trace\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/02 22:08:25 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2013/01/25 14:55:13 | 000,000,901 | ---- | M] () -- C:\Users\trace\Desktop\join.me.lnk
[2013/01/22 03:04:37 | 000,004,482 | ---- | M] () -- C:\Users\trace\AppData\Roaming\wklnhst.dat
[2013/01/15 00:39:07 | 000,000,760 | ---- | M] () -- C:\Users\trace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Socialbox.lnk
[2013/01/15 00:35:15 | 000,001,957 | ---- | M] () -- C:\Users\trace\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/10 12:29:34 | 001,085,958 | ---- | M] () -- C:\Users\trace\Documents\Consent for release of information.pdf
[2013/01/10 12:29:02 | 000,227,666 | ---- | M] () -- C:\Users\trace\Documents\Copy of State of Ga, Application for Employment.pdf
[2 C:\Users\trace\Desktop\*.tmp files -> C:\Users\trace\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\trace\Documents\*.tmp files -> C:\Users\trace\Documents\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/02/08 20:19:25 | 000,582,209 | ---- | C] () -- C:\Users\trace\Desktop\AdwCleaner.exe
[2013/01/25 14:55:14 | 000,000,901 | ---- | C] () -- C:\Users\trace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
[2013/01/25 14:55:13 | 000,000,901 | ---- | C] () -- C:\Users\trace\Desktop\join.me.lnk
[2013/01/10 12:29:28 | 001,085,958 | ---- | C] () -- C:\Users\trace\Documents\Consent for release of information.pdf
[2013/01/10 12:28:56 | 000,227,666 | ---- | C] () -- C:\Users\trace\Documents\Copy of State of Ga, Application for Employment.pdf
[2012/08/11 04:27:06 | 000,000,030 | ---- | C] () -- C:\ProgramData\ftstate.ini
[2011/10/15 22:18:59 | 000,158,720 | ---- | C] () -- C:\Windows\System32\WS_VideoConverterContextMenu.dll
[2011/07/17 11:59:29 | 000,034,928 | ---- | C] () -- C:\Users\trace\jan2012FAFSA.htm
[2011/07/12 20:20:13 | 000,036,043 | ---- | C] () -- C:\Users\trace\Confirmation - FAFSA on the Web - Federal Student Aid.htm
[2011/06/15 00:58:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/08 13:31:57 | 000,017,977 | ---- | C] () -- C:\Users\trace\Modestneeds.htm
[2010/08/30 12:14:25 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/05/09 14:37:30 | 511,049,589 | ---- | C] () -- C:\Users\trace\HD test SRW@.wmv
[2009/11/20 12:50:26 | 000,001,356 | ---- | C] () -- C:\Users\trace\AppData\Local\d3d9caps.dat
[2009/08/26 20:51:33 | 000,012,152 | ---- | C] () -- C:\Users\trace\SRWJ Scenario 40 p1.veg
[2009/01/09 22:12:20 | 000,005,098 | ---- | C] () -- C:\ProgramData\nmpmeswb.lkq
[2008/12/21 19:17:46 | 000,000,724 | ---- | C] () -- C:\Users\trace\mixxxtrack.xml
[2008/12/21 19:14:20 | 000,000,828 | ---- | C] () -- C:\Users\trace\mixxx.cfg
[2008/12/12 23:18:43 | 000,112,128 | ---- | C] () -- C:\Users\trace\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/01 04:12:21 | 000,000,004 | ---- | C] () -- C:\Users\trace\AppData\Roaming\829D1C
[2008/12/01 04:12:20 | 000,870,128 | ---- | C] () -- C:\Users\trace\AppData\Roaming\mcs.rma
[2008/12/01 03:23:24 | 000,004,482 | ---- | C] () -- C:\Users\trace\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 07:53:06 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2008/07/09 03:57:44 | 011,580,416 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2008/01/20 21:22:34 | 000,614,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/20 21:22:10 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009/08/09 11:19:58 | 000,000,000 | ---D | M] -- C:\Users\trace\AppData\Roaming\.BitTornado
[2012/08/10 11:16:42 | 000,000,000 | ---D | M] -- C:\Users\trace\AppData\Roaming\Babylon
[2013/01/08 21:01:46 | 000,000,000 | ---D | M] -- C:\Users\trace\AppData\Roaming\BitTorrent
[2011/08/10 20:01:18 | 000,000,000 | ---D | M] -- C:\Users\trace\AppData\Roaming\com.doubleperfect.ggpo
[2010/09/11 21:13:07 | 000,000,000 | ---D | M] -- C:\Users\trace\AppData\Roaming\com.doubleperfect.ggpo.0753AD3679DBFCA1E7F470171B7D0DB8B404A7EA.1
[2011/07/09 20:06:56 | 000,000,000 | ---D | M] -- C:\Users\trace\AppData\Roaming\com.socialbox.socialbox
[2009/05/13 16:57:07 | 000,000,000 | ---D | M] -- C:\Users\trace\AppData\Roaming\DAEMON Tools Lite
[2011/10/12 22:04:29 | 000,000,000 | ---D | M] -- C:\Users\trace\AppData\Roaming\dream-avi-to-mpg-converter
[2011/01/09 13:24:26 | 000,000,000 | ---D | M] -- C:\Users\trace\AppData\Roaming\FrostWire
[2010/06/06 10:33:22 | 000,000,000 | ---D | M] -- C:\Users\trace\AppData\Roaming\GetRightToGo
[2010/03/15 23:17:18 | 000,000,000 | ---D | M] -- C:\Users\trace\AppData\Roaming\ImgBurn
[2009/10/03 18:18:49 | 000,000,000 | ---D | M] -- C:\Users\trace\AppData\Roaming\IrfanView
[2011/01/24 11:28:17 | 000,000,000 | ---D | M] -- C:\Users\trace\AppData\Roaming\Local
[2010/11/22 07:33:32 | 000,000,000 | ---D | M] -- C:\Users\trace\AppData\Roaming\Moyea
[2011/11/25 15:06:38 | 000,000,000 | ---D | M] -- C:\Users\trace\AppData\Roaming\NJStar
[2010/11/06 18:26:18 | 000,000,000 | ---D | M] -- C:\Users\trace\AppData\Roaming\Octoshape
[2010/09/28 22:04:03 | 000,000,000 | ---D | M] -- C:\Users\trace\AppData\Roaming\ooVoo Details
[2009/08/23 23:24:16 | 000,000,000 | ---D | M] -- C:\Users\trace\AppData\Roaming\Publish Providers
[2011/04/17 18:08:49 | 000,000,000 | ---D | M] -- C:\Users\trace\AppData\Roaming\Registry Mechanic
[2009/07/22 20:43:40 | 000,000,000 | ---D | M] -- C:\Users\trace\AppData\Roaming\Sony
[2012/12/11 04:09:11 | 000,000,000 | ---D | M] -- C:\Users\trace\AppData\Roaming\StartNow Toolbar
[2008/12/09 00:39:48 | 000,000,000 | ---D | M] -- C:\Users\trace\AppData\Roaming\Template
[2011/01/14 12:41:05 | 000,000,000 | ---D | M] -- C:\Users\trace\AppData\Roaming\Unity
[2008/12/21 19:12:59 | 000,000,000 | ---D | M] -- C:\Users\trace\AppData\Roaming\WeatherBug
[2011/08/14 12:02:03 | 000,000,000 | ---D | M] -- C:\Users\trace\AppData\Roaming\WildTangent
[2009/03/01 11:04:36 | 000,000,000 | ---D | M] -- C:\Users\trace\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< "%WinDir%\$NtUninstallKB*$." /30 >
 
