Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

search.conduit.com new tab redirect. A bit sluggish.


  • This topic is locked This topic is locked
9 replies to this topic

#1 Kinglit

Kinglit

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 07 February 2014 - 04:33 AM

Able to go online alright. It's sluggish when I try to run programs.

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 7.0.6001.18000  BrowserJavaVersion: 10.21.2

Run by trace at 4:04:39 on 2014-02-07

#Option MBR scan  is disabled.

Microsoft® Windows Vista™ Ultimate   6.0.6001.1.1252.1.1033.18.1918.793 [GMT -5:00]

.

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\app\trace\product\11.1.0\db_1\BIN\TNSLSNR.exe

c:\app\trace\product\11.1.0\db_1\bin\ORACLE.EXE

C:\app\trace\product\11.1.0\db_1\bin\OraVSSW.exe

C:\Program Files\Common Files\Motive\pcCMService.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Windows\PixArt\Pac207\Monitor.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe

C:\Windows\System32\CTHELPER.EXE

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Morgan\m3jpegV3\MMTray.exe

C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe

C:\Program Files\Comcast\pcTrayApp.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Users\trace\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\Users\trace\AppData\Roaming\Search Protection\SearchProtection.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe

C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\hp\kbd\kbd.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\Explorer.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Taskmgr.exe

C:\Program Files\Giraffic\Veoh_Giraffic.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k WindowsMobile

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.yahoo.com/?type=714647&fr=spigot-yhp-ie

mStart Page = hxxp://www.xfinity.com/?cid=xfstart_eg_self_main

mWindow Title = Windows Internet Explorer provided by Comcast

uProxyServer = :0

BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.130\McAfeeMSS_IE.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.3.124.0\BingExt.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: NJStarBHO Class: {E74F179F-F6CC-4BE0-9638-DEA49583953F} - c:\program files\njstar communicator\NJStarBHO32.dll

BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Veoh Web Player Video Finder: {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\microsoft\bingbar\7.3.124.0\BingExt.dll

uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW

uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"

uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1

uRun: [PMCRemote] c:\program files\pinnacle\shared files\programs\remote\Remoterm.exe

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet

uRun: [SetDefaultMIDI] MIDIDef.exe

uRun: [ooVoo.exe] c:\program files\oovoo\oovoo.exe /minimized

uRun: [Octoshape Streaming Services] "c:\users\trace\appdata\roaming\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun

uRun: [googletalk] c:\users\trace\appdata\roaming\google\google talk\googletalk.exe /autostart

uRun: [Google Update] "c:\users\trace\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [SearchProtection] "c:\users\trace\appdata\roaming\search protection\SearchProtection.EXE" /autostart

uRun: [NextLive] c:\windows\system32\rundll32.exe "c:\users\trace\appdata\roaming\newnext.me\nengine.dll",EntryPoint -m l

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [DPService] "c:\program files\hp\dvdplay\DPService.exe"

mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [KBD] c:\hp\kbd\KbdStub.EXE

mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe" -delete

mRun: [USBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe

mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController

mRun: [CloneCDElbyCDFL] "c:\program files\elaborate bytes\clonecd\ElbyCheck.exe" /L ElbyCDFL

mRun: [CloneCDTray] "c:\program files\elaborate bytes\clonecd\CloneCDTray.exe"

mRun: [WINDVDPatch] CTHELPER.EXE

mRun: [UpdReg] c:\windows\UpdReg.EXE

mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"

mRun: [DevconDefaultDB] c:\windows\READREG /PSCONV={NO} /NO_DEFPS

mRun: [Windows Mobile Device Center] c:\windows\windowsmobile\wmdc.exe

mRun: [MMTray] "c:\program files\morgan\m3jpegv3\MMTray.exe"

mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [Google Updater] "c:\program files\google\google updater\GoogleUpdater.exe" -check_deprecation

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Comcast_McciTrayApp] "c:\program files\comcast\pcTrayApp.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [SunJavaUpdateSched] "c:\program files\java\jre7\bin\jusched.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [mobilegeni daemon] c:\program files\mobogenie\DaemonProcess.exe

mRunOnce: [SpUninstallCleanUp] REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f

StartupFolder: c:\users\trace\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\users\trace\appdata\roaming\micros~1\windows\startm~1\programs\startup\social~1.lnk - c:\program files\socialbox\Socialbox.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.130\SSScheduler.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\microt~1.lnk - c:\program files\microtek\scanwizard 5\ScannerFinder.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:149

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

LSP: c:\program files\avira\antivir desktop\avsda.dll

Trusted Zone: incontacthiring.com

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{1C517DEB-59CF-4806-A1BA-A71265252F3D} : DHCPNameServer = 75.75.75.75 75.75.76.76

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\belarcadvisor\system\BAVoilaX.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

AppInit_DLLs= c:\progra~2\bprote~1\261123~1.78\{eab34~1\protec~1.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\trace\appdata\roaming\mozilla\firefox\profiles\x7dv57x8.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&CUI=UN28601680262209812&UM=2&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Yahoo!

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=

FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\common files\motive\npMotive.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\mcafee security scan\3.8.130\npMcAfeeMSS.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll

FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\users\trace\appdata\local\google\update\1.3.22.3\npGoogleUpdate3.dll

FF - plugin: c:\users\trace\appdata\local\yahoo!\browserplus\2.9.2\plugins\npybrowserplus_2.9.2.dll

FF - plugin: c:\users\trace\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\users\trace\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\trace\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\users\trace\appdata\roaming\mozilla\plugins\npo1d.dll

FF - plugin: c:\users\trace\appdata\roaming\mozilla\plugins\npoctoshape.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_44.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

FF - ExtSQL: 2013-12-09 00:27; {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}; c:\users\trace\appdata\roaming\mozilla\firefox\profiles\x7dv57x8.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}

.

============= SERVICES / DRIVERS ===============

.

R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [2002-11-28 22016]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-8-14 37352]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-8-14 90400]

R3 HSXHWBS3;HSXHWBS3;c:\windows\system32\drivers\HSXHWBS3.sys [2008-12-9 207360]

.

=============== File Associations ===============

.

FileExt: .txt: Applications\WordPad.exe="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [UserChoice]

FileExt: .vbe: VBEFile="c:\windows\system32\CScript.exe" "%1" %* [default=Open2]

FileExt: .vbs: VBSFile="c:\windows\system32\CScript.exe" "%1" %* [default=Open2]

FileExt: .js: JSFile=c:\windows\system32\CScript.exe "%1" %* [default=Open2]

FileExt: .jse: JSEFile=c:\windows\system32\CScript.exe "%1" %* [default=Open2]

FileExt: .wsf: WSFFile="c:\windows\system32\CScript.exe" "%1" %* [default=Open2]

.

=============== Created Last 30 ================

.

2014-02-07 00:07:01 93808 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe

2014-02-07 00:07:01 276592 ----a-w- c:\program files\mozilla firefox\updater.exe

2014-02-07 00:07:01 22777456 ----a-w- c:\program files\mozilla firefox\xul.dll

2014-02-07 00:07:01 170960 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe

2014-02-07 00:07:00 872352 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe

2014-02-07 00:07:00 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll

2014-02-07 00:07:00 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll

2014-02-07 00:07:00 152688 ----a-w- c:\program files\mozilla firefox\softokn3.dll

2014-02-07 00:07:00 129176 ----a-w- c:\program files\mozilla firefox\plugins\nprpplugin.dll

2014-02-07 00:07:00 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll

2014-02-06 08:37:58 -------- d-----w- c:\program files\Uninstaller

2014-02-06 06:22:25 -------- d-----w- c:\users\trace\.android

2014-02-06 06:22:24 -------- d-----w- c:\users\trace\appdata\local\SwvUpdater

2014-02-06 06:22:24 -------- d-----w- c:\users\trace\appdata\local\cache

2014-02-06 06:22:19 -------- d-----w- c:\users\trace\appdata\roaming\newnext.me

2014-02-06 06:22:19 -------- d-----w- c:\users\trace\appdata\local\Mobogenie

2014-02-06 06:22:19 -------- d-----w- c:\users\trace\appdata\local\genienext

2014-02-04 06:37:31 7760024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bc31d964-c9b8-4c93-ac60-c8ce8e4be07f}\mpengine.dll

2014-01-23 17:11:35 -------- d--h--w- C:\IORRT

2014-01-15 09:01:13 0 ----a-w- C:\DFRCB8D.tmp

.

==================== Find3M  ====================

.

2014-02-05 00:52:27 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2014-02-05 00:52:27 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-01-16 14:59:46 231584 ------w- c:\windows\system32\MpSigStub.exe

2013-12-17 13:08:19 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2013-11-25 22:29:05 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys

.

============= FINISH:  4:06:13.50 ===============

 

 

ATTACH LOGFILE

 

Attached File  attach FEBUARY 7 2014.zip   11.29KB   1 downloads


Edited by Kinglit, 07 February 2014 - 04:39 AM.


BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:16 AM

Posted 07 February 2014 - 10:43 AM

Hi,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 Kinglit

Kinglit
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 09 February 2014 - 02:58 PM

doing it right now. very sorry for the late response.



#4 Kinglit

Kinglit
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 12 February 2014 - 02:03 AM

FRST LOGFILE

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-02-2014 01

Ran by trace (administrator) on TRACE-PC on 12-02-2014 01:56:29

Running from C:\Users\trace\Desktop

Microsoft® Windows Vista™ Ultimate  Service Pack 1 (X86) OS Language: English(US)

Internet Explorer Version 7

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Giraffic) C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

() C:\app\trace\product\11.1.0\db_1\BIN\TNSLSNR.exe

(Oracle Corporation) c:\app\trace\product\11.1.0\db_1\bin\ORACLE.EXE

() C:\app\trace\product\11.1.0\db_1\bin\OraVSSW.exe

(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe

(RealVNC Ltd.) C:\Program Files\RealVNC\VNC4\WinVNC4.exe

(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe

(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe

(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe

() C:\Program Files\Winamp\winampa.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

(Pinnacle Systems GmbH) C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe

(Creative Technology Ltd) C:\Windows\System32\CTHELPER.EXE

(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe

(Morgan Multimedia) C:\Program Files\Morgan\m3jpegV3\MMTray.exe

(DivX, LLC) C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe

(Alcatel-Lucent) C:\Program Files\Comcast\pcTrayApp.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

(Pinnacle Systems) C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Hewlett-Packard Company) C:\hp\kbd\kbd.exe

(Octoshape ApS) C:\Users\trace\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

(Spigot, Inc.) C:\Users\trace\AppData\Roaming\Search Protection\SearchProtection.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe

() C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

(Microsoft Corporation) C:\Windows\System32\mobsync.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.exe

(Microsoft Corporation) C:\Windows\system32\Taskmgr.exe

(Alcatel-Lucent) C:\Program Files\Comcast\pcBrowser.exe

(Microsoft Corporation) C:\Windows\system32\wuauclt.exe

(Giraffic) C:\Program Files\Giraffic\Veoh_Giraffic.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\update\realsched.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe

(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

(Google) C:\Users\trace\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13539872 2008-05-22] (NVIDIA Corporation)

HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-05-22] (NVIDIA Corporation)

HKLM\...\Run: [DPService] - C:\Program Files\HP\DVDPlay\DPService.exe [90112 2008-06-11] (CyberLink Corp.)

