a_ghost_in_a_shell

Members
  • Content Count

    3
  • Joined

  • Last visited

About a_ghost_in_a_shell

  • Rank
    Member
  1. Since my mother doesn't use these programs at all I have removed FrostWire 5, MusicOasis, uTorrent.I also removed Norton Security Scan....because its Norton as well as a number of garbage applications. However both PC Optimizer Pro and Spyware Terminator are not in the add/remove programs list. OTL Fix. All processes killed ========== OTL ========== Service NwlnkFwd stopped successfully! Service NwlnkFwd deleted successfully! File system32\DRIVERS\nwlnkfwd.sys not found. Service NwlnkFlt stopped successfully! Service NwlnkFlt deleted successfully! File system32\DRIVERS\nwlnkflt.sys not found. Service IpInIp stopped successfully! Service IpInIp deleted successfully! File system32\DRIVERS\ipinip.sys not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found. HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found. HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-21-3185870392-4161843172-2390803151-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-3185870392-4161843172-2390803151-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_USERS\S-1-5-21-3185870392-4161843172-2390803151-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3955EF9F-6E07-4DBC-A09A-26C61426354B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3955EF9F-6E07-4DBC-A09A-26C61426354B}\ not found. Registry key HKEY_USERS\S-1-5-21-3185870392-4161843172-2390803151-1000\Software\Microsoft\Internet Explorer\SearchScopes\{409DD3B4-D1F8-EC6E-EDBD-2367FDA78762}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{409DD3B4-D1F8-EC6E-EDBD-2367FDA78762}\ not found. Registry key HKEY_USERS\S-1-5-21-3185870392-4161843172-2390803151-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully. C:\Users\Christopher\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components folder moved successfully. C:\Users\Christopher\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome folder moved successfully. C:\Users\Christopher\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] folder moved successfully. C:\Users\Christopher\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} folder moved successfully. C:\Users\Christopher\AppData\Roaming\mozilla\Extensions folder moved successfully. C:\Users\Christopher\AppData\Roaming\mozilla\Firefox\Profiles\pwwscfuq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully. C:\Users\Christopher\AppData\Roaming\mozilla\Firefox\Profiles\pwwscfuq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully. C:\Users\Christopher\AppData\Roaming\mozilla\Firefox\Profiles\pwwscfuq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully. C:\Users\Christopher\AppData\Roaming\mozilla\Firefox\Profiles\pwwscfuq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully. C:\Users\Christopher\AppData\Roaming\mozilla\Firefox\Profiles\pwwscfuq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully. C:\Users\Christopher\AppData\Roaming\mozilla\Firefox\Profiles\pwwscfuq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully. C:\Users\Christopher\AppData\Roaming\mozilla\Firefox\Profiles\pwwscfuq.default\extensions folder moved successfully. File C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\pwwscfuq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi not found. C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\preferences folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\[email protected]\content folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\[email protected] folder moved successfully. C:\Program Files\Mozilla Firefox\extensions folder moved successfully. Folder C:\Program Files\Mozilla Firefox\extensions\[email protected]\content\ not found. Folder C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Easy Dock deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService deleted successfully. C:\Windows\Tasks\PC Optimizer Pro startups.job moved successfully. Folder C:\Users\Christopher\AppData\Roaming\uTorrent :Files\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Christopher ->Temp folder emptied: 674536670 bytes ->Temporary Internet Files folder emptied: 98230895 bytes ->Java cache emptied: 5567906 bytes ->FireFox cache emptied: 69025991 bytes ->Google Chrome cache emptied: 9581502 bytes ->Flash cache emptied: 3820915 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Incomplete User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 45230992 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 864.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully Error: Unable to interpret <[createrestorepoint] [Reboot]> in the current context! OTL by OldTimer - Version 3.2.69.0 log created on 07032013_004253 Files\Folders moved on Reboot... C:\Users\Christopher\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SC0D9FQT\tooltip-arrow[1].png moved successfully. C:\Users\Christopher\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3X9XGWE\nag-btn-green-middle[1].png moved successfully. C:\Windows\temp\_avast_\unp172464477.tmp moved successfully. File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... ESET (I had to run this three times to get it to actually finish once. The first time it claimed it found multiple threats but the scan never finished, then the computer shut off during the second scan, the log below is the result of the third scan which said that there were no threats found.) [email protected] as downloader log: Can not read file from [email protected] as downloader log: Can not read file from internet.Can not read file from [email protected] as downloader log: Can not read file from internet.# version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=971fd631a4064549acecd99584ba7a46 # engine=14262 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2013-07-03 11:21:33 # local_time=2013-07-03 07:21:33 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=771 16777213 100 91 40972945 148681965 0 0 # compatibility_mode=5892 16776573 100 100 17843895 209501221 0 0 # scanned=139542 # found=0 # cleaned=0 # scan_time=1925