< C:\Program Files\Common Files\ComObjects\*.* /s >
[2006/11/02 08:00:25 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 08:00:25 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2008/11/30 06:47:25 | 000,000,322 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleFortrace.job
[2008/12/21 19:12:45 | 000,000,416 | ---- | C] () -- C:\Windows\Tasks\PCConfidential.job
[2009/06/30 20:07:20 | 000,000,882 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009/06/30 20:07:21 | 000,000,886 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2010/12/27 09:21:08 | 000,000,820 | ---- | C] () -- C:\Windows\Tasks\Google Software Updater.job
[2011/01/14 14:13:16 | 000,000,410 | -H-- | C] () -- C:\Windows\Tasks\Norton Security Scan for trace.job
[2012/06/06 17:55:05 | 000,000,856 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-889684394-3566908023-1206495480-1000Core.job
[2012/06/06 17:55:07 | 000,000,908 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-889684394-3566908023-1206495480-1000UA.job
[2012/10/11 18:12:46 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\*. /rp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008/12/09 00:09:46 | 019,472,384 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/12/09 00:09:30 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/12/09 00:09:46 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2008/12/09 00:09:57 | 019,050,496 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2008/12/09 00:09:59 | 006,766,592 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\drivers\*.sys /90 >
 
< %SYSTEMDRIVE%\*.exe >
 
< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
 
< MD5 for: AFD.SYS  >
[2011/04/21 08:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys
[2011/04/21 08:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\System32\drivers\afd.sys
[2011/04/21 08:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys
[2011/04/21 08:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys
[2008/01/20 21:22:25 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2011/04/21 08:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys
 
< MD5 for: ATAPI.SYS  >
[2008/01/20 21:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\ERDNT\cache\atapi.sys
[2008/01/20 21:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/20 21:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:21:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: EXPLORER.EXE  >
[2008/01/20 21:22:34 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\ERDNT\cache\explorer.exe
[2008/01/20 21:22:34 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\explorer.exe
[2008/01/20 21:22:34 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: NETBT.SYS  >
[2008/01/20 21:23:10 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7C5FEE5B1C5728507CD96FB4A13E7A02 -- C:\Windows\System32\drivers\netbt.sys
[2008/01/20 21:23:10 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7C5FEE5B1C5728507CD96FB4A13E7A02 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys
 
< MD5 for: SERVICES.EXE  >
[2008/01/20 21:22:56 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\ERDNT\cache\services.exe
[2008/01/20 21:22:56 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\System32\services.exe
[2008/01/20 21:22:56 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
 
< MD5 for: SVCHOST.EXE  >
[2008/01/20 21:21:53 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/20 21:21:53 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 21:21:53 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
 
< MD5 for: TDX.SYS  >
[2008/01/20 21:23:00 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=D09276B1FAB033CE1D40DCBDF303D10F -- C:\Windows\System32\drivers\tdx.sys
[2008/01/20 21:23:00 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=D09276B1FAB033CE1D40DCBDF303D10F -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys
 
< MD5 for: VOLSNAP.SYS  >
[2006/11/02 04:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2008/01/20 21:21:29 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\drivers\volsnap.sys
[2008/01/20 21:21:29 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/20 21:21:29 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys
 
< MD5 for: WININIT.EXE  >
[2008/01/20 21:21:52 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/20 21:21:52 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008/01/20 21:22:59 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe
[2008/01/20 21:22:59 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/20 21:22:59 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/01/25 21:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/01/25 21:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/01/25 21:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/01/25 21:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/02/07 05:50:27 | 000,864,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/02/07 05:50:27 | 000,864,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/02/07 05:50:27 | 000,864,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013/02/07 05:50:31 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/02/07 05:50:31 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/02/07 05:50:31 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/01/25 21:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/01/25 21:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/01/25 21:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/01/25 21:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/20 21:22:25 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/20 21:22:25 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/20 21:22:25 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2008/01/20 21:21:57 | 000,625,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2012/04/25 09:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2012/04/25 09:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2012/04/25 09:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2012/04/25 09:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/01/25 21:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/01/25 21:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/01/25 21:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/01/25 21:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/02/07 05:50:27 | 000,864,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/02/07 05:50:27 | 000,864,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/02/07 05:50:27 | 000,864,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013/02/07 05:50:31 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/02/07 05:50:31 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/02/07 05:50:31 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/01/25 21:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/01/25 21:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/01/25 21:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/01/25 21:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/20 21:22:25 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/20 21:22:25 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/20 21:22:25 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2008/01/20 21:21:57 | 000,625,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2012/04/25 09:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2012/04/25 09:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2012/04/25 09:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2012/04/25 09:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
 
< HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s >
"" = PSFactoryBuffer
[HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemsvc.dll -- [2008/01/20 21:21:59 | 000,049,152 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:3217BE925D9A75CE
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
 

 

EXTRAS LOGFILE

 

 

OTL Extras logfile created on: 2/8/2013 8:34:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\trace\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.87 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 48.55% Memory free
3.99 Gb Paging File | 2.16 Gb Available in Paging File | 54.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.03 Gb Total Space | 8.49 Gb Free Space | 6.15% Space Free | Partition Type: NTFS
Drive D: | 11.02 Gb Total Space | 1.46 Gb Free Space | 13.29% Space Free | Partition Type: NTFS
Drive G: | 983.72 Mb Total Space | 909.67 Mb Free Space | 92.47% Space Free | Partition Type: FAT
 