HKLM\...\Run: [HP Health Check Scheduler] - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-02] (Hewlett-Packard)

HKLM\...\Run: [HP Software Update] - c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)

HKLM\...\Run: [hpsysdrv] - c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)

HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1037736 2007-08-31] (Microsoft Corporation)

HKLM\...\Run: [KBD] - C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()

HKLM\...\Run: [Monitor] - C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)

HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [36352 2008-09-12] ()

HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)

HKLM\...\Run: [SunJavaUpdateReg] - C:\Windows\system32\jureg.exe [54936 2007-04-07] (Sun Microsystems, Inc.)

HKLM\...\Run: [USBToolTip] - C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [199752 2007-02-20] (Pinnacle Systems GmbH)

HKLM\...\Run: [USB2Check] - C:\Windows\system32\PCLECoInst.dll [81920 2006-11-06] (Pinnacle Systems)

HKLM\...\Run: [CloneCDElbyCDFL] - C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe [45056 2002-11-02] (Elaborate Bytes AG)

HKLM\...\Run: [CloneCDTray] - C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe [73728 2002-12-02] (Elaborate Bytes AG)

HKLM\...\Run: [WINDVDPatch] - C:\Windows\system32\CTHELPER.EXE [24576 2002-07-02] (Creative Technology Ltd)

HKLM\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)

HKLM\...\Run: [Jet Detection] - C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [28672 2001-11-29] ()

HKLM\...\Run: [DevconDefaultDB] - C:\Windows\READREG /PSCONV={NO} /NO_DEFPS

HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)

HKLM\...\Run: [MMTray] - C:\Program Files\Morgan\m3jpegV3\MMTray.exe [53248 2001-11-08] (Morgan Multimedia)

HKLM\...\Run: [DivX Download Manager] - C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe [63360 2010-12-08] (DivX, LLC)

HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2011-01-30] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-10] (Adobe Systems Incorporated)

HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()

HKLM\...\Run: [Google Updater] - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [161336 2011-09-15] (Google)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [Comcast_McciTrayApp] - C:\Program Files\Comcast\pcTrayApp.exe [1939968 2012-01-18] (Alcatel-Lucent)

HKLM\...\Run: [TkBellExe] - c:\program files\real\realplayer\Update\realsched.exe [296096 2012-08-18] (RealNetworks, Inc.)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)

HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Java\jre7\bin\jusched.exe"

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe

HKLM\...\RunOnce: [!DPLauncher] - "C:\Program Files\Microsoft\DefaultPack\DPLauncher.EXE" partner=p001 comb=12 [60048 2013-12-16] (© 2012 Microsoft Corporation)

HKU\S-1-5-21-889684394-3566908023-1206495480-1000\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-21-889684394-3566908023-1206495480-1000\...\Run: [HPAdvisor] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-29] (Hewlett-Packard)

HKU\S-1-5-21-889684394-3566908023-1206495480-1000\...\Run: [VeohPlugin] - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [4686848 2012-06-26] (Veoh Networks)

HKU\S-1-5-21-889684394-3566908023-1206495480-1000\...\Run: [Weather] - C:\Program Files\AWS\WeatherBug\Weather.exe [1347584 2007-08-29] (AWS Convergence Technologies, Inc.)

HKU\S-1-5-21-889684394-3566908023-1206495480-1000\...\Run: [PMCRemote] - C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe [226576 2008-09-04] (Pinnacle Systems)

HKU\S-1-5-21-889684394-3566908023-1206495480-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)

HKU\S-1-5-21-889684394-3566908023-1206495480-1000\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [5252408 2010-06-01] (Yahoo! Inc.)

HKU\S-1-5-21-889684394-3566908023-1206495480-1000\...\Run: [SetDefaultMIDI] - C:\Windows\MIDIDef.exe [61440 2002-01-14] (Creative Technology Ltd)

HKU\S-1-5-21-889684394-3566908023-1206495480-1000\...\Run: [ooVoo.exe] - C:\Program Files\ooVoo\oovoo.exe [22631608 2011-05-18] (ooVoo LLC)

HKU\S-1-5-21-889684394-3566908023-1206495480-1000\...\Run: [Octoshape Streaming Services] - C:\Users\trace\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [70936 2009-01-08] (Octoshape ApS)

HKU\S-1-5-21-889684394-3566908023-1206495480-1000\...\Run: [googletalk] - C:\Users\trace\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)

HKU\S-1-5-21-889684394-3566908023-1206495480-1000\...\Run: [Google Update] - C:\Users\trace\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-06] (Google Inc.)

HKU\S-1-5-21-889684394-3566908023-1206495480-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)

HKU\S-1-5-21-889684394-3566908023-1206495480-1000\...\Run: [SearchProtection] - C:\Users\trace\AppData\Roaming\Search Protection\SearchProtection.EXE [838984 2014-01-16] (Spigot, Inc.)

HKU\S-1-5-21-889684394-3566908023-1206495480-1000\...\Run: [NextLive] - C:\Windows\system32\rundll32.exe "C:\Users\trace\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l

AppInit_DLLs: c:\progra~2\bprote~1\261123~1.78\{eab34~1\protec~1.dll => File Not Found

Startup: C:\Users\trace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\trace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Socialbox.lnk

ShortcutTarget: Socialbox.lnk -> C:\Program Files\Socialbox\Socialbox.exe ()

 

==================== Internet (Whitelisted) ====================

 

ProxyServer: :0

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=714647&fr=spigot-yhp-ie

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xfinity.com/?cid=xfstart_eg_self_main

SearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN29160267983958143&UM=2

SearchScopes: HKLM - ComcastSearch URL = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_self_search

SearchScopes: HKLM - {3A9A5C13-2D3F-49E8-8BD6-F8DD111E6162} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN29160267983958143&UM=2

SearchScopes: HKCU - DefaultScope {BEA110E9-D0C2-4E6A-9D93-5AFB11D239AD} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}

SearchScopes: HKCU - ComcastSearch URL = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_self_search

SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =

SearchScopes: HKCU - {84A8877D-95DF-4C4D-903E-2EEE0F7C49F7} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}

SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN29160267983958143&UM=2

SearchScopes: HKCU - {BEA110E9-D0C2-4E6A-9D93-5AFB11D239AD} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}

SearchScopes: HKCU - ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ

´Ñ;áa´[¦†8

º~RÙxœòÜ8'£-)x­ä­ URL =

BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)

BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: NJStarBHO Class - {E74F179F-F6CC-4BE0-9638-DEA49583953F} - C:\Program Files\NJStar Communicator\NJStarBHO32.dll (NJStar Software Corp.)

BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)

Toolbar: HKLM - Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)

Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)

Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

 

FireFox:

========

FF ProfilePath: C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\x7dv57x8.default

FF NewTab: hxxp://search.conduit.com/?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=4&UP=SP0DDA3910-F08E-4067-B0D2-E9151CFBF43F

FF DefaultSearchEngine: Yahoo!

FF SelectedSearchEngine: Yahoo!

FF Homepage: www.google.com

FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)

FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF Plugin: @real.com/nppl3260;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprjplug;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpplugin;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @veoh.com/VeohTVPlugin - C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll No File

FF Plugin: @veoh.com/VeohWebPlayer - C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)

FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 - C:\Users\trace\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\trace\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\trace\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\trace\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\trace\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\trace\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\trace\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.2 - C:\Users\trace\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll (Yahoo! Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)

FF Plugin ProgramFiles/Appdata: C:\Users\trace\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\trace\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()

FF Plugin ProgramFiles/Appdata: C:\Users\trace\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\trace\AppData\Roaming\mozilla\plugins\npoctoshape.dll (Octoshape ApS)

FF SearchPlugin: C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\x7dv57x8.default\searchplugins\conduit-search.xml

FF SearchPlugin: C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\x7dv57x8.default\searchplugins\conduit.xml

FF SearchPlugin: C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\x7dv57x8.default\searchplugins\yahoo_ff.xml

FF Extension: Connect DLC 5  - C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\x7dv57x8.default\Extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} [2013-12-11]

FF Extension: Download YouTube Videos as MP4 - C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\x7dv57x8.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2013-11-23]

FF Extension: WordOv - C:\Program Files\Mozilla Firefox\extensions\gmijq@bnasdndblib.com [2014-02-06]

FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-06]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-06]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-02-06]

FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video

FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011-01-24]

FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa

FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011-01-24]

FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-08-18]

FF HKCU\...\Firefox\Extensions: [web@veoh.com] - C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder

FF Extension: Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2008-12-17]

 

========================== Services (Whitelisted) =================

 

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)

S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)

R2 Giraffic; C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe [2245232 2013-05-13] (Giraffic)

S2 gupdate1c9976ea5c9c3b0; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-25] (Google Inc.)

S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-02] (Hewlett-Packard)

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)

S2 OracleDBConsoleorcl; C:\app\trace\product\11.1.0\db_1\bin\nmesrvc.exe [25600 2007-09-13] (Oracle Corporation)

S4 OracleJobSchedulerORCL; c:\app\trace\product\11.1.0\db_1\Bin\extjob.exe [102400 2007-10-03] ()

R2 OracleServiceORCL; c:\app\trace\product\11.1.0\db_1\bin\ORACLE.EXE [89702400 2007-10-03] (Oracle Corporation)

R2 OracleVssWriterORCL; C:\app\trace\product\11.1.0\db_1\bin\OraVSSW.exe [163840 2007-10-03] ()

R2 WinVNC4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [439632 2008-10-15] (RealVNC Ltd.)

R2 OracleOraDb11g_home1TNSListener; C:\app\trace\product\11.1.0\db_1\BIN\TNSLSNR  [X]

 

==================== Drivers (Whitelisted) ====================

 

R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)

S3 DCamUSBEMPIA; C:\Windows\System32\DRIVERS\emDevice.sys [100957 2005-12-21] (eMPIA Technology, Inc.)

R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [15360 2002-11-28] (Elaborate Bytes AG)

R2 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [16320 2002-11-29] (Elaborate Bytes AG)

R0 ElbyVCD; C:\Windows\System32\DRIVERS\ElbyVCD.sys [22016 2002-11-28] (Elaborate Bytes AG)

S3 emAudio; C:\Windows\System32\drivers\emAudio.sys [22528 2006-12-12] (Pinnacle Systems GmbH)

S3 FiltUSBEMPIA; C:\Windows\System32\DRIVERS\emFilter.sys [5245 2005-12-21] (eMPIA Technology, Inc.)