  2. AdwCleaner # AdwCleaner v2.303 - Logfile created 07/01/2013 at 23:04:14# Updated 08/06/2013 by Xplode# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)# User : Christopher - ALLISONPC# Boot Mode : Normal# Running from : C:\Users\Christopher\Downloads\adwcleaner.exe# Option [Delete] ***** [services] ***** Stopped & Deleted : DefaultTabUpdate ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files\Ask.comDeleted on reboot : C:\Program Files\PC Optimizer ProFile Deleted : C:\ENDFile Deleted : C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xmlFile Deleted : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pwwscfuq.default\extensions\[email protected] Deleted : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pwwscfuq.default\searchplugins\Askcom.xmlFile Deleted : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pwwscfuq.default\searchplugins\search-here.xmlFile Deleted : C:\Users\Public\Desktop\PC Optimizer Pro.lnkFile Deleted : C:\Windows\tasks\PC Optimizer Pro Updates.jobFolder Deleted : C:\Program Files\ConduitFolder Deleted : C:\Program Files\CrawlerFolder Deleted : C:\Program Files\Free Offers from Freeze.comFolder Deleted : C:\Program Files\uTorrentControl2Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Optimizer ProFolder Deleted : C:\ProgramData\PC Optimizer ProFolder Deleted : C:\ProgramData\WeCareReminderFolder Deleted : C:\Users\CHRIST~1\AppData\Local\Temp\AskSearchFolder Deleted : C:\Users\CHRIST~1\AppData\Local\Temp\OpenCandyFolder Deleted : C:\Users\Christopher\AppData\Local\ConduitFolder Deleted : C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomcFolder Deleted : C:\Users\Christopher\AppData\Local\OpenCandyFolder Deleted : C:\Users\Christopher\AppData\LocalLow\AskToolbarFolder Deleted : C:\Users\Christopher\AppData\LocalLow\ConduitFolder Deleted : C:\Users\Christopher\AppData\LocalLow\PriceGongFolder Deleted : C:\Users\Christopher\AppData\LocalLow\uTorrentControl2Folder Deleted : C:\Users\Christopher\AppData\Roaming\DefaultTabFolder Deleted : C:\Users\Christopher\AppData\Roaming\OpenCandyFolder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registry] ***** Key Deleted : HKCU\Software\APNKey Deleted : HKCU\Software\AppDataLow\Software\AskToolbarKey Deleted : HKCU\Software\AppDataLow\Software\CompeteIncKey Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\DefaultTabKey Deleted : HKCU\Software\AppDataLow\Software\PriceGongKey Deleted : HKCU\Software\AppDataLow\Software\SmartBarKey Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2Key Deleted : HKCU\Software\AppDataLow\ToolbarKey Deleted : HKCU\Software\Ask.comKey Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\Default TabKey Deleted : HKCU\Software\DefaultTabKey Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomcKey Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}Key Deleted : HKCU\Software\pc optimizer proKey Deleted : HKCU\Software\wecarereminderKey Deleted : HKCU\Software\YahooPartnerToolbarKey Deleted : HKCU\Software\ZugoKey Deleted : HKLM\Software\APNKey Deleted : HKLM\Software\AskToolbarKey Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLLKey Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserKey Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveXKey Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWndKey Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminderKey Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEFKey Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEFKey Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}Key Deleted : HKLM\Software\ConduitKey Deleted : HKLM\Software\Default TabKey Deleted : HKLM\Software\Freeze.comKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomcKey Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B1B34C2-CB4B-4F8A-B796-3E0F34DB3183}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63622982-B075-4E7B-A1B3-C36FF724CC0F}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82EKey Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FAKey Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5EDKey Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CCKey Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EAKey Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0EKey Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDFKey Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65EKey Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEFKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTabKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc optimizer proKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 ToolbarKey Deleted : HKLM\Software\pc optimizer proKey Deleted : HKLM\Software\uTorrentControl2Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18975 -\\ Mozilla Firefox v14.0.1 (en-US) File : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pwwscfuq.default\prefs.js C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pwwscfuq.default\user.js ... Deleted ! Deleted : user_pref("CT2612669_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...] Deleted : user_pref("Smartbar.ConduitSearchEngineList", "IMVU Inc Customized Web Search"); Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2612669");Deleted : user_pref("browser.search.defaultengine", "Ask.com");Deleted : user_pref("browser.search.defaultenginename", "Ask.com");Deleted : user_pref("browser.search.order.1", "Ask.com");Deleted : user_pref("browser.search.selectedEngine", "IMVU Inc Customized Web Search");Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");Deleted : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");Deleted : user_pref("extensions.asktb.abar-war-timeout", "4000");Deleted : user_pref("extensions.asktb.apn_dbr", "ff_7.0.1");Deleted : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);Deleted : user_pref("extensions.asktb.cbid", "FM");Deleted : user_pref("extensions.asktb.config-updated", true);Deleted : user_pref("extensions.asktb.crumb", "2012.02.10+08.32.42-toolbar015iad-US-Um9tZSxHQSxVbml0ZWQgU3RhdG[...] Deleted : user_pref("extensions.asktb.displaybehavior", "");Deleted : user_pref("extensions.asktb.displaytext", "");Deleted : user_pref("extensions.asktb.dtid", "TES002U1US");Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "USGA0488");Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "F");Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");Deleted : user_pref("extensions.asktb.first-restart-after-config-update", true);Deleted : user_pref("extensions.asktb.fresh-install", false);Deleted : user_pref("extensions.asktb.guid", "0ef5806c-0065-4574-a007-37618c5e7644");Deleted : user_pref("extensions.asktb.hpr", "YES");Deleted : user_pref("extensions.asktb.hts-enabled", false);Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]Deleted : user_pref("extensions.asktb.if", "first");Deleted : user_pref("extensions.asktb.l", "dis");Deleted : user_pref("extensions.asktb.last-config-req", "1352144706347");Deleted : user_pref("extensions.asktb.last-search-timestamp", "1345652564716");Deleted : user_pref("extensions.asktb.locale", "en_US");Deleted : user_pref("extensions.asktb.location", "Rome,GA,United States");Deleted : user_pref("extensions.asktb.lstation", "");Deleted : user_pref("extensions.asktb.new-tab-enabled", true);Deleted : user_pref("extensions.asktb.news-native-on", true);Deleted : user_pref("extensions.asktb.o", "14193");Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);Deleted : user_pref("extensions.asktb.pstate", "");Deleted : user_pref("extensions.asktb.qsrc", "2871");Deleted : user_pref("extensions.asktb.r", "3");Deleted : user_pref("extensions.asktb.sa", "YES");Deleted : user_pref("extensions.asktb.sa-enabled", "false");Deleted : user_pref("extensions.asktb.saguid", "B3467A86-270E-45DF-8D42-D740F7FA6AAD");Deleted : user_pref("extensions.asktb.save-searches", false);Deleted : user_pref("extensions.asktb.search-history-queries", "greg spires||riverbend in chattanooga||google|[...] Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);Deleted : user_pref("extensions.asktb.silent-upgrade", true);Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);Deleted : user_pref("extensions.asktb.socialmini-first", true);Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");Deleted : user_pref("extensions.asktb.socialmini-native-on", true);Deleted : user_pref("extensions.asktb.socialmini-speed", "10000");Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false);Deleted : user_pref("extensions.asktb.themeid", "");Deleted : user_pref("extensions.asktb.timeinstalled", "2/10/2012 11:33:50 AM");Deleted : user_pref("extensions.asktb.to", "");Deleted : user_pref("extensions.asktb.v", "3.15.4.100013");Deleted : user_pref("extensions.asktb.version", "5.15.4.23821");Deleted : user_pref("extensions.asktb.volume", ""); -\\ Google Chrome v27.0.1453.116 File : C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [23123 octets] - [01/07/2013 15:09:10]AdwCleaner[R2].txt - [23070 octets] - [01/07/2013 23:03:53]AdwCleaner[s1].txt - [23081 octets] - [01/07/2013 23:04:14] ########## EOF - C:\AdwCleaner[s1].txt - [23142 octets] ########## Junkware Removal Tool ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 4.9.4 (05.06.2013:1)OS: Windows Vista Home Premium x86Ran by Christopher on Mon 07/01/2013 at 23:36:55.67~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayNameSuccessfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistpluginSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{27C1110B-89F3-4DC9-86F5-13AF19BF1E3F}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A229BC5B-E7A2-447B-B015-1E7CA944978D}Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar" ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Christopher\appdata\local\rivalgaming"Successfully deleted: [Folder] "C:\Users\Christopher\appdata\locallow\fast free converter"Successfully deleted: [Folder] "C:\Users\Christopher\appdata\locallow\oovootoolbar"Successfully deleted: [Folder] "C:\Program Files\bigfix"Successfully deleted: [Folder] "C:\Program Files\consumer input"Successfully deleted: [Folder] "C:\Program Files\fast free converter"Successfully deleted: [Folder] "C:\Program Files\freefrog"Successfully deleted: [Folder] "C:\Program Files\pc optimizer pro"Successfully deleted: [Folder] "C:\Users\Christopher\AppData\Roaming\microsoft\windows\start menu\programs\rivalgaming"Successfully deleted: [Folder] "C:\Program Files\ask.com" ~~~ FireFox Successfully deleted: [File] C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\pwwscfuq.default\searchplugins\bing-zugo.xmlSuccessfully deleted: [File] C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\pwwscfuq.default\searchplugins\imvu-inc-customized-web-search.xmlEmptied folder: C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\pwwscfuq.default\minidumps [150 files] ~~~ Chrome Successfully deleted: [Folder] C:\Users\Christopher\appdata\local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmmSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ippkomaaonokjnfjoikaemidanojkfmm ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 07/01/2013 at 23:39:09.60End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ OLT.txt OTL logfile created on: 7/1/2013 11:51:02 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christopher\DesktopWindows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18975)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.63% Memory free4.21 Gb Paging File | 3.23 Gb Available in Paging File | 76.64% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 101.79 Gb Total Space | 57.16 Gb Free Space | 56.15% Space Free | Partition Type: NTFS Computer Name: ALLISONPC | User Name: Christopher | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All usersCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/07/01 23:48:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christopher\Desktop\OTL.comPRC - [2012/08/11 14:16:41 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exePRC - [2012/08/09 01:56:19 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exePRC - [2011/11/28 14:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exePRC - [2011/11/28 14:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exePRC - [2010/10/07 13:43:18 | 000,106,496 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exePRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exePRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exePRC - [2008/06/11 14:18:30 | 000,024,576 | ---- | M] () -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exePRC - [2008/02/22 07:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exePRC - [2008/01/20 22:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exePRC - [2007/12/11 00:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exePRC - [2007/09/06 22:23:36 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Windows\sttray.exePRC - [2007/07/12 19:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exePRC - [2007/07/12 19:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe ========== Modules (No Company Name) ========== MOD - [2012/08/09 01:56:17 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dllMOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Fast Free Converter\FastFreeConverterUpdt.exe -- (FastFreeConverterUpdt)SRV - [2013/06/30 20:39:09 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2012/08/09 01:56:17 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)SRV - [2011/11/28 14:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)SRV - [2008/06/11 14:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe -- (ETService)SRV - [2008/05/05 18:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2007/12/11 00:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)SRV - [2007/07/12 19:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)DRV - [2011/11/28 13:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)DRV - [2011/11/28 13:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)DRV - [2011/11/28 13:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)DRV - [2011/11/28 13:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)DRV - [2011/11/28 13:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)DRV - [2011/11/28 13:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)DRV - [2008/06/11 14:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)DRV - [2008/02/29 04:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)DRV - [2008/01/16 05:09:40 | 000,280,576 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)DRV - [2007/09/06 22:26:04 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)DRV - [2007/06/27 17:05:52 | 000,053,184 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)DRV - [2007/06/27 17:04:14 | 000,071,488 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)DRV - [2007/05/23 20:37:40 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)DRV - [2007/02/16 03:18:38 | 000,070,144 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp32&d=0908&m=m-6339uIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp32&d=0908&m=m-6339uIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.comIE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/searchIE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value foundIE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value foundIE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp32&d=0908&m=m-6339uIE - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.comIE - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1IE - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20120832,19225,0,53,0IE - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.westga.edu/IE - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1IE - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\..\SearchScopes\{3955EF9F-6E07-4DBC-A09A-26C61426354B}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACGWIE - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\..