Computer Name: TRACE-PC | User Name: trace | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-889684394-3566908023-1206495480-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-889684394-3566908023-1206495480-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\TESTOUT\Cmi\Navigator.exe" = C:\Program Files\TESTOUT\Cmi\Navigator.exe:*:Disabled:TestOut Navigator
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\TESTOUT\Cmi\Navigator.exe" = C:\Program Files\TESTOUT\Cmi\Navigator.exe:*:Disabled:TestOut Navigator
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{124261D4-29B7-464C-A05E-E7443A5FF494}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{2BD4F8B5-81D3-439A-A741-322DAEBB5C8A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{2DB91074-F361-4449-8560-F24574D59072}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{2DFD55C4-77C2-4951-8F66-F17E650A3759}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{37FD8163-2867-4762-87DF-918DC7CE6C28}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{3BABFA43-ADF3-44A2-9D1B-FE64E317313F}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{4035E2D4-4154-4A0E-ADC0-8B39A8877EC4}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{46BFA10B-58EA-4081-92FD-FA99BCB46F87}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{4C5F2463-B5AB-4530-A4D5-27C1D1AC5411}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{5C3610A9-B754-4E79-A9A7-6AC67F9F78E5}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{5F5CFB01-88CD-439E-AED1-8B793B435DE0}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{62B327D2-66BB-4075-8B06-45F0F11D541A}" = lport=3389 | protocol=6 | dir=in | app=system |
"{839CB19D-E012-4F0B-A917-5F33E845D9ED}" = lport=6001 | protocol=17 | dir=in | name=ggpo port 6001 |
"{991D2A5E-931F-4D73-9DBB-F0F43A02E92C}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9CCA809C-AEC0-4792-8BB4-4E891C9AF9BA}" = lport=6000 | protocol=17 | dir=in | name=ggpo port 6000 |
"{B1696CEC-4480-40EF-9DCB-B9D28CEE93F6}" = lport=7000 | protocol=6 | dir=in | name=ggpo |
"{B510F96C-A3D7-4AF3-9C31-64C498DFCB9D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C47CCC96-9911-44D9-ABCD-0108CABF115A}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{D1163D7C-D13F-46F0-8BC1-85E24B2352AD}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DC5643A6-4269-438D-A821-5EC57A86BE26}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{E9C0381F-903D-43A1-8E8C-8DE870A3D464}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EA43E235-CEA5-43AE-9D5A-888E7E81B8F2}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0514C441-D8FC-44D0-8BF1-21A665371741}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{064049B7-57D0-4F56-A3FA-350B91E46722}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{0AF4BB14-3F74-4557-9A06-ABE037ED9CC2}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe |
"{11B23C56-BC52-4835-94EF-6421911B08D0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1D74BEEF-174B-40D8-BEC4-276D903797EA}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{217510A0-9BBA-4652-B067-777405908602}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{227EE4BA-8ACA-450E-B8FC-7A7404467650}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{27EF547B-DF90-4C8D-9254-5228477CE7A1}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe |
"{2859D22B-21DA-46E7-A106-C6D8D893D73A}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe |
"{36FD300D-8842-4183-B32F-C2CAA51067F4}" = dir=in | app=c:\program files\hp\dvdplay\dpservice.exe |
"{42C797D3-3795-475C-86F9-BEB072F81FFB}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe |
"{45D2E318-43D3-4615-80EF-1872DDDE7933}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{48C78B3F-DEC7-4278-86EB-221F1C6F04EB}" = dir=in | app=c:\program files\hp\dvdplay\dvdplay.exe |
"{496653B9-258B-42F0-8C45-8AD4EA82C014}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4DA76C3F-4A6E-4DAC-9E48-AA9568BBF914}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{4F4DF4A9-655C-41B4-8AD7-7F481C1D9349}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{51497357-EEC8-4176-B664-E2B274383733}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe |
"{5B47E5D5-60F0-4BBF-A65D-D8714ADB3F1E}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |
"{5C186094-2F57-41B8-8121-F9F689961746}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{685654EB-B76A-46CC-8F1E-81C1B95EBADA}" = protocol=6 | dir=in | app=c:\program files\att-hsi\mccibrowser.exe |
"{69DC0FB6-442A-422E-87CC-013E733198C0}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{86812AC9-4A9D-43CA-9767-E6505FF3F438}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{88788A5C-7DC6-411B-9830-9941D0F34A17}" = protocol=17 | dir=in | app=c:\program files\att-hsi\mccibrowser.exe |
"{8AC092D9-500A-4C24-A153-6674AED8D637}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{8BD13922-E1ED-4C1A-87A4-146C122C32E4}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8CCE9ED9-35A1-444D-AC96-34C5442F4BB6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{94CD3B85-31B2-4D57-86B9-729D7A47F9EB}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{A4E98116-5B7E-4DD8-A71C-74917D1EE578}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{AE1484D4-5DB5-4048-B25C-E1EC97EC9679}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B03A4EF8-32A4-4C2E-9858-31A6BBE79EF8}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{B4BDA94C-CCA3-4B35-B5D0-FF4A659E32EF}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{B68D143F-52E8-4A85-A782-94F96BDC8976}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{B6F089EC-8015-461D-9C7C-416EE98349C9}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C36BD9F0-CDF7-4E56-ACD4-62C262FE8D23}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |
"{C6A5F21F-A550-47C5-B816-298BDB70F479}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe |
"{CB143011-03BB-4B65-9027-1BC91D0C4044}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe |
"{CCCEDD62-1B46-4CDF-88B0-F03EAA37C295}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D1C64B5E-CF74-4F75-907C-5DE9E520F4BE}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{DB2E4FE9-0C14-4367-9B24-AC47A2D29EF2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DEBB4B32-F3B8-4AF9-9BA8-E7FF4DC0A21B}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{E0281DC1-666C-41F1-9E78-8E60F5673DAE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E05F0991-5AC8-45EE-A568-7FBE495C232E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E793849E-EED8-4F49-8B0B-D90FF8001041}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{F478F6FD-E3BF-4248-B734-4BBC42A1881D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F5BF774C-F33E-4B52-AC0C-2FB5FDC56FC2}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F9D6979F-5051-457D-93C1-AA2223195A25}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{FB82009E-EAB7-4E56-8C8A-D45E1E8FA8E0}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{FBD3604A-EE65-4377-BEDA-6F6291D7A2BC}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe |
"TCP Query User{016390FB-8990-40F0-9C3B-1B53E876DC9C}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{0B105221-E7B9-4A80-97CD-15D9760CEC09}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{1330CC6B-663B-4ED7-AB12-AC6A8A0A94FE}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"TCP Query User{2903E363-ABAD-4E91-8BEC-C604FC259D43}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{36D1D917-F45D-493A-86F4-26C17E5DABBE}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{402CFD50-12E4-4362-AA58-A8070470C16B}C:\program files\ggpo\ggpo.exe" = protocol=6 | dir=in | app=c:\program files\ggpo\ggpo.exe |
"TCP Query User{4CC617A0-C5DF-458B-B53A-F030FA52D151}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"TCP Query User{7C1CD3E0-1805-406A-9831-342D3208F0D9}C:\app\trace\product\11.1.0\db_1\jdk\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\app\trace\product\11.1.0\db_1\jdk\jre\bin\java.exe |