S3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [998004 2002-07-24] (Creative Technology Ltd)

R3 HSXHWBS3; C:\Windows\System32\DRIVERS\HSXHWBS3.sys [207360 2008-02-12] (Conexant Systems, Inc.)

R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

S3 mod7700; C:\Windows\System32\Drivers\dvb7700all.sys [444800 2008-07-09] (DiBcom)

S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2012-01-18] (Printing Communications Assoc., Inc. (PCAUSA))

S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2012-01-18] (Printing Communications Assoc., Inc. (PCAUSA))

R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)

S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [507136 2006-12-05] (PixArt Imaging Inc.)

S3 ScanUSBEMPIA; C:\Windows\System32\DRIVERS\emScan.sys [4493 2005-12-21] (eMPIA Technology, Inc.)

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-14] (Avira GmbH)

S3 vaxscsi; C:\Windows\System32\Drivers\vaxscsi.sys [223128 2009-07-01] (Alcohol Soft Co., Ltd.)

S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [521216 2008-01-20] (Microsoft Corporation)

S2 ASPI32; No ImagePath

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S2 MCSTRM; No ImagePath

S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]

S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]

S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]

S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [X]

S4 sptd; System32\Drivers\sptd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

==================== One Month Created Files and Folders ========

2014-02-12 01:56 - 2014-02-12 01:57 - 00033730 _____ () C:\Users\trace\Desktop\FRST.txt

2014-02-12 01:55 - 2014-02-12 01:55 - 00000000 ____D () C:\Users\trace\Desktop\FRST-OlderVersion

2014-02-09 19:55 - 2014-02-09 19:55 - 00008310 _____ () C:\Users\trace\Downloads\SC_Excel2010_C3_L1b_RaphaelHarris_1.xlsx

2014-02-09 19:54 - 2014-02-09 19:54 - 00008311 _____ () C:\Users\trace\Downloads\SC_Excel2010_C3_L1a_RaphaelHarris_1.xlsx

2014-02-09 14:18 - 2014-02-12 01:55 - 01139712 _____ (Farbar) C:\Users\trace\Desktop\FRST.exe

2014-02-09 13:02 - 2014-02-09 13:02 - 00014200 _____ () C:\Windows\system32\nmesrvc_core_2014_2_9_13_2_22.dmp

2014-02-07 04:39 - 2014-02-07 04:39 - 00000000 ____D () C:\Users\trace\Desktop\attach FEBUARY 7 2014

2014-02-07 04:37 - 2014-02-07 04:37 - 00011558 _____ () C:\Users\trace\Desktop\attach FEBUARY 7 2014.zip

2014-02-07 04:09 - 2014-02-07 04:09 - 00341652 _____ () C:\Users\trace\Desktop\attach FEBUARY 7 2014.txt

2014-02-07 04:07 - 2014-02-07 04:06 - 00019745 _____ () C:\Users\trace\Desktop\dds.txt

2014-02-07 03:59 - 2014-02-07 03:59 - 00688992 ____R (Swearware) C:\Users\trace\Desktop\dds(1).com

2014-02-06 19:06 - 2014-02-06 19:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-02-06 03:44 - 2014-02-06 03:44 - 00014200 _____ () C:\Windows\system32\nmesrvc_core_2014_2_6_3_44_11.dmp

2014-02-06 01:23 - 2014-02-06 01:23 - 00000000 ____D () C:\Users\trace\Documents\Optimizer Pro

2014-02-06 01:22 - 2014-02-11 21:25 - 00000000 ____D () C:\Users\trace\AppData\Roaming\newnext.me

2014-02-06 01:22 - 2014-02-06 21:30 - 00000000 ____D () C:\Users\trace\AppData\Local\Mobogenie

2014-02-06 01:22 - 2014-02-06 21:25 - 00000000 ____D () C:\Users\trace\AppData\Local\SwvUpdater

2014-02-06 01:22 - 2014-02-06 01:25 - 00000000 ____D () C:\Users\trace\AppData\Local\cache

2014-02-06 01:22 - 2014-02-06 01:23 - 00000000 _____ () C:\END

2014-02-06 01:22 - 2014-02-06 01:22 - 00000000 ____D () C:\Users\trace\Documents\Mobogenie

2014-02-06 01:22 - 2014-02-06 01:22 - 00000000 ____D () C:\Users\trace\AppData\Local\genienext

2014-02-06 01:22 - 2014-02-06 01:22 - 00000000 ____D () C:\Users\trace\.android

2014-02-06 01:22 - 2014-02-06 01:22 - 00000000 _____ () C:\Users\trace\daemonprocess.txt

2014-02-06 01:16 - 2014-02-06 01:16 - 00321112 _____ () C:\Users\trace\Downloads\microsoft-office-2010.exe

2014-02-03 03:15 - 2014-02-03 03:15 - 00010825 _____ () C:\Users\trace\Downloads\SC_Excel2010_C2_L1b_RaphaelHarris_1.xlsx

2014-01-27 14:34 - 2014-02-10 11:47 - 00000000 ____D () C:\Users\trace\Desktop\CIS 2921 IT Analysis Design & Project Development

2014-01-23 14:46 - 2014-01-23 14:46 - 15098896 _____ () C:\Users\trace\Downloads\Excel2010_PPTs_1-4.exe

2014-01-23 13:27 - 2014-02-11 19:58 - 00000000 ____D () C:\Users\trace\Desktop\CIS 2128 Spreadsheet homework

2014-01-23 12:11 - 2014-01-23 12:11 - 00000000 ___HD () C:\IORRT

2014-01-23 12:09 - 2014-01-23 12:09 - 00008427 ____R () C:\Users\trace\Downloads\IORRT 3.5.cmd

2014-01-21 13:12 - 2014-01-21 13:13 - 00000714 _____ () C:\Windows\setupact.log

2014-01-21 13:12 - 2014-01-21 13:12 - 00000000 _____ () C:\Windows\setuperr.log

2014-01-21 13:01 - 2014-01-21 13:01 - 00014200 _____ () C:\Windows\system32\nmesrvc_core_2014_1_21_13_1_4.dmp

2014-01-15 04:01 - 2014-01-15 04:01 - 00000000 _____ () C:\DFRCB8D.tmp

2014-01-13 11:07 - 2014-01-13 11:08 - 15098896 _____ () C:\Users\trace\Downloads\Excel2010_PPTs_1-4(1).exe

==================== One Month Modified Files and Folders =======

2014-02-12 01:57 - 2014-02-12 01:56 - 00033730 _____ () C:\Users\trace\Desktop\FRST.txt

2014-02-12 01:56 - 2013-10-20 20:18 - 00000000 ____D () C:\FRST

2014-02-12 01:56 - 2012-08-10 11:16 - 00000000 ____D () C:\Program Files\Giraffic

2014-02-12 01:55 - 2014-02-12 01:55 - 00000000 ____D () C:\Users\trace\Desktop\FRST-OlderVersion

2014-02-12 01:55 - 2014-02-09 14:18 - 01139712 _____ (Farbar) C:\Users\trace\Desktop\FRST.exe

2014-02-12 01:54 - 2012-06-06 17:55 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-889684394-3566908023-1206495480-1000UA.job

2014-02-12 01:51 - 2012-10-11 18:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-02-12 01:46 - 2008-01-20 20:37 - 01722296 _____ () C:\Windows\WindowsUpdate.log

2014-02-12 01:31 - 2009-06-30 20:07 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-02-12 01:26 - 2006-11-02 07:45 - 00006144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-02-12 01:26 - 2006-11-02 07:45 - 00006144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-02-11 22:31 - 2009-06-30 20:07 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-02-11 21:25 - 2014-02-06 01:22 - 00000000 ____D () C:\Users\trace\AppData\Roaming\newnext.me

2014-02-11 19:58 - 2014-01-23 13:27 - 00000000 ____D () C:\Users\trace\Desktop\CIS 2128 Spreadsheet homework

2014-02-11 19:35 - 2009-12-26 00:29 - 00000000 ____D () C:\Users\trace\AppData\Roaming\BitTorrent

2014-02-11 12:08 - 2010-12-27 09:21 - 00000820 _____ () C:\Windows\Tasks\Google Software Updater.job

2014-02-11 09:25 - 2012-08-10 11:16 - 00000000 ____D () C:\ProgramData\Giraffic

2014-02-11 05:54 - 2012-06-06 17:55 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-889684394-3566908023-1206495480-1000Core.job

2014-02-11 02:57 - 2011-01-14 14:13 - 00000440 ____H () C:\Windows\Tasks\Norton Security Scan for trace.job

2014-02-11 00:29 - 2008-12-01 03:33 - 00000000 ____D () C:\Users\trace\AppData\Local\Microsoft Help

2014-02-10 19:03 - 2008-08-25 08:31 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared

2014-02-10 11:47 - 2014-01-27 14:34 - 00000000 ____D () C:\Users\trace\Desktop\CIS 2921 IT Analysis Design & Project Development

2014-02-10 07:12 - 2006-11-02 07:35 - 00000000 ____D () C:\Windows\system32\FxsTmp

2014-02-10 07:11 - 2008-12-01 03:23 - 00004958 _____ () C:\Users\trace\AppData\Roaming\wklnhst.dat

2014-02-09 19:55 - 2014-02-09 19:55 - 00008310 _____ () C:\Users\trace\Downloads\SC_Excel2010_C3_L1b_RaphaelHarris_1.xlsx

2014-02-09 19:54 - 2014-02-09 19:54 - 00008311 _____ () C:\Users\trace\Downloads\SC_Excel2010_C3_L1a_RaphaelHarris_1.xlsx

2014-02-09 16:17 - 2008-12-21 19:12 - 00000416 _____ () C:\Windows\Tasks\PCConfidential.job

2014-02-09 13:13 - 2009-01-22 12:04 - 00000000 ____D () C:\ProgramData\Google Updater

2014-02-09 13:02 - 2014-02-09 13:02 - 00014200 _____ () C:\Windows\system32\nmesrvc_core_2014_2_9_13_2_22.dmp

2014-02-09 13:01 - 2012-04-25 10:25 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-02-09 13:01 - 2006-11-02 08:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-02-09 13:01 - 2006-11-02 07:59 - 00338178 _____ () C:\Windows\PFRO.log

2014-02-07 04:46 - 2013-08-25 16:55 - 00000000 ____D () C:\Users\trace\Desktop\Desktop files 2

2014-02-07 04:39 - 2014-02-07 04:39 - 00000000 ____D () C:\Users\trace\Desktop\attach FEBUARY 7 2014

2014-02-07 04:37 - 2014-02-07 04:37 - 00011558 _____ () C:\Users\trace\Desktop\attach FEBUARY 7 2014.zip

2014-02-07 04:09 - 2014-02-07 04:09 - 00341652 _____ () C:\Users\trace\Desktop\attach FEBUARY 7 2014.txt

2014-02-07 04:06 - 2014-02-07 04:07 - 00019745 _____ () C:\Users\trace\Desktop\dds.txt

2014-02-07 03:59 - 2014-02-07 03:59 - 00688992 ____R (Swearware) C:\Users\trace\Desktop\dds(1).com

2014-02-06 21:30 - 2014-02-06 01:22 - 00000000 ____D () C:\Users\trace\AppData\Local\Mobogenie

2014-02-06 21:25 - 2014-02-06 01:22 - 00000000 ____D () C:\Users\trace\AppData\Local\SwvUpdater

2014-02-06 19:07 - 2014-02-06 19:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-02-06 03:44 - 2014-02-06 03:44 - 00014200 _____ () C:\Windows\system32\nmesrvc_core_2014_2_6_3_44_11.dmp

2014-02-06 03:40 - 2006-11-02 08:00 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-02-06 01:25 - 2014-02-06 01:22 - 00000000 ____D () C:\Users\trace\AppData\Local\cache

2014-02-06 01:23 - 2014-02-06 01:23 - 00000000 ____D () C:\Users\trace\Documents\Optimizer Pro

2014-02-06 01:23 - 2014-02-06 01:22 - 00000000 _____ () C:\END

2014-02-06 01:22 - 2014-02-06 01:22 - 00000000 ____D () C:\Users\trace\Documents\Mobogenie

2014-02-06 01:22 - 2014-02-06 01:22 - 00000000 ____D () C:\Users\trace\AppData\Local\genienext

2014-02-06 01:22 - 2014-02-06 01:22 - 00000000 ____D () C:\Users\trace\.android

2014-02-06 01:22 - 2014-02-06 01:22 - 00000000 _____ () C:\Users\trace\daemonprocess.txt

2014-02-06 01:22 - 2008-12-09 00:19 - 00000000 ____D () C:\Users\trace

2014-02-06 01:16 - 2014-02-06 01:16 - 00321112 _____ () C:\Users\trace\Downloads\microsoft-office-2010.exe

2014-02-04 19:52 - 2012-10-11 18:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-02-04 19:52 - 2012-06-24 04:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-02-04 17:46 - 2006-11-02 05:33 - 00723960 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-02-04 14:38 - 2008-11-30 06:47 - 00000322 _____ () C:\Windows\Tasks\HPCeeScheduleFortrace.job

2014-02-03 03:15 - 2014-02-03 03:15 - 00010825 _____ () C:\Users\trace\Downloads\SC_Excel2010_C2_L1b_RaphaelHarris_1.xlsx

2014-02-02 04:26 - 2008-12-12 23:18 - 00115712 _____ () C:\Users\trace\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-01-23 14:46 - 2014-01-23 14:46 - 15098896 _____ () C:\Users\trace\Downloads\Excel2010_PPTs_1-4.exe

2014-01-23 12:11 - 2014-01-23 12:11 - 00000000 ___HD () C:\IORRT

2014-01-23 12:09 - 2014-01-23 12:09 - 00008427 ____R () C:\Users\trace\Downloads\IORRT 3.5.cmd

2014-01-21 13:13 - 2014-01-21 13:12 - 00000714 _____ () C:\Windows\setupact.log

2014-01-21 13:12 - 2014-01-21 13:12 - 00000000 _____ () C:\Windows\setuperr.log

2014-01-21 13:09 - 2010-09-11 21:03 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR

2014-01-21 13:01 - 2014-01-21 13:01 - 00014200 _____ () C:\Windows\system32\nmesrvc_core_2014_1_21_13_1_4.dmp

2014-01-16 03:21 - 2008-12-01 03:31 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-01-16 03:14 - 2013-07-19 02:10 - 00000000 ____D () C:\Windows\system32\MRT

2014-01-16 03:04 - 2006-11-02 05:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2014-01-15 04:01 - 2014-01-15 04:01 - 00000000 _____ () C:\DFRCB8D.tmp

2014-01-13 11:08 - 2014-01-13 11:07 - 15098896 _____ () C:\Users\trace\Downloads\Excel2010_PPTs_1-4(1).exe

 

Some content of TEMP:

====================

C:\Users\trace\AppData\Local\temp\6_Offer_19.exe

C:\Users\trace\AppData\Local\temp\avgnt.exe

C:\Users\trace\AppData\Local\temp\BackupSetup.exe

C:\Users\trace\AppData\Local\temp\dlLogic.exe

C:\Users\trace\AppData\Local\temp\DownloadManager.exe

C:\Users\trace\AppData\Local\temp\nsb148B.exe

C:\Users\trace\AppData\Local\temp\nsb7138.exe

C:\Users\trace\AppData\Local\temp\nsd573B.exe

C:\Users\trace\AppData\Local\temp\nsgBD86.exe

C:\Users\trace\AppData\Local\temp\nsk2BCA.exe

C:\Users\trace\AppData\Local\temp\nsk4A91.exe

C:\Users\trace\AppData\Local\temp\nsk7B5F.exe

C:\Users\trace\AppData\Local\temp\nss3947.exe

C:\Users\trace\AppData\Local\temp\nsu7278.exe

C:\Users\trace\AppData\Local\temp\nswFCF3.exe

C:\Users\trace\AppData\Local\temp\ose00000.exe

C:\Users\trace\AppData\Local\temp\SearchProtectionSetup.exe

C:\Users\trace\AppData\Local\temp\SPStub.exe

C:\Users\trace\AppData\Local\temp\tbConn.dll

C:\Users\trace\AppData\Local\temp\utt5072.tmp.exe

C:\Users\trace\AppData\Local\temp\WiseUpdX.exe

 

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

 

LastRegBack: 2014-02-12 01:52

 

==================== End Of Log ============================

 