"TCP Query User{7CCD0905-AB55-4E22-B52C-FCBD9478445B}C:\users\trace\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\trace\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{8FEA5095-78E6-4BFA-B9FC-F36678536A9F}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"TCP Query User{AB98F9DF-8455-437A-8D9A-FC60F1F7FFDD}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{ABC9F38E-5215-49C8-A7F0-9D316CA5DA35}C:\users\trace\desktop\ggpo-build-030\ggpo.exe" = protocol=6 | dir=in | app=c:\users\trace\desktop\ggpo-build-030\ggpo.exe |
"TCP Query User{B8DA4C92-302C-4B9D-8843-D9963472E7B0}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{C2357B56-97D3-4663-88A8-209D27F9B36A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{D23A726D-FB90-4A81-90EC-7CA59E91AFAB}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{DD66122A-3E7C-42ED-A42F-966DEC6AC903}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{E391B19B-16BE-4D38-807D-D01961B8322E}C:\users\trace\appdata\local\temp\orainstall2013-01-15_12-42-58am\jdk\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\trace\appdata\local\temp\orainstall2013-01-15_12-42-58am\jdk\jre\bin\javaw.exe |
"TCP Query User{FB5313CC-630C-4EA4-9A60-2F63C6002125}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{1530F4C1-E559-4D19-83CB-F42EEB293B7C}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{1565A762-6934-40A0-83EE-A4D33DC55201}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"UDP Query User{32FDBCC3-BE7D-484D-94B6-925174632354}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{3D121ED0-1FF9-4533-9353-A9E618DE55A0}C:\app\trace\product\11.1.0\db_1\jdk\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\app\trace\product\11.1.0\db_1\jdk\jre\bin\java.exe |
"UDP Query User{3D5CA519-76CF-4A0B-8F29-F883F3516710}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{43BDAA50-B5DB-4A24-AA5E-670AB57A1A66}C:\users\trace\appdata\local\temp\orainstall2013-01-15_12-42-58am\jdk\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\trace\appdata\local\temp\orainstall2013-01-15_12-42-58am\jdk\jre\bin\javaw.exe |
"UDP Query User{53B53F29-9966-4E51-902E-7B82D0B46FB5}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{5437DDF4-DAD1-4485-8EE2-43EDFBC7AC29}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{55CD8736-112C-453B-B868-C4B5F8465F1A}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{837CA396-7089-4435-8E9B-8E0D8DBD0AF1}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{8C98E2D3-532C-4E1F-9E3D-D38518D80495}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{8CCBFEB6-BCA0-43D5-8A23-A157FEFF05F7}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{937A851F-7264-4655-BDFA-023CF8FA13B4}C:\program files\ggpo\ggpo.exe" = protocol=17 | dir=in | app=c:\program files\ggpo\ggpo.exe |
"UDP Query User{B60BB8D3-BC81-47E6-A0DE-2EBF547C4007}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{BD46EE43-A37F-4F40-B530-125605B1A94E}C:\users\trace\desktop\ggpo-build-030\ggpo.exe" = protocol=17 | dir=in | app=c:\users\trace\desktop\ggpo-build-030\ggpo.exe |
"UDP Query User{C9A7ED8F-061E-466F-877C-0EC2D866BA1D}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"UDP Query User{E5CDFAED-4B39-4F49-9896-4DCB619A5D31}C:\users\trace\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\trace\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{F942557A-EDCD-4FF0-8E3E-6D9F391F89A8}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Veoh Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{2243C6DC-39EA-4D5E-B743-3AE510A91B3A}" = WeatherBug
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{23E5C72C-CC08-4EE0-9CC2-D925B232B331}" = Microsoft MSDN 2005 Express Edition - ENU
"{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{32A3A4F4-B792-11D6-A78A-00B0D0160170}" = Java™ SE Development Kit 6 Update 17
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}" = Sound Blaster Live! Web 2K/XP
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = DVD Play
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{577AD794-8B34-40B4-9E7A-BE4CFFE396E6}" = Microsoft Visual Basic 2005 Express Edition - ENU
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D38959D-2B4D-8AB0-FD1B-27C324E78DB0}" = RichFLV
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{68BD9036-0952-4849-AE7A-963BB53EDB71}" = GGPO
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97ABD26A-3249-46CB-B2E2-F66E64B2E480}" = HP Demo
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A3D44AD8-D3C9-45E4-B861-3B653C6EF620}" = Rhapsody MP3 Download Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD37EE3-50A7-45DB-97B9-1C8B900E9E8B}" = Movavi Video Converter 7
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3A4B5A9-C9CA-7C40-F58A-9BC514BAC3BA}" = Socialbox
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7E2A724-2774-4AC2-9F0A-B58C7319B6E6}" = Sony Vegas Pro 8.0
"{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}" = muvee autoProducer 6.1
"{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}" = Pinnacle Instant DVD Recorder
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D1B3874F-3057-11D6-B2EA-0050BA18806B}" = Camera Driver
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D952C4F9-2488-3723-84BE-1BFA907DCAC9}" = Google Talk Plugin
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Aleks 3.12" = Aleks 3.12
"Alive Video Joiner_is1" = Alive Video Joiner (version 1.1.0.9)
"avast!" = avast! Antivirus
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitTorrent" = BitTorrent
"claro" = Claro LTD toolbar  on IE
"CloneCD" = CloneCD
"CNXT_MODEM_PCI_HSF" = PCIe Soft Data Fax Modem with SmartCP
"com.socialbox.socialbox" = Socialbox
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"Comcast" = Easy Solve
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Comical_is1" = Comical 0.8
"de.benz.RichFLV.A73E9F89A0F07611DDC8DCF9F06D33E089C383B6.1" = RichFLV
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVDx_is1" = DVDx
"Easy Graphic Converter 1.2_is1" = Easy Graphic Converter 1.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FairUse Wizard 2" = FairUse Wizard 2
"FLV Knife_is1" = FLV Knife 0.0.0003
"Giraffic" = Veoh Giraffic Video Accelerator
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"ImgBurn" = ImgBurn
"InFlac" = InFlac 1.1.1
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Full)
"m3jpegV3" = Morgan M-JPEG codec V3
"Matroska Pack" = Matroska Pack
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft MSDN 2005 Express Edition - ENU" = Microsoft MSDN 2005 Express Edition - ENU
"Microsoft Visual Basic 2005 Express Edition - ENU" = Microsoft Visual Basic 2005 Express Edition - ENU
"Mixxx" = NSIS Mixxx
"Mozilla Firefox 18.0.2 (x86 en-US)" = Mozilla Firefox 18.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Nightwing's Diamond/Pearl Stat Calculator" = Nightwing's Diamond/Pearl Stat Calculator
"NJStar Communicator" = NJStar Communicator
"NSS" = Norton Security Scan
"PakkISO_is1" = PakkISO 0.4
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"RealPlayer 15.0" = RealPlayer
"RealVNC_is1" = VNC Free Edition 4.1.3
"Rhapsody" = Rhapsody
"Savings Sidekick" = Savings Sidekick
"sp44626" = sp44626
"StartNow Toolbar" = StartNow Toolbar
"Super DVD Creator_is1" = Super DVD Creator 9.25.0
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 0.9.2
"VueScan" = VueScan
"WildTangent hp Master Uninstall" = My HP Games
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"Wondershare Video Converter Platinum_is1" = Wondershare Video Converter Platinum(Build 5.1.2.0)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-889684394-3566908023-1206495480-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"JoinMe" = join.me
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
"UnityWebPlayer" = Unity Web Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.2
 