ADDITION LOGFILE

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-02-2014 01
Ran by trace at 2014-02-12 01:58:33
Running from C:\Users\trace\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (Version:  - Microsoft)
Able2Extract 8.0 (Version: 8.0 - Investintech.com Inc.)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0.1 - Microsoft Corporation) Hidden
Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader X (10.0.1) (Version: 10.0.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (Version: 11.5.9.615 - Adobe Systems, Inc.)
Aleks 3.12 (Version:  - )
Alive Video Joiner (version 1.1.0.9) (Version:  - AliveMedia, Inc.)
Apple Application Support (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
ArcSoft VideoImpression 2 (Version:  - ArcSoft)
Avidemux 2.6 (32-bit) (Version: 2.6.1.8321 - )
Avira Free Antivirus (Version: 14.0.2.286 - Avira)
Belarc Advisor 8.3 (Version: 8.3.2.0 - Belarc Inc.)
Bing Bar (Version: 7.3.124.0 - Microsoft Corporation)
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
BitTorrent (HKCU Version: 7.8.2.30332 - BitTorrent Inc.)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Camera Driver (Version:  - )
Cards_Calendar_OrderGift_DoMorePlugout (Version: 2.03.0000 - Hewlett-Packard) Hidden
CloneCD (Version:  - Elaborate Bytes)
Combined Community Codec Pack 2011-11-11 (Version: 2011.11.11.0 - CCCP Project)
Comcast High-Speed Internet Install Wizard (Version:  - Comcast Cable Communications, LLC)
Comical 0.8 (Version:  - James Athey)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (Version: .1707 - CyberLink Corp.)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version:  - Microsoft)
DivX Converter (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (Version:  - DivX, Inc.)
DivX Setup (Version: 2.4.1.4 - DivX, LLC)
DivX Version Checker (Version: 7.1.0.2 - DivX, Inc.)
DVD Decrypter (Remove Only) (Version:  - )
DVD Play (Version: 2.4.5411 - Hewlett-Packard)
DVDx (Version: 2.10 - labDV®)
Easy Graphic Converter 1.2 (Version: 1.1 - Etru Software Development)
Easy Solve (Version:  - )
Enhanced Multimedia Keyboard Solution (Version:  - Hewlett-Packard)
ESET Online Scanner v3 (Version:  - )
FairUse Wizard 2 (Version: (v2.9) - FairUse Wizard)
FLV Knife 0.0.0003 (Version:  - Sönke Rohde)
GGPO (Version: 0.29.1 - DoublePerfect Productions)
GigaClicks Crawler (Version:  - )
Google Earth (Version: 7.1.2.2041 - Google)
Google Talk (remove only) (HKCU Version:  - )
Google Talk Plugin (Version: 5.1.4.17398 - Google)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Google Updater (Version: 2.4.2432.1652 - Google Inc.)
Guitar Pro 5.2 (Version:  - Arobas Music)
Haali Media Splitter (Version:  - )
Hardware Diagnostic Tools (Version: 5.1.4861.15 - PC-Doctor, Inc.)
Hewlett-Packard Active Check for Health Check (Version: 1.1.15.2 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.63.2 - HP) Hidden
HijackThis 2.0.2 (Version: 2.0.2 - TrendMicro)
HP Active Support Library (Version: 3.1.6.1 - Hewlett-Packard) Hidden
HP Advisor (Version: 3.3.12286.3436 - Hewlett-Packard)
HP Customer Experience Enhancements (Version: 5.6.0.2510 - Hewlett-Packard)
HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Demo (Version: 1.00.0000 - Hewlett-Packard)
HP Photosmart Essential 2.5 (Version: 1.03.0000 - Hewlett-Packard) Hidden
HP Photosmart Essential 3.0 (Version: 3.0 - HP)
HP Picasso Media Center Add-In (Version: 1.0.0 - HP) Hidden
HP Recovery Manager RSS (Version: 84.0.0.7 - Hewlet Packard Company) Hidden
HP Update (Version: 4.000.010.008 - Hewlett-Packard)
HPPhotoSmartPhotobookWebPack1 (Version: 2.03.0000 - Hewlett-Packard) Hidden
HPTCSSetup (Version: 1.0.964.2626 - Hewlett-Packard Company)
iCloud (Version: 2.1.2.8 - Apple Inc.)
ImgBurn (Version: 2.5.0.0 - LIGHTNING UK!)
InFlac 1.1.1 (Version: 1.1.1 - Michael Facquet)
IrfanView (remove only) (Version:  - )
iTunes (Version: 11.0.3.42 - Apple Inc.)
J2SE Development Kit 5.0 Update 11 (Version: 1.5.0.110 - Sun Microsystems, Inc.)
J2SE Runtime Environment 5.0 Update 1 (Version: 1.5.0.10 - Sun Microsystems, Inc.)
J2SE Runtime Environment 5.0 Update 11 (Version: 1.5.0.110 - Sun Microsystems, Inc.)
Japanese Fonts Support For Adobe Reader 9 (Version: 9.0.0 - Adobe Systems Incorporated)
Java 7 Update 21 (Version: 7.0.210 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java DB 10.4.2.1 (Version: 10.4.2.1 - Sun Microsystems, Inc)
Java SE Development Kit 7 Update 21 (Version: 1.7.0.210 - Oracle)
Java™ 6 Update 7 (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Java™ SE Development Kit 6 Update 17 (Version: 1.6.0.170 - Sun Microsystems, Inc.)
Java™ SE Development Kit 6 Update 7 (Version: 1.6.0.70 - Sun Microsystems, Inc.)
jGRASP (Version: 2.0.0_03 - )
join.me (HKCU Version: 1.7.0.138 - LogMeIn, Inc.)
K-Lite Codec Pack 5.8.3 (Full) (Version: 5.8.3 - )
LabelPrint (Version: 2.2.2913 - CyberLink Corp.)
Lernout & Hauspie TruVoice American English TTS Engine (Version:  - )
LightScribe System Software (Version: 1.18.3.2 - LightScribe)
LightScribeTemplateLabeler (Version: 1.10.23.1 - LightScribe)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Matroska Pack (Version:  - )
McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 6.2 (Version: 6.20.182.0 - Microsoft)
Microsoft MSDN 2005 Express Edition - ENU (Version:  - Microsoft Corporation)
Microsoft MSDN 2005 Express Edition - ENU (Version: 1.16.50727.42 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 Trial (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (Version:  - )
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (Version: 3.1.8.0 - Apple Inc.)
Morgan M-JPEG codec V3 (Version:  - )
Movavi Video Converter 7 (Version: 7.00.001 - Movavi)
Mozilla Firefox 27.0 (x86 en-US) (Version: 27.0 - Mozilla)
Mozilla Maintenance Service (Version: 27.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0 - Microsoft Corporation)
muvee autoProducer 6.1 (Version: 6.10.050 - muvee Technologies)
My HP Games (Version: 1.0.0.52 - WildTangent)
NetBeans IDE 7.3 (Version: 7.3 - NetBeans.org)
Nightwing's Diamond/Pearl Stat Calculator (Version:  - )
NJStar Communicator (Version: 3.00 - NJStar Software Corp.)
Norton Security Scan (Version: 4.0.3.27 - Symantec Corporation)
NSIS Mixxx (Version:  - )
Octoshape Streaming Services (HKCU Version:  - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
ooVoo (Version: 3.0.4039 - ooVoo LLC.)
Oracle Data Provider for .NET Help (Version: 11.1.0600 - Oracle Corporation)
PakkISO 0.4 (Version: PakkISO 0.4 by zorted, installer by BitLooter - )
PCIe Soft Data Fax Modem with SmartCP (Version: 7.71.00.50 - Conexant Systems)
Pinnacle Instant DVD Recorder (Version: 2.6.0.118 - Pinnacle Systems)
Pinnacle Studio 12 (Version: 12.1.3.6605 - Pinnacle Systems)
Pinnacle Video Driver (Version: 12.1.0.029 - Pinnacle Systems)
Power2Go (Version: 5.6.4109 - CyberLink Corp.)
PowerDirector (Version: 6.5.2926 - CyberLink Corp.)
PowerDirector (Version: 6.5.2926 - CyberLink Corp.) Hidden
PSSWCORE (Version: 2.03.0000 - Hewlett-Packard) Hidden
Python 2.5.2 (Version: 2.5.2150 - Python Software Foundation)
QuickTime (Version: 7.73.80.64 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (Version: 15.0.6 - RealNetworks)
Realtek High Definition Audio Driver (Version:  - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Rhapsody (Version:  - )
Rhapsody MP3 Download Manager (Version: 1.0.4.219 - RealNetworks)
RichFLV (Version: 4.2 - UNKNOWN)
RichFLV (Version: 4.2 - UNKNOWN) Hidden
Safari (Version: 5.34.57.2 - Apple Inc.)
ScanWizard 5 (Version:  - )
Search Protection (HKCU Version: 8.5.0.1 - Spigot, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Skype Toolbars (Version: 5.3.7280 - Skype Technologies S.A.)
Skype™ 5.10 (Version: 5.10.116 - Skype Technologies S.A.)
Socialbox (Version: 2.114.2 - Zoosk, Inc.)
Socialbox (Version: 2.114.2 - Zoosk, Inc.) Hidden
Sony Vegas Pro 8.0 (Version: 8.0.260 - Sony)
Sound Blaster Live! Web 2K/XP (Version:  - )
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0 - Adobe Systems Incorporated)
SPORE Creature Creator Trial Edition (Version: 1.00.0000 - Electronic Arts)
Super DVD Creator 9.25.0 (Version:  - MasterSoft, Inc.)
Unity Web Player (HKCU Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (Version:  - Microsoft)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
Veoh Giraffic Video Accelerator (Version: 0.86.412.230 - Giraffic)
Veoh Web Player (Version: 1.1.2.0000 - Veoh Networks, Inc.)
VideoToolkit01 (Version: 110.0.171.000 - Hewlett-Packard) Hidden
VLC media player 2.0.6 (Version: 2.0.6 - VideoLAN)
VNC Free Edition 4.1.3 (Version: 4.1.3 - RealVNC Ltd.)
VoiceOver Kit (Version: 1.42.128.0 - Apple Inc.)
VueScan (Version:  - )
WeatherBug (Version: 6.8.2.0 - AWS Convergence Technologies)
Winamp (Version: 5.541  - Nullsoft, Inc)
Windows Media Player Firefox Plugin (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile Device Center (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Movie Maker 2.6 (Version: 2.6.4040.0 - Microsoft Corporation)
WinRAR archiver (Version:  - )
Wondershare Video Converter Platinum(Build 5.1.2.0) (Version:  - Wondershare Software)
Yahoo! BrowserPlus 2.9.2 (HKCU Version:  - Yahoo! Inc.)
Yahoo! Messenger (Version:  - Yahoo! Inc.)
Yahoo! Toolbar (Version:  - )

==================== Restore Points  =========================

07-02-2014 08:00:19 Windows Update
07-02-2014 21:06:01 Windows Update
08-02-2014 08:00:47 Windows Update
08-02-2014 20:08:02 Scheduled Checkpoint
09-02-2014 08:00:22 Windows Update
09-02-2014 21:05:09 Scheduled Checkpoint
10-02-2014 08:00:20 Windows Update
11-02-2014 06:03:22 Scheduled Checkpoint
11-02-2014 08:00:16 Windows Update
11-02-2014 14:57:37 Windows Update

==================== Hosts content: ==========================

2006-11-02 05:23 - 2013-02-14 07:52 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {04C6F184-3542-475F-BBB4-9C04B14FC5A8} - System32\Tasks\IORRT => C:\IORRT\IORRT.bat [2014-01-23] ()
Task: {071FC1A7-A836-42ED-9C8A-CF8CEC49D4FE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {075F7B0C-8858-426A-81EA-5161F4D13E82} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {1B4B28DF-FFE9-45F5-B593-181C35082166} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-25] (Google Inc.)
Task: {1E20EDF1-1766-4FE6-A790-0D1428E56D3A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-889684394-3566908023-1206495480-1000UA => C:\Users\trace\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-06] (Google Inc.)
Task: {2C19F871-4A34-4861-A310-5A682296E69A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-889684394-3566908023-1206495480-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {2EF1A2C3-210D-4AFD-BEB7-E51E7FD69C0C} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {394DE194-3EE8-4C43-9E95-E9F23EF7447F} - System32\Tasks\{BA3B1075-64C1-45CE-AB2B-129C68827C82} => C:\Program Files\Skype\\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {3A950610-5351-4CF3-89BD-526A7E64AA8B} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {3D339994-08B2-4C3A-9D13-19EEC8BBCD1A} - System32\Tasks\Hybrid => C:\IORRT\IORRT.bat [2014-01-23] ()
Task: {45DDCC0B-689A-4C75-B9C0-5F14D3B5F837} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-25] (Google Inc.)
Task: {4CF78578-B3EB-410C-B0D1-64B4C0D8DE3D} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-02] (Hewlett-Packard)
Task: {541D62D9-5FA0-4CC6-A77D-2949E19B0248} - System32\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C} => C:\Users\trace\AppData\Local\Temp\794A.tmp.exe <==== ATTENTION
Task: {5815AF3F-BA42-42FA-BA93-207B29FE63D3} - System32\Tasks\HPCeeScheduleFortrace => C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-12-17] (Hewlett-Packard)
Task: {5A6D9831-D95C-4713-B4E9-F03D1644498F} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {72B3BD26-CCFF-4836-9F2F-BED7FC97D937} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {808419EF-A72A-46C8-89AD-E87E010779C9} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2012-06-26] (Veoh Networks)
Task: {8DE7E4E7-6DB2-47B5-9338-2BA35F8E936C} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe
Task: {8F676D73-36D2-4D89-953B-37F5AC30B5DC} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-15] (Google)
Task: {9572ACC1-35D7-48D5-9A2B-E8A0679CE8DF} - System32\Tasks\PCConfidential => C:\Program Files\Winferno\PC Confidential\PCConfidential.exe [2008-04-01] (Capital Intellect, Inc)
Task: {9DCE8B4F-4F13-4CD4-85C4-C9E8FD9B1CD6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-04] (Adobe Systems Incorporated)
Task: {A4EC0100-76A3-4BBF-B702-E499C8B41D19} - System32\Tasks\PC-Doctor\Scheduled Maintenance => C:\Program Files\PC-Doctor for Windows\RunProfiler.exe [2008-04-09] (PC-Doctor, Inc.)
Task: {B25D4244-6254-4542-9A54-D5A933EC915A} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {B75FF92B-2A69-43A5-A3A1-77AAFFC15756} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-889684394-3566908023-1206495480-1000Core => C:\Users\trace\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-06] (Google Inc.)
Task: {D8320793-120A-405F-9E1A-373D9C983701} - System32\Tasks\Norton Security Scan for trace => C:\Program Files\Norton Security Scan\Engine\4.0.3.27\Nss.exe [2013-10-11] (Symantec Corporation)
Task: {DFDA1E22-C3A4-4F4A-8CC8-B810DF32DD57} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-889684394-3566908023-1206495480-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {E0C1436B-1E78-478B-829E-33E9DD71F952} - System32\Tasks\PC-Doctor\Scheduled Maintenance Swap => C:\Program Files\PC-Doctor for Windows\task_swap.exe [2008-03-13] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-889684394-3566908023-1206495480-1000Core.job => C:\Users\trace\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-889684394-3566908023-1206495480-1000UA.job => C:\Users\trace\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleFortrace.job => C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Norton Security Scan for trace.job => C:\PROGRA~1\NORTON~2\Engine\403~1.27\Nss.exe
Task: C:\Windows\Tasks\PCConfidential.job => C:\Program Files\Winferno\PC Confidential\PCConfidential.exe

==================== Loaded Modules (whitelisted) =============

2008-11-30 15:22 - 2007-09-20 21:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2008-09-12 11:45 - 2008-09-12 11:45 - 00036352 _____ () C:\Program Files\Winamp\winampa.exe
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 00061440 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 00131072 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 00040960 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 00005632 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 00018944 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 00036864 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 00028672 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 00007680 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
2010-07-03 21:51 - 2009-04-30 13:56 - 00344064 _____ () C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
2014-02-06 19:06 - 2014-02-06 19:07 - 03583600 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-02-04 19:52 - 2014-02-04 19:52 - 16287624 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:888AFB86
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: ELBY DVD-ROM SCSI CdRom Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/11/2014 06:43:41 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8315

Error: (02/11/2014 06:43:41 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8315

Error: (02/11/2014 06:43:41 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/11/2014 06:43:40 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7301

Error: (02/11/2014 06:43:40 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7301

Error: (02/11/2014 06:43:40 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/11/2014 06:43:39 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6302

Error: (02/11/2014 06:43:39 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6302

Error: (02/11/2014 06:43:39 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/11/2014 06:43:38 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5304


System errors:
=============
Error: (02/11/2014 10:46:00 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x80070643Definition Update for Windows Defender - KB915597 (Definition 1.165.3774.0){2A96F990-707C-4E06-BA88-982A4BC77FD4}200

Error: (02/11/2014 10:43:18 AM) (Source: Microsoft-Windows-Servicing) (User: NT AUTHORITY)
Description: Windows Servicing failed to complete the process of setting package KB2378111 (Security Update) into Resolving(Resolving) state

Error: (02/11/2014 10:43:18 AM) (Source: Microsoft-Windows-Servicing) (User: NT AUTHORITY)
Description: Windows Servicing failed to complete the process of setting package KB2378111 (Security Update) into Absent(Absent) state

Error: (02/11/2014 10:43:18 AM) (Source: Microsoft-Windows-Servicing) (User: NT AUTHORITY)
Description: Windows Servicing failed to complete the process of setting package KB2378111 (Security Update) into Resolving(Resolving) state

Error: (02/11/2014 10:43:18 AM) (Source: Microsoft-Windows-Servicing) (User: NT AUTHORITY)
Description: Windows Servicing failed to complete the process of setting package KB2378111 (Security Update) into Resolving(Resolving) state

Error: (02/11/2014 10:43:18 AM) (Source: Microsoft-Windows-Servicing) (User: NT AUTHORITY)
Description: Windows Servicing failed to complete the process of setting package KB2378111 (Security Update) into Absent(Absent) state

Error: (02/11/2014 10:43:18 AM) (Source: Microsoft-Windows-Servicing) (User: NT AUTHORITY)
Description: Windows Servicing failed to complete the process of setting package KB2378111 (Security Update) into Resolving(Resolving) state

Error: (02/11/2014 10:43:18 AM) (Source: Microsoft-Windows-Servicing) (User: NT AUTHORITY)
Description: Windows Servicing failed to complete the process of setting package KB2378111 (Security Update) into Absent(Absent) state

Error: (02/11/2014 10:43:18 AM) (Source: Microsoft-Windows-Servicing) (User: NT AUTHORITY)
Description: Windows Servicing failed to complete the process of setting package KB2378111 (Security Update) into Resolving(Resolving) state

Error: (02/11/2014 10:43:18 AM) (Source: Microsoft-Windows-Servicing) (User: NT AUTHORITY)
Description: Windows Servicing failed to complete the process of setting package KB2378111 (Security Update) into Absent(Absent) state


Microsoft Office Sessions:
=========================
Error: (11/23/2013 11:23:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7519 seconds with 3300 seconds of active time.  This session ended with a crash.

Error: (11/26/2012 04:22:50 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 8 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/26/2012 11:58:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 11 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/14/2011 09:27:30 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 241124 seconds with 4680 seconds of active time.  This session ended with a crash.

Error: (03/06/2010 10:44:08 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 60 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-02-12 01:57:19.985
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-12 01:57:19.926
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-12 01:57:19.871
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-12 01:57:19.794
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-12 01:57:19.718
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-12 01:57:19.638
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-12 01:57:19.515
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-12 01:57:19.399
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-08 02:51:38.314
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-08 02:51:38.268
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 61%
Total physical RAM: 1917.76 MB
Available physical RAM: 742.57 MB
Total Pagefile: 4084.82 MB
Available Pagefile: 1865.47 MB
Total Virtual: 2047.88 MB
Available Virtual: 1927.6 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:138.03 GB) (Free:7.33 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.02 GB) (Free:1.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=138 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Edited by Kinglit, 12 February 2014 - 02:07 AM.


#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:16 AM

Posted 25 February 2014 - 08:08 AM

Step 1

Please download AdwCleaner (by Xplode) and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

 

 

Step 2

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#6 Kinglit

Kinglit
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 28 February 2014 - 09:48 PM

I did not see the response email (it was in my spam for some reason). Many apologies for the delayed response. I'll get right on it.



#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:16 AM

Posted 01 March 2014 - 06:46 AM

All right. :)



#8 Kinglit

Kinglit
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 06 March 2014 - 02:54 AM

ADWCLEANER LOGFILE

 

# AdwCleaner v3.020 - Report created 06/03/2014 at 01:07:26
# Updated 27/02/2014 by Xplode
# Operating System : Windows Vista ™ Ultimate Service Pack 1 (32 bits)
# Username : trace - TRACE-PC
# Running from : C:\Users\trace\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Users\trace\AppData\Local\Conduit
Folder Deleted : C:\Users\trace\AppData\Local\genienext
Folder Deleted : C:\Users\trace\AppData\Local\Mobogenie
Folder Deleted : C:\Users\trace\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\trace\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\trace\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\trace\AppData\Roaming\newnext.me
Folder Deleted : C:\Users\trace\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\trace\Documents\Mobogenie
Folder Deleted : C:\Users\trace\Documents\Optimizer Pro
Folder Deleted : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\x7dv57x8.default\CT3306061
Folder Deleted : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\x7dv57x8.default\Extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}
File Deleted : C:\END
File Deleted : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\x7dv57x8.default\searchplugins\Conduit.xml
File Deleted : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\x7dv57x8.default\searchplugins\conduit-search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{808419EF-A72A-46C8-89AD-E87E010779C9}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F676D73-36D2-4D89-953B-37F5AC30B5DC}
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306061
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412252}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\dt soft\daemon tools toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6001.18000


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\x7dv57x8.default\prefs.js ]

Line Deleted : user_pref("CT3306061.FF19Solved", "true");
Line Deleted : user_pref("CT3306061.UserID", "UN28601680262209812");
Line Deleted : user_pref("CT3306061.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3306061.fullUserID", "UN28601680262209812.IN.20131209002735");
Line Deleted : user_pref("CT3306061.installDate", "09/12/2013 00:27:41");
Line Deleted : user_pref("CT3306061.installSessionId", "{EC9A6FAC-1131-46DA-B9A3-A081FBFB6AEC}");
Line Deleted : user_pref("CT3306061.installSp", "TRUE");
Line Deleted : user_pref("CT3306061.installerVersion", "1.8.1.4");
Line Deleted : user_pref("CT3306061.keyword", "true");
Line Deleted : user_pref("CT3306061.originalHomepage", "about:home");
Line Deleted : user_pref("CT3306061.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3306061.originalSearchEngine", "");
Line Deleted : user_pref("CT3306061.originalSearchEngineName", "");
Line Deleted : user_pref("CT3306061.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3306061.searchRevert", "true");
Line Deleted : user_pref("CT3306061.searchUninstallUserMode", "2");
Line Deleted : user_pref("CT3306061.searchUserMode", "2");
Line Deleted : user_pref("CT3306061.smartbar.homepage", "true");
Line Deleted : user_pref("CT3306061.toolbarInstallDate", "09-12-2013 00:27:35");
Line Deleted : user_pref("CT3306061.versionFromInstaller", "10.22.5.10");
Line Deleted : user_pref("CT3306061.xpeMode", "0");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3306061&octid=CT3306061&SearchSource=61&CUI=UN28601680262209812&UM=2&UP=SP62B3D92A-B3D3-49AE-85E2-ADADFC9A6D82");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=4&UP=SP0DDA3910-F08E-4067-B0D2-E9151CFBF43F");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Connect DLC 5 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&CUI=UN28601680262209812&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN28601680262209812&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3306061&octid=CT3306061&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN28601680262209812&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.machineId", "HR+QWPSNJXRJUPSLVQCV6EDHOUXE0PTQWPBMCLWXSAVQZCUPZ/F+MSAJ9A1TCTCTSDQBKKBHQAWKXERT2IXAYW");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN28601680262209812&UM=2&SearchSource=13");

*************************

AdwCleaner[R0].txt - [6673 octets] - [24/10/2013 19:42:58]
AdwCleaner[R1].txt - [7029 octets] - [06/03/2014 00:59:54]
AdwCleaner[S0].txt - [6786 octets] - [26/10/2013 15:38:28]
AdwCleaner[S1].txt - [7132 octets] - [06/03/2014 01:07:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7192 octets] ##########
 

 