========== Last 20 Event Log Errors ==========
 
[ Antivirus Events ]
Error - 12/4/2009 2:07:20 AM | Computer Name = trace-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 http://www.pikupze.net/kewhvkeqretroanpaoq/ failed, 00000005.  
 
Error - 12/9/2009 2:28:54 AM | Computer Name = trace-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 http://tag.admeld.com/ad/js/157/digg/300x250/diggb3_btf_games?01AD=3fKk9E_1QQUYww-gIT1Ra6HZQ8RkRbcPLbgMt61yedVgd3HCgm-6veA&01RI=6794F20CB6B57D0&01NA=na&t=1260340120675&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fdigg.com%2Fad%2Flwrrail
 failed, 00000005.  
 
Error - 1/11/2010 3:59:15 AM | Computer Name = trace-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 http://www.gothoes.com/0753-1393/kapri-styles-and-sydnee-capri-enjoy-the-same-cock.html
 failed, 00000005.  
 
Error - 1/20/2010 11:17:16 PM | Computer Name = trace-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 http://mp3forumu.net/buyuk-seytan-ucgeni/ failed, 00000005.  
 
Error - 1/22/2010 12:14:27 AM | Computer Name = trace-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 http://affiliate.collegesurfing.com/js/liveperson_collegebound.js failed, 00000005.
 
 
Error - 9/29/2012 8:33:13 PM | Computer Name = trace-PC | Source = avast! | ID = 33554522
Description = ASWSIMPLE Application error. Error details: INVALID LICENSE NUMBER.
 
 
[ Application Events ]
Error - 2/8/2013 3:19:23 PM | Computer Name = trace-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4321
 
Error - 2/8/2013 3:19:24 PM | Computer Name = trace-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 2/8/2013 3:19:24 PM | Computer Name = trace-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5335
 
Error - 2/8/2013 3:19:24 PM | Computer Name = trace-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5335
 
Error - 2/8/2013 5:35:28 PM | Computer Name = trace-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 2/8/2013 5:35:28 PM | Computer Name = trace-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1014
 
Error - 2/8/2013 5:35:28 PM | Computer Name = trace-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1014
 
Error - 2/8/2013 5:35:29 PM | Computer Name = trace-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 2/8/2013 5:35:29 PM | Computer Name = trace-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4321
 
Error - 2/8/2013 5:35:29 PM | Computer Name = trace-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4321
 
[ Media Center Events ]
Error - 5/20/2012 6:48:26 PM | Computer Name = trace-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 5/20/2012 8:43:26 PM | Computer Name = trace-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 5/20/2012 10:10:37 PM | Computer Name = trace-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 5/21/2012 8:06:02 AM | Computer Name = trace-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 5/22/2012 8:42:39 AM | Computer Name = trace-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 5/22/2012 8:20:31 PM | Computer Name = trace-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 5/22/2012 10:01:24 PM | Computer Name = trace-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 5/23/2012 6:15:49 AM | Computer Name = trace-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 6/7/2012 8:27:35 AM | Computer Name = trace-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 8/17/2012 8:55:49 AM | Computer Name = trace-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
[ OSession Events ]
Error - 3/6/2010 11:44:08 AM | Computer Name = trace-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 60
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 2/14/2011 10:27:30 AM | Computer Name = trace-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 241124
 seconds with 4680 seconds of active time.  This session ended with a crash.
 
Error - 3/27/2012 12:58:49 AM | Computer Name = trace-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 11/26/2012 5:22:50 PM | Computer Name = trace-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 8
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 2/6/2013 9:50:59 PM | Computer Name = trace-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
 
Error - 2/6/2013 9:50:59 PM | Computer Name = trace-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
 
Error - 2/6/2013 9:50:59 PM | Computer Name = trace-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
 
Error - 2/6/2013 9:51:22 PM | Computer Name = trace-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 2/6/2013 9:51:38 PM | Computer Name = trace-PC | Source = Service Control Manager | ID = 7031
Description =
 
Error - 2/7/2013 6:49:43 AM | Computer Name = trace-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
 address 00235402ABFB has been denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 2/7/2013 10:47:06 PM | Computer Name = trace-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.4 for the Network Card with network
 address 00235402ABFB has been denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 2/8/2013 1:44:06 PM | Computer Name = trace-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.5 for the Network Card with network
 address 00235402ABFB has been denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 2/8/2013 3:25:24 PM | Computer Name = trace-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.6 for the Network Card with network
 address 00235402ABFB has been denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 2/8/2013 8:45:49 PM | Computer Name = trace-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.7 for the Network Card with network
 address 00235402ABFB has been denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
 
< End of report >
 

 

aswMBR LOGFILE

 

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-08 21:14:50
-----------------------------
21:14:50.901    OS Version: Windows 6.0.6001 Service Pack 1
21:14:50.902    Number of processors: 2 586 0x6B02
21:14:50.905    ComputerName: TRACE-PC  UserName: trace
21:14:53.235    Initialize success
21:16:18.643    AVAST engine defs: 13020801
21:17:32.011    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
21:17:32.018    Disk 0 Vendor: Hitachi_ GMBO Size: 152627MB BusType: 3
21:17:32.052    Disk 0 MBR read successfully
21:17:32.058    Disk 0 MBR scan
21:17:32.111    Disk 0 Windows VISTA default MBR code
21:17:32.118    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       141345 MB offset 63
21:17:33.493    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        11280 MB offset 289475235
21:17:33.504    Disk 0 scanning sectors +312576705
21:17:33.582    Disk 0 scanning C:\Windows\system32\drivers
21:17:57.253    Service scanning
21:19:01.351    Modules scanning
21:19:40.516    Disk 0 trace - called modules:
21:19:40.552    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
21:19:40.916    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8593aac8]
21:19:40.929    3 CLASSPNP.SYS[87cbf745] -> nt!IofCallDriver -> [0x83ffe700]
21:19:40.956    5 acpi.sys[829e16a0] -> nt!IofCallDriver -> \Device\00000060[0x84d97c90]
21:19:41.757    AVAST engine scan C:\Windows
21:19:59.897    AVAST engine scan C:\Windows\system32
21:25:03.609    AVAST engine scan C:\Windows\system32\drivers
21:25:25.465    AVAST engine scan C:\Users\trace
21:40:31.142    AVAST engine scan C:\ProgramData
21:46:32.990    Scan finished successfully
21:59:48.812    Disk 0 MBR has been saved successfully to "G:\MBR.dat"
21:59:48.995    The log file has been saved successfully to "G:\aswMBR.txt"

 

 

 

 

 

 



#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:06 PM

Posted 09 February 2013 - 03:38 PM

Hi KingLit!