FRST LOGFILE 2

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-03-2014
Ran by trace (administrator) on TRACE-PC on 06-03-2014 02:56:28
Running from C:\Users\trace\Desktop
Microsoft® Windows Vista™ Ultimate  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Giraffic) C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\app\trace\product\11.1.0\db_1\BIN\TNSLSNR.exe
(Giraffic) C:\Program Files\Giraffic\Veoh_Giraffic.exe
(Oracle Corporation) c:\app\trace\product\11.1.0\db_1\bin\ORACLE.EXE
() C:\app\trace\product\11.1.0\db_1\bin\OraVSSW.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(RealVNC Ltd.) C:\Program Files\RealVNC\VNC4\WinVNC4.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
() C:\Program Files\Winamp\winampa.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Pinnacle Systems GmbH) C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Creative Technology Ltd) C:\Windows\System32\CTHELPER.EXE
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.exe
(Morgan Multimedia) C:\Program Files\Morgan\m3jpegV3\MMTray.exe
(DivX, LLC) C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
(Alcatel-Lucent) C:\Program Files\Comcast\pcTrayApp.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Pinnacle Systems) C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard Company) C:\hp\kbd\kbd.exe
(Octoshape ApS) C:\Users\trace\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(Google Inc.) C:\Users\trace\AppData\Local\Google\Update\GoogleUpdate.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
() C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\system32\Taskmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Users\trace\AppData\Local\GCC\Controller.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13539872 2008-05-22] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-05-22] (NVIDIA Corporation)
HKLM\...\Run: [DPService] - C:\Program Files\HP\DVDPlay\DPService.exe [90112 2008-06-11] (CyberLink Corp.)
HKLM\...\Run: [HP Health Check Scheduler] - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-02] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] - c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [hpsysdrv] - c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1037736 2007-08-31] (Microsoft Corporation)
HKLM\...\Run: [KBD] - C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [Monitor] - C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [36352 2008-09-12] ()
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateReg] - C:\Windows\system32\jureg.exe [54936 2007-04-07] (Sun Microsystems, Inc.)
HKLM\...\Run: [USBToolTip] - C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [199752 2007-02-20] (Pinnacle Systems GmbH)
HKLM\...\Run: [USB2Check] - C:\Windows\system32\PCLECoInst.dll [81920 2006-11-06] (Pinnacle Systems)
HKLM\...\Run: [CloneCDElbyCDFL] - C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe [45056 2002-11-02] (Elaborate Bytes AG)
HKLM\...\Run: [CloneCDTray] - C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe [73728 2002-12-02] (Elaborate Bytes AG)
HKLM\...\Run: [WINDVDPatch] - C:\Windows\system32\CTHELPER.EXE [24576 2002-07-02] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [Jet Detection] - C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [28672 2001-11-29] ()
HKLM\...\Run: [DevconDefaultDB] - C:\Windows\READREG /PSCONV={NO} /NO_DEFPS
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [MMTray] - C:\Program Files\Morgan\m3jpegV3\MMTray.exe [53248 2001-11-08] (Morgan Multimedia)
HKLM\...\Run: [DivX Download Manager] - C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe [63360 2010-12-08] (DivX, LLC)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2011-01-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-10] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM\...\Run: [Google Updater] - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [161336 2011-09-15] (Google)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Comcast_McciTrayApp] - C:\Program Files\Comcast\pcTrayApp.exe [1939968 2012-01-18] (Alcatel-Lucent)
HKLM\...\Run: [TkBellExe] - c:\program files\real\realplayer\Update\realsched.exe [296096 2012-08-18] (RealNetworks, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Java\jre7\bin\jusched.exe"
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-889684394-3566908023-1206495480-1000\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-889684394-3566908023-1206495480-1000\...\Run: [HPAdvisor] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-29] (Hewlett-Packard)
HKU\S-1-5-21-889684394-3566908023-1206495480-1000\...\Run: [VeohPlugin] - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [4686848 2012-06-26] (Veoh Networks)
HKU\S-1-5-21-889684394-3566908023-1206495480-1000\...\Run: [Weather] - C:\Program Files\AWS\WeatherBug\Weather.exe [1347584 2007-08-29] (AWS Convergence Technologies, Inc.)
HKU\S-1-5-21-889684394-3566908023-1206495480-1000\...\Run: [PMCRemote] - C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe [226576 2008-09-04] (Pinnacle Systems)
HKU\S-1-5-21-889684394-3566908023-1206495480-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-889684394-3566908023-1206495480-1000\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [5252408 2010-06-01] (Yahoo! Inc.)
HKU\S-1-5-21-889684394-3566908023-1206495480-1000\...\Run: [SetDefaultMIDI] - C:\Windows\MIDIDef.exe [61440 2002-01-14] (Creative Technology Ltd)
HKU\S-1-5-21-889684394-3566908023-1206495480-1000\...\Run: [ooVoo.exe] - C:\Program Files\ooVoo\oovoo.exe [22631608 2011-05-18] (ooVoo LLC)
HKU\S-1-5-21-889684394-3566908023-1206495480-1000\...\Run: [Octoshape Streaming Services] - C:\Users\trace\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [70936 2009-01-08] (Octoshape ApS)
HKU\S-1-5-21-889684394-3566908023-1206495480-1000\...\Run: [googletalk] - C:\Users\trace\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKU\S-1-5-21-889684394-3566908023-1206495480-1000\...\Run: [Google Update] - C:\Users\trace\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-06] (Google Inc.)
HKU\S-1-5-21-889684394-3566908023-1206495480-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-889684394-3566908023-1206495480-1000\...\Run: [SearchProtection] - "C:\Users\trace\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
AppInit_DLLs: c:\progra~2\bprote~1\261123~1.78\{eab34~1\protec~1.dll => c:\progra~2\bprote~1\261123~1.78\{eab34~1\protec~1.dll File Not Found
Startup: C:\Users\trace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\trace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Socialbox.lnk
ShortcutTarget: Socialbox.lnk -> C:\Program Files\Socialbox\Socialbox.exe ()

==================== Internet (Whitelisted) ====================

ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=714647&fr=spigot-yhp-ie
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xfinity.com/?cid=xfstart_eg_self_main
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - ComcastSearch URL = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_self_search
SearchScopes: HKLM - {3A9A5C13-2D3F-49E8-8BD6-F8DD111E6162} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKCU - ComcastSearch URL = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_self_search
SearchScopes: HKCU - {84A8877D-95DF-4C4D-903E-2EEE0F7C49F7} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {BEA110E9-D0C2-4E6A-9D93-5AFB11D239AD} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ ´Ñ;áa´[¦†8 º~RÙxœòÜ8'£-)x­ä­ URL =
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: NJStarBHO Class - {E74F179F-F6CC-4BE0-9638-DEA49583953F} - C:\Program Files\NJStar Communicator\NJStarBHO32.dll (NJStar Software Corp.)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\x7dv57x8.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: www.google.com
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veoh.com/VeohTVPlugin - C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll No File
FF Plugin: @veoh.com/VeohWebPlayer - C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 - C:\Users\trace\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\trace\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\trace\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\trace\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\trace\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\trace\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\trace\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.2 - C:\Users\trace\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Users\trace\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\trace\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\trace\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\trace\AppData\Roaming\mozilla\plugins\npoctoshape.dll (Octoshape ApS)
FF SearchPlugin: C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\x7dv57x8.default\searchplugins\yahoo_ff.xml
FF Extension: Download YouTube Videos as MP4 - C:\Users\trace\AppData\Roaming\Mozilla\Firefox\Profiles\x7dv57x8.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2013-11-23]
FF Extension: WordOv - C:\Program Files\Mozilla Firefox\extensions\gmijq@bnasdndblib.com [2014-02-14]
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-14]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-14]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-02-14]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011-01-24]
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011-01-24]
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-08-18]
FF HKCU\...\Firefox\Extensions: [web@veoh.com] - C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder
FF Extension: Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2008-12-17]

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 Giraffic; C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe [2245232 2013-05-13] (Giraffic)
S2 gupdate1c9976ea5c9c3b0; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-25] (Google Inc.)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-02] (Hewlett-Packard)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-15] (McAfee, Inc.)
S2 OracleDBConsoleorcl; C:\app\trace\product\11.1.0\db_1\bin\nmesrvc.exe [25600 2007-09-13] (Oracle Corporation)
S4 OracleJobSchedulerORCL; c:\app\trace\product\11.1.0\db_1\Bin\extjob.exe [102400 2007-10-03] ()
R2 OracleServiceORCL; c:\app\trace\product\11.1.0\db_1\bin\ORACLE.EXE [89702400 2007-10-03] (Oracle Corporation)
R2 OracleVssWriterORCL; C:\app\trace\product\11.1.0\db_1\bin\OraVSSW.exe [163840 2007-10-03] ()
R2 WinVNC4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [439632 2008-10-15] (RealVNC Ltd.)
R2 OracleOraDb11g_home1TNSListener; C:\app\trace\product\11.1.0\db_1\BIN\TNSLSNR  [X]

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 DCamUSBEMPIA; C:\Windows\System32\DRIVERS\emDevice.sys [100957 2005-12-21] (eMPIA Technology, Inc.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2014-02-12] (Symantec Corporation)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [15360 2002-11-28] (Elaborate Bytes AG)
R2 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [16320 2002-11-29] (Elaborate Bytes AG)
R0 ElbyVCD; C:\Windows\System32\DRIVERS\ElbyVCD.sys [22016 2002-11-28] (Elaborate Bytes AG)
S3 emAudio; C:\Windows\System32\drivers\emAudio.sys [22528 2006-12-12] (Pinnacle Systems GmbH)
S3 FiltUSBEMPIA; C:\Windows\System32\DRIVERS\emFilter.sys [5245 2005-12-21] (eMPIA Technology, Inc.)
S3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [998004 2002-07-24] (Creative Technology Ltd)
R3 HSXHWBS3; C:\Windows\System32\DRIVERS\HSXHWBS3.sys [207360 2008-02-12] (Conexant Systems, Inc.)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 mod7700; C:\Windows\System32\Drivers\dvb7700all.sys [444800 2008-07-09] (DiBcom)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2012-01-18] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2012-01-18] (Printing Communications Assoc., Inc. (PCAUSA))
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [507136 2006-12-05] (PixArt Imaging Inc.)
S3 ScanUSBEMPIA; C:\Windows\System32\DRIVERS\emScan.sys [4493 2005-12-21] (eMPIA Technology, Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-14] (Avira GmbH)
S3 vaxscsi; C:\Windows\System32\Drivers\vaxscsi.sys [223128 2009-07-01] (Alcohol Soft Co., Ltd.)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [521216 2008-01-20] (Microsoft Corporation)
S2 ASPI32; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S2 MCSTRM; No ImagePath
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [X]
S4 sptd; System32\Drivers\sptd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-06 01:49 - 2014-03-06 01:50 - 00014200 _____ () C:\Windows\system32\nmesrvc_core_2014_3_6_1_49_59.dmp
2014-03-06 00:56 - 2014-03-06 00:56 - 01244192 _____ () C:\Users\trace\Desktop\AdwCleaner.exe
2014-03-04 22:25 - 2014-03-04 22:28 - 00014990 _____ () C:\Users\trace\Desktop\SC_Excel2010_C5_L1b_RaphaelHarris_2.xlsx
2014-02-24 21:09 - 2014-02-24 21:09 - 00082761 _____ () C:\Users\trace\Desktop\AMAZON ORDER 2 24 14.htm
2014-02-24 21:09 - 2014-02-24 21:09 - 00000000 ____D () C:\Users\trace\Desktop\AMAZON ORDER 2 24 14_files
2014-02-21 08:43 - 2014-02-21 08:43 - 00014200 _____ () C:\Windows\system32\nmesrvc_core_2014_2_21_8_43_28.dmp
2014-02-16 19:35 - 2014-02-16 19:35 - 00014200 _____ () C:\Windows\system32\nmesrvc_core_2014_2_16_19_35_41.dmp
2014-02-15 20:40 - 2014-02-15 20:40 - 00074240 _____ () C:\Users\trace\Desktop\Flemons_Syllabus_Math_0098-163_Spring_2014.wps
2014-02-14 22:46 - 2014-02-14 22:46 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-14 14:50 - 2014-02-14 14:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-12 18:59 - 2014-02-12 18:59 - 00000000 ____D () C:\Windows\system32\Drivers\NSS
2014-02-12 18:59 - 2014-02-12 18:59 - 00000000 ____D () C:\Program Files\Norton Security Scan
2014-02-12 01:58 - 2014-02-12 01:59 - 00037362 _____ () C:\Users\trace\Desktop\Addition.txt
2014-02-12 01:56 - 2014-03-06 02:56 - 00031639 _____ () C:\Users\trace\Desktop\FRST.txt
2014-02-12 01:55 - 2014-03-06 02:56 - 00000000 ____D () C:\Users\trace\Desktop\FRST-OlderVersion
2014-02-09 19:55 - 2014-02-09 19:55 - 00008310 _____ () C:\Users\trace\Downloads\SC_Excel2010_C3_L1b_RaphaelHarris_1.xlsx
2014-02-09 19:54 - 2014-02-09 19:54 - 00008311 _____ () C:\Users\trace\Downloads\SC_Excel2010_C3_L1a_RaphaelHarris_1.xlsx
2014-02-09 14:18 - 2014-03-06 02:56 - 01145344 _____ (Farbar) C:\Users\trace\Desktop\FRST.exe
2014-02-07 04:39 - 2014-02-07 04:39 - 00000000 ____D () C:\Users\trace\Desktop\attach FEBUARY 7 2014
2014-02-07 04:37 - 2014-02-07 04:37 - 00011558 _____ () C:\Users\trace\Desktop\attach FEBUARY 7 2014.zip
2014-02-07 04:09 - 2014-02-07 04:09 - 00341652 _____ () C:\Users\trace\Desktop\attach FEBUARY 7 2014.txt
2014-02-07 04:07 - 2014-02-07 04:06 - 00019745 _____ () C:\Users\trace\Desktop\dds.txt
2014-02-07 03:59 - 2014-02-07 03:59 - 00688992 ____R (Swearware) C:\Users\trace\Desktop\dds(1).com
2014-02-06 01:22 - 2014-02-06 01:25 - 00000000 ____D () C:\Users\trace\AppData\Local\cache
2014-02-06 01:22 - 2014-02-06 01:22 - 00000000 ____D () C:\Users\trace\.android
2014-02-06 01:22 - 2014-02-06 01:22 - 00000000 _____ () C:\Users\trace\daemonprocess.txt
2014-02-06 01:16 - 2014-02-06 01:16 - 00321112 _____ () C:\Users\trace\Downloads\microsoft-office-2010.exe