No worries at all!

Comp is still acting up.

Well lets take a look and see what we can do about improving that.

What Anti-Virus program do you plan on keeping? I see a couple different ones installed on your computer.

It looks like you have quite a bit of adware installed on your computer.

Lets run adwCleaner again to remove some of that.

Download the adwCleaner
  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the option
    [img=https://dl.dropbox.com/u/12541379/Images/Diversas%20[en]/Run%20as%20admin.png]
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.
  • NEXT:



    OTL Fix

    We need to run an OTL Fix

    Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.
  • Please reopen otlicon.png on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    PRC - [2012/06/22 08:55:48 | 000,265,952 | ---- | M] () -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
    SRV - [2012/06/22 08:55:48 | 000,265,952 | ---- | M] () [Auto | Running] -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
    IE - HKLM\..\SearchScopes\{4ECD9BFB-55E9-42E0-A875-21F5822773FC}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.claro-search.com/?q={searchTerms}&affID=111917&tt=090812_clr_3212_1&babsrc=SP_ss&mntrId=569f3c4300000000000000235402abfb
    IE - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.claro-search.com/?q={searchTerms}&affID=111917&tt=090812_clr_3212_1&babsrc=SP_ss&mntrId=569f3c4300000000000000235402abfb
    IE - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = http://www.bing.com/search?FORM=OCYTDF&PC=OCDY&q={searchTerms}&src=IE-SearchBox
    IE - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000030&src=crm&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000
    IE - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\..\SearchScopes\{3A9A5C13-2D3F-49E8-8BD6-F8DD111E6162}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
    IE - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\..\SearchScopes\{4ECD9BFB-55E9-42E0-A875-21F5822773FC}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\..\SearchScopes\{63140ECF-C629-BE59-8F0E-90B4FF340C03}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z128&form=ZGAIDF&install_date=20111013&iesrc={referrer:source}
    IE - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\..\SearchScopes\ComcastSearch: "URL" = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_self_search
    FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
    [2012/12/11 04:09:29 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
    [2013/02/08 14:32:08 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    [2012/11/19 12:03:28 | 000,000,000 | ---D | M] ("Savings Sidekick") -- C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\crossriderapp5060@crossrider.com
    [2011/10/12 22:02:23 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\plugin@yontoo.com
    [2012/08/10 11:16:56 | 000,006,531 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files\Claro LTD\claro\1.6.4.1\bh\claro.dll (Montera Technologeis LTD)
    O2 - BHO: (Savings Sidekick) - {11111111-1111-1111-1111-110011501160} - C:\Program Files\Savings Sidekick\Savings Sidekick.dll (215 Apps)
    O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()
    O2 - BHO: (Updater For Simppull Toolbar) - {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files\simppulltoolbar\auxi\simppulltoolbAu.dll File not found
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
    O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()
    O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files\Claro LTD\claro\1.6.4.1\claroTlbr.dll (Montera Technologeis LTD)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O3 - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\..\Toolbar\WebBrowser: (no name) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No CLSID value found.
    O3 - HKU\S-1-5-21-889684394-3566908023-1206495480-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O4 - HKLM..\Run: [StartNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe" File not found
    O4 - HKU\S-1-5-21-889684394-3566908023-1206495480-1000..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
    O4 - HKU\S-1-5-21-889684394-3566908023-1206495480-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
    O4 - HKU\S-1-5-21-889684394-3566908023-1206495480-1000..\Run: [Windows Time] rundll32.exe  File not found
    O33 - MountPoints2\{c2b38ce0-f729-11de-9991-00235402abfb}\Shell - "" = AutoRun
    O33 - MountPoints2\{c2b38ce0-f729-11de-9991-00235402abfb}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O33 - MountPoints2\{c2b38ce2-f729-11de-9991-00235402abfb}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\CueBuD.ExE
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • NEXT:



    Please be sure to provide me with the requested log files above, as well as an update on how things are with your computer.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 Kinglit

Kinglit
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 10 February 2013 - 05:51 PM

Okay, OTL froze, and now im getting this "Logon process has failed to created the security options dialog - Failure -Security Options" error

 

 

EDIT: I'll try it in Safe Mode (Networking Support) and see if it works there.

 

 

EDIT 2: It worked in Safe Mode, but when i tried to load in Normal mode again, it started off (and still IS) super sluggish.

 

EDIT 3:

 

ADWCLEANER LOGFILE 2

 

# AdwCleaner v2.111 - Logfile created 02/09/2013 at 18:15:21
# Updated 05/02/2013 by Xplode
# Operating system : Windows Vista ™ Ultimate Service Pack 1 (32 bits)
# User : trace - TRACE-PC
# Boot Mode : Normal
# Running from : C:\Users\trace\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : bProtector
Stopped & Deleted : Updater Service for StartNow Toolbar

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\bProtectorForWindows
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\user.js
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\bprotector_extensions.sqlite
File Deleted : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\bprotector_prefs.js
File Deleted : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\searchplugins\askcomsearch.xml
File Deleted : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\searchplugins\bProtect.xml
File Deleted : C:\Users\trace\Desktop\Free Animated Desktop Wallpaper.lnk
File Deleted : C:\Users\trace\Desktop\Free Dolphin Screensaver.lnk
File Deleted : C:\Users\trace\Desktop\searchplugins\bProtect.xml
File Deleted : C:\Users\trace\Documents\searchplugins\bProtect.xml
File Deleted : C:\Windows\system32\searchplugins\bProtect.xml
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Claro LTD
Folder Deleted : C:\Program Files\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\Program Files\Savings Sidekick
Folder Deleted : C:\Program Files\Yontoo Layers Runtime
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freeze.com
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartShopper
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Folder Deleted : C:\Users\trace\AppData\Local\OpenCandy
Folder Deleted : C:\Users\trace\AppData\Local\Savings Sidekick
Folder Deleted : C:\Users\trace\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\trace\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\trace\AppData\Roaming\Babylon
Folder Deleted : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\Conduit
Folder Deleted : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\ConduitCommon
Folder Deleted : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\CT2438727
Folder Deleted : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
Folder Deleted : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
Folder Deleted : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\crossriderapp5060@crossrider.com
Folder Deleted : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\plugin@yontoo.com
Folder Deleted : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\toolbar@ask.com
Folder Deleted : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\FCTB
Folder Deleted : C:\Users\trace\Desktop\bProtectorForWindows
Folder Deleted : C:\Users\trace\Documents\bProtectorForWindows
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Folder Deleted : C:\Windows\system32\bProtectorForWindows