==================== One Month Modified Files and Folders =======

2014-03-06 02:59 - 2014-02-12 01:56 - 00031639 _____ () C:\Users\trace\Desktop\FRST.txt
2014-03-06 02:58 - 2008-01-20 20:37 - 01888120 _____ () C:\Windows\WindowsUpdate.log
2014-03-06 02:56 - 2014-02-12 01:55 - 00000000 ____D () C:\Users\trace\Desktop\FRST-OlderVersion
2014-03-06 02:56 - 2014-02-09 14:18 - 01145344 _____ (Farbar) C:\Users\trace\Desktop\FRST.exe
2014-03-06 02:56 - 2013-10-20 20:18 - 00000000 ____D () C:\FRST
2014-03-06 02:54 - 2012-06-06 17:55 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-889684394-3566908023-1206495480-1000UA.job
2014-03-06 02:51 - 2012-08-10 11:16 - 00000000 ____D () C:\Program Files\Giraffic
2014-03-06 02:37 - 2009-06-30 20:07 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-06 02:04 - 2009-01-22 12:04 - 00000000 ____D () C:\ProgramData\Google Updater
2014-03-06 02:03 - 2009-06-30 20:07 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-06 01:58 - 2008-12-21 19:12 - 00000416 _____ () C:\Windows\Tasks\PCConfidential.job
2014-03-06 01:50 - 2014-03-06 01:49 - 00014200 _____ () C:\Windows\system32\nmesrvc_core_2014_3_6_1_49_59.dmp
2014-03-06 01:49 - 2012-08-10 11:16 - 00000000 ____D () C:\ProgramData\Giraffic
2014-03-06 01:49 - 2006-11-02 08:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-06 01:49 - 2006-11-02 07:45 - 00006144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-06 01:49 - 2006-11-02 07:45 - 00006144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-06 01:08 - 2013-10-24 19:42 - 00000000 ____D () C:\AdwCleaner
2014-03-06 00:56 - 2014-03-06 00:56 - 01244192 _____ () C:\Users\trace\Desktop\AdwCleaner.exe
2014-03-06 00:51 - 2012-10-11 18:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-05 19:31 - 2011-01-14 14:13 - 00000440 ____H () C:\Windows\Tasks\Norton Security Scan for trace.job
2014-03-05 12:08 - 2010-12-27 09:21 - 00000820 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-03-05 05:54 - 2012-06-06 17:55 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-889684394-3566908023-1206495480-1000Core.job
2014-03-04 22:28 - 2014-03-04 22:25 - 00014990 _____ () C:\Users\trace\Desktop\SC_Excel2010_C5_L1b_RaphaelHarris_2.xlsx
2014-03-04 21:25 - 2014-01-23 13:27 - 00000000 ____D () C:\Users\trace\Desktop\CIS 2128 Spreadsheet homework
2014-03-04 12:53 - 2006-11-02 05:33 - 00723960 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-02 19:54 - 2008-11-30 22:08 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2014-03-01 00:39 - 2009-12-26 00:29 - 00000000 ____D () C:\Users\trace\AppData\Roaming\BitTorrent
2014-02-27 21:17 - 2014-01-21 13:12 - 00001428 _____ () C:\Windows\setupact.log
2014-02-24 21:09 - 2014-02-24 21:09 - 00082761 _____ () C:\Users\trace\Desktop\AMAZON ORDER 2 24 14.htm
2014-02-24 21:09 - 2014-02-24 21:09 - 00000000 ____D () C:\Users\trace\Desktop\AMAZON ORDER 2 24 14_files
2014-02-24 18:56 - 2006-11-02 07:35 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-02-24 10:59 - 2014-01-27 14:34 - 00000000 ____D () C:\Users\trace\Desktop\CIS 2921 IT Analysis Design & Project Development
2014-02-24 00:53 - 2013-08-25 16:55 - 00000000 ____D () C:\Users\trace\Desktop\Desktop files 2
2014-02-21 08:43 - 2014-02-21 08:43 - 00014200 _____ () C:\Windows\system32\nmesrvc_core_2014_2_21_8_43_28.dmp
2014-02-20 23:51 - 2012-10-11 18:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-20 23:51 - 2012-06-24 04:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-16 19:35 - 2014-02-16 19:35 - 00014200 _____ () C:\Windows\system32\nmesrvc_core_2014_2_16_19_35_41.dmp
2014-02-16 19:34 - 2012-04-25 10:25 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-16 19:34 - 2006-11-02 07:59 - 00349094 _____ () C:\Windows\PFRO.log
2014-02-15 20:40 - 2014-02-15 20:40 - 00074240 _____ () C:\Users\trace\Desktop\Flemons_Syllabus_Math_0098-163_Spring_2014.wps
2014-02-15 20:40 - 2008-12-01 03:23 - 00005280 _____ () C:\Users\trace\AppData\Roaming\wklnhst.dat
2014-02-15 14:31 - 2008-08-25 08:31 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-02-14 22:46 - 2014-02-14 22:46 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-14 22:46 - 2013-11-15 21:25 - 00001881 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-02-14 14:52 - 2014-02-14 14:50 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-13 03:21 - 2008-12-01 03:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-13 03:17 - 2013-07-19 02:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-13 03:10 - 2006-11-02 05:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-12 18:59 - 2014-02-12 18:59 - 00000000 ____D () C:\Windows\system32\Drivers\NSS
2014-02-12 18:59 - 2014-02-12 18:59 - 00000000 ____D () C:\Program Files\Norton Security Scan
2014-02-12 18:59 - 2011-01-14 14:13 - 00001099 _____ () C:\Users\Public\Desktop\Norton Security Scan.LNK
2014-02-12 18:59 - 2011-01-14 14:13 - 00000000 ____D () C:\ProgramData\Norton
2014-02-12 01:59 - 2014-02-12 01:58 - 00037362 _____ () C:\Users\trace\Desktop\Addition.txt
2014-02-11 00:29 - 2008-12-01 03:33 - 00000000 ____D () C:\Users\trace\AppData\Local\Microsoft Help
2014-02-09 19:55 - 2014-02-09 19:55 - 00008310 _____ () C:\Users\trace\Downloads\SC_Excel2010_C3_L1b_RaphaelHarris_1.xlsx
2014-02-09 19:54 - 2014-02-09 19:54 - 00008311 _____ () C:\Users\trace\Downloads\SC_Excel2010_C3_L1a_RaphaelHarris_1.xlsx
2014-02-07 04:39 - 2014-02-07 04:39 - 00000000 ____D () C:\Users\trace\Desktop\attach FEBUARY 7 2014
2014-02-07 04:37 - 2014-02-07 04:37 - 00011558 _____ () C:\Users\trace\Desktop\attach FEBUARY 7 2014.zip
2014-02-07 04:09 - 2014-02-07 04:09 - 00341652 _____ () C:\Users\trace\Desktop\attach FEBUARY 7 2014.txt
2014-02-07 04:06 - 2014-02-07 04:07 - 00019745 _____ () C:\Users\trace\Desktop\dds.txt
2014-02-07 03:59 - 2014-02-07 03:59 - 00688992 ____R (Swearware) C:\Users\trace\Desktop\dds(1).com
2014-02-06 03:40 - 2006-11-02 08:00 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-06 01:25 - 2014-02-06 01:22 - 00000000 ____D () C:\Users\trace\AppData\Local\cache
2014-02-06 01:22 - 2014-02-06 01:22 - 00000000 ____D () C:\Users\trace\.android
2014-02-06 01:22 - 2014-02-06 01:22 - 00000000 _____ () C:\Users\trace\daemonprocess.txt
2014-02-06 01:22 - 2008-12-09 00:19 - 00000000 ____D () C:\Users\trace
2014-02-06 01:16 - 2014-02-06 01:16 - 00321112 _____ () C:\Users\trace\Downloads\microsoft-office-2010.exe
2014-02-04 14:38 - 2008-11-30 06:47 - 00000322 _____ () C:\Windows\Tasks\HPCeeScheduleFortrace.job

Some content of TEMP:
====================
C:\Users\trace\AppData\Local\temp\avgnt.exe
C:\Users\trace\AppData\Local\temp\nsd573B.exe
C:\Users\trace\AppData\Local\temp\ose00000.exe
C:\Users\trace\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-06 01:54

==================== End Of Log ============================


Edited by Kinglit, 06 March 2014 - 03:06 AM.


#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:16 AM

Posted 06 March 2014 - 03:20 AM

How is your computer running now?


Step 1

Please download this attached Attached File  fixlist.txt   951bytes   0 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

 

 

 

Step 2

Please download the ESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:16 AM

Posted 19 March 2014 - 12:10 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users