***** [Registry] *****

Key Deleted : HKCU\Software\5e0d78fb76fe842
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Savings Sidekick
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Claro LTD
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Freeze.com
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\claro
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Savings Sidekick
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StartNow Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011501160}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\StartNow Toolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\5e0d78fb76fe842
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\Software\Claro LTD
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\claro.claroappCore
Key Deleted : HKLM\SOFTWARE\Classes\claro.claroappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\claro.clarodskBnd
Key Deleted : HKLM\SOFTWARE\Classes\claro.clarodskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\claro.claroHlpr
Key Deleted : HKLM\SOFTWARE\Classes\claro.claroHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{05340575-7D2A-4266-9A84-7EEBDC476884}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011501160}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022502260}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033503360}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97C47A30-3CFB-474B-94E3-6019A7EE0610}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE4FC43F-84CE-4E20-88C2-2188525B47FB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.FBApi
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.FBApi.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.claroESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.claroESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505560}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506660}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077507760}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044504460}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr
Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60295942-9E5F-4EE8-B785-3A655904D24F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011501160}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\claro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Savings Sidekick
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar
Key Deleted : HKLM\SOFTWARE\Software
Key Deleted : HKLM\Software\StartNow Toolbar
Key Deleted : HKLM\Software\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9E131A93-EED7-4BEB-B015-A0ADB30B5646}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [StartNowToolbarHelper]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6001.18000

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\prefs.js

C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("extensions.claro.admin", false);
Deleted : user_pref("extensions.claro.aflt", "babsst");
Deleted : user_pref("extensions.claro.dfltLng", "en");
Deleted : user_pref("extensions.claro.excTlbr", false);
Deleted : user_pref("extensions.claro.id", "569f3c4300000000000000235402abfb");
Deleted : user_pref("extensions.claro.instlDay", "15562");
Deleted : user_pref("extensions.claro.instlRef", "sst");
Deleted : user_pref("extensions.claro.prdct", "claro");
Deleted : user_pref("extensions.claro.prtnrId", "claro");
Deleted : user_pref("extensions.claro.tlbrId", "claro");
Deleted : user_pref("extensions.claro.vrsn", "1.6.4.1");
Deleted : user_pref("extensions.claro.vrsni", "1.6.4.1");
Deleted : user_pref("extensions.claro_i.smplGrp", "none");
Deleted : user_pref("extensions.claro_i.vrsnTs", "1.6.4.112:17:01");

-\\ Google Chrome v24.0.1312.57

File : C:\Users\trace\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [21973 octets] - [08/02/2013 20:22:00]
AdwCleaner[S1].txt - [22044 octets] - [09/02/2013 18:15:21]

########## EOF - C:\AdwCleaner[S1].txt - [22105 octets] ##########
 

 

OTL LOGFILE 2

All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
No active process named ToolbarUpdaterService.exe was found!
Error: No service named Updater Service for StartNow Toolbar was found to stop!
Service\Driver key Updater Service for StartNow Toolbar not found.
File C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4ECD9BFB-55E9-42E0-A875-21F5822773FC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ECD9BFB-55E9-42E0-A875-21F5822773FC}\ not found.
Registry key HKEY_USERS\S-1-5-21-889684394-3566908023-1206495480-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-889684394-3566908023-1206495480-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-889684394-3566908023-1206495480-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-889684394-3566908023-1206495480-1000\Software\Microsoft\Internet Explorer\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{105E99FF-8B9A-4492-B155-06194B9056D2}\ not found.
Registry key HKEY_USERS\S-1-5-21-889684394-3566908023-1206495480-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-889684394-3566908023-1206495480-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3A9A5C13-2D3F-49E8-8BD6-F8DD111E6162}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A9A5C13-2D3F-49E8-8BD6-F8DD111E6162}\ not found.
Registry key HKEY_USERS\S-1-5-21-889684394-3566908023-1206495480-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4ECD9BFB-55E9-42E0-A875-21F5822773FC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ECD9BFB-55E9-42E0-A875-21F5822773FC}\ not found.
Registry key HKEY_USERS\S-1-5-21-889684394-3566908023-1206495480-1000\Software\Microsoft\Internet Explorer\SearchScopes\{63140ECF-C629-BE59-8F0E-90B4FF340C03}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63140ECF-C629-BE59-8F0E-90B4FF340C03}\ not found.
Registry key HKEY_USERS\S-1-5-21-889684394-3566908023-1206495480-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-889684394-3566908023-1206495480-1000\Software\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Folder C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\ not found.
Folder C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\ not found.
Folder C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\crossriderapp5060@crossrider.com\ not found.
Folder C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\plugin@yontoo.com\ not found.
File C:\Program Files\mozilla firefox\searchplugins\babylon.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}\ not found.
File C:\Program Files\Claro LTD\claro\1.6.4.1\bh\claro.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011501160}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011501160}\ not found.
File C:\Program Files\Savings Sidekick\Savings Sidekick.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ not found.
File C:\Program Files\StartNow Toolbar\Toolbar32.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4B8BAB4-1667-11DF-A242-BA9455D89593}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4B8BAB4-1667-11DF-A242-BA9455D89593}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ not found.
File C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5911488E-9D1E-40ec-8CBB-06B231CC153F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\ not found.
File C:\Program Files\StartNow Toolbar\Toolbar32.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9E131A93-EED7-4BEB-B015-A0ADB30B5646} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}\ not found.
File C:\Program Files\Claro LTD\claro\1.6.4.1\claroTlbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-889684394-3566908023-1206495480-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D0523BB4-21E7-11DD-9AB7-415B56D89593} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0523BB4-21E7-11DD-9AB7-415B56D89593}\ not found.
Registry value HKEY_USERS\S-1-5-21-889684394-3566908023-1206495480-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\StartNowToolbarHelper not found.
Registry value HKEY_USERS\S-1-5-21-889684394-3566908023-1206495480-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DW6 not found.
Registry value HKEY_USERS\S-1-5-21-889684394-3566908023-1206495480-1000\Software\Microsoft\Windows\CurrentVersion\Run\\MobileDocuments not found.
Registry value HKEY_USERS\S-1-5-21-889684394-3566908023-1206495480-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Time not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2b38ce0-f729-11de-9991-00235402abfb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2b38ce0-f729-11de-9991-00235402abfb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2b38ce0-f729-11de-9991-00235402abfb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2b38ce0-f729-11de-9991-00235402abfb}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2b38ce2-f729-11de-9991-00235402abfb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2b38ce2-f729-11de-9991-00235402abfb}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\CueBuD.ExE not found.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\Hosts
C:\Users\trace\Desktop\cmd.bat deleted successfully.
C:\Users\trace\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\trace\Desktop\cmd.bat deleted successfully.
C:\Users\trace\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Unable to start System Restore Service. Error code 1084
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: trace
->Temp folder emptied: 47023801 bytes
->Temporary Internet Files folder emptied: 291822 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 860 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 150448383 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 189.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: trace
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYJAVA]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: trace
->Java cache emptied: 0 bytes
 
Total Java Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 02102013_180728

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\hsperfdata_TRACE-PC$\2636 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

 

 


Edited by Kinglit, 10 February 2013 - 06:47 PM.


#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:06 PM

Posted 11 February 2013 - 02:18 PM

Hi!

Lets run a more powerful tool and see what it turns up.

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 Kinglit

Kinglit
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 17 February 2013 - 06:10 PM

Once AGAIN.. Sorry for the long wait.
 
COMBOFIX LOG

 

ComboFix 13-02-15.01 - trace 02/16/2013  21:11:46.1.2 - x86
Microsoft® Windows Vista™ Ultimate   6.0.6001.1.1252.1.1033.18.1918.945 [GMT -5:00]
Running from: c:\users\trace\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-17 to 2013-02-17  )))))))))))))))))))))))))))))))
.
.
2013-02-17 02:24 . 2013-02-17 02:24    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-02-17 02:24 . 2013-02-17 02:24    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-02-16 01:53 . 2013-02-16 01:53    60872    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{36199F9A-89EE-471F-A993-D691946C8E17}\offreg.dll
2013-02-16 01:33 . 2013-01-08 04:57    6991832    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{36199F9A-89EE-471F-A993-D691946C8E17}\mpengine.dll
2013-02-14 05:16 . 2013-02-17 02:24    --------    d-----w-    c:\users\trace\AppData\Local\temp
2013-02-11 00:08 . 2013-02-11 00:07    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-02-10 22:14 . 2013-02-10 22:14    --------    d-----w-    C:\_OTL
2013-02-09 23:15 . 2013-02-09 23:16    103    ----a-w-    c:\windows\DeleteOnReboot.bat
2013-02-08 02:51 . 2013-02-08 02:51    16365936    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
2013-01-29 08:44 . 2013-01-29 08:52    --------    d-----w-    C:\4f9ec24fd52facd772673d5f6d982f1b
2013-01-25 22:34 . 2013-01-25 22:40    --------    d-----w-    C:\02178a91cfa18893ae7b8d
2013-01-25 19:55 . 2013-01-25 19:55    --------    d-----w-    c:\users\trace\AppData\Local\join.me
2013-01-25 19:44 . 2013-01-25 19:44    --------    d-----w-    c:\program files\Common Files\Java
2013-01-22 06:37 . 2013-01-22 06:38    --------    d-----w-    C:\935521260fc29050f4608b16
2013-01-18 23:28 . 2013-01-19 00:27    --------    d-----w-    C:\ece0d26fb629e074d5ade44204
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-11 00:07 . 2012-07-08 21:17    861088    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-02-11 00:07 . 2010-04-21 22:20    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-02-08 02:51 . 2012-10-11 23:12    697712    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-02-08 02:51 . 2012-06-24 09:28    74096    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-17 06:28 . 2009-10-02 21:23    232336    ------w-    c:\windows\system32\MpSigStub.exe
2013-02-07 10:50 . 2011-04-04 10:38    262552    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{E74F179F-F6CC-4BE0-9638-DEA49583953F}]
2011-05-26 01:01    38672    ----a-w-    c:\program files\NJStar Communicator\NJStarBHO32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2010-06-30 1689144]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2012-06-26 4686848]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]
"PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2008-09-05 226576]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
"SetDefaultMIDI"="MIDIDef.exe" [2002-01-14 61440]
"ooVoo.exe"="c:\program files\ooVoo\oovoo.exe" [2011-05-18 22631608]
"Octoshape Streaming Services"="c:\users\trace\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"googletalk"="c:\users\trace\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\READREG" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"DPService"="c:\program files\HP\DVDPlay\DPService.exe" [2008-06-12 90112]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-09-12 36352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"CloneCDElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 45056]
"CloneCDTray"="c:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-12-02 73728]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"MMTray"="c:\program files\Morgan\m3jpegV3\MMTray.exe" [2001-11-09 53248]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-16 161336]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Comcast_McciTrayApp"="c:\program files\Comcast\pcTrayApp.exe" [2012-01-18 1939968]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-08-18 296096]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\trace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Socialbox.lnk - c:\program files\Socialbox\Socialbox.exe [2012-2-13 142336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
Microtek Scanner Finder.lnk - c:\program files\Microtek\ScanWizard 5\ScannerFinder.exe [2010-7-3 344064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\bprote~1\261123~1.78\{eab34~1\protec~1.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-889684394-3566908023-1206495480-1000]
"EnableNotificationsRef"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CO_Mon
*Deregistered* - eeCtrl
*Deregistered* - EraserUtilRebootDrv
*Deregistered* - IDSvix86
*Deregistered* - SYMTDI
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile    REG_MULTI_SZ       wcescomm rapimgr
LocalServiceRestricted    REG_MULTI_SZ       WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-01 03:27    1607120    ----a-w-    c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-11 02:51]
.
2013-02-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-22 01:05]
.
2013-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-25 17:29]
.
2013-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-25 17:29]
.
2013-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-889684394-3566908023-1206495480-1000Core.job
- c:\users\trace\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-06 22:55]
.
2013-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-889684394-3566908023-1206495480-1000UA.job
- c:\users\trace\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-06 22:55]
.
2013-02-07 c:\windows\Tasks\HPCeeScheduleFortrace.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-08-25 03:03]
.
2013-02-17 c:\windows\Tasks\Norton Security Scan for trace.job
- c:\progra~1\NORTON~2\Engine\300~1.103\Nss.exe [2011-01-14 07:30]
.
2013-02-14 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe [2008-12-22 22:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.xfinity.com/?cid=xfstart_eg_self_main
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\
FF - prefs.js: browser.search.selectedEngine -
FF - ExtSQL: 2019-09-25 23:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\3kafcqd4.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
.
.
------- File Associations -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-16 21:24
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OracleOraDb11g_home1TNSListener]
"ImagePath"="c:\app\trace\product\11.1.0\db_1\BIN\TNSLSNR "
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-02-16  21:28:08
ComboFix-quarantined-files.txt  2013-02-17 02:28
ComboFix2.txt  2013-02-14 13:03
ComboFix3.txt  2009-11-27 17:36
.
Pre-Run: 12,337,201,152 bytes free
Post-Run: 12,319,318,016 bytes free
.
- - End Of File - - 272B17A2BD31A73B77F42373322123D2


Edited by Kinglit, 17 February 2013 - 06:10 PM.


#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:06 PM

Posted 19 February 2013 - 11:01 AM

What Anti-Virus program do you plan on keeping? I see a couple different ones installed on your computer. Having multiple Anti-Virus programs installed on your computer can be the cause of some of these issues you are experiencing with your computer.

Please let me know, so that I can prepare the proper instructions for removing the other ones.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users