\SearchScopes\{409DD3B4-D1F8-EC6E-EDBD-2367FDA78762}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z015&form=ZGAIDFIE - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "https://www.google.com/"FF - prefs.js..extensions.enabledAddons: [email protected]:6.0.1367FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.9.20130409112616FF - prefs.js..extensions.enabledItems: [email protected]:3.12.2.16749FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550FF - prefs.js..extensions.enabledItems: {6D2042EE-B4EB-4375-93F2-07DF2D8B7643}:1.9.1FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/19 15:09:04 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/11 14:17:32 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2012/11/04 00:52:05 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Fast Free Converter\FastFreeConverter\[email protected] - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/09 01:56:20 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/11 14:18:56 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.5\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2012/08/11 14:17:12 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.5\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\pluginsFF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6D2042EE-B4EB-4375-93F2-07DF2D8B7643}: C:\Users\Christopher\AppData\Local\{6D2042EE-B4EB-4375-93F2-07DF2D8B7643} [2011/04/22 20:37:00 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Consumer Input\Firefox\srcFF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/09 01:56:20 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/11 14:18:56 | 000,000,000 | ---D | M] [2009/10/24 15:18:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\Extensions[2013/07/01 23:04:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\Firefox\Profiles\pwwscfuq.default\extensions[2013/07/01 14:53:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Christopher\AppData\Roaming\mozilla\Firefox\Profiles\pwwscfuq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}[2012/07/14 00:00:10 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\pwwscfuq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi[2012/11/06 15:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions[2012/11/06 15:55:32 | 000,000,000 | ---D | M] (Fast Free Converter) -- C:\Program Files\Mozilla Firefox\extensions\[email protected][2012/08/20 10:51:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]\content[2012/08/20 10:51:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults[2011/12/19 15:09:04 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF[2012/08/09 01:56:20 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll[2012/08/11 14:17:01 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll[2012/07/12 18:24:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml[2012/07/12 18:24:44 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: http://www.google.com/CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}CHR - homepage: http://www.google.com/CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.91\PepperFlash\pepflashplayer.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dllCHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.91\pdf.dllCHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dllCHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLLCHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dllCHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dllCHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dllCHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dllCHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dllCHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dllCHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dllCHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dllCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dllCHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dllCHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\CHR - Extension: Gmail = C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO1 - Hosts: ::1 localhostO2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)O3 - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)O4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Chicony)O4 - HKLM..\Run: [Easy Dock] File not foundO4 - HKLM..\Run: [eRecoveryService] File not foundO4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Windows\sttray.exe (IDT, Inc.)O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)O4 - HKLM..\Run: [ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\CalCheck.exe (Ulead Systems, Inc.)O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)O4 - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)O4 - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)O4 - HKU\S-1-5-21-3185870392-4161843172-2390803151-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)O4 - Startup: C:\Users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = C:\Users\Christopher\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe ()O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O13 - gopher Prefix: missingO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01136FEC-11DB-4344-825E-BA7EAC1C34C1}: DhcpNameServer = 192.168.2.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D35DFD45-9571-461C-B04C-F113D990CC8A}: DhcpNameServer = 192.168.2.1O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)O24 - Desktop WallPaper: C:\Users\Christopher\Desktop\164(2).JPGO24 - Desktop BackupWallPaper: C:\Users\Christopher\Desktop\164(2).JPGO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O33 - MountPoints2\{0a06b8b9-f4d7-11de-9382-00e0b8e93bef}\Shell - "" = AutoRunO33 - MountPoints2\{0a06b8b9-f4d7-11de-9382-00e0b8e93bef}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -aO33 - MountPoints2\{13c05a23-2966-11df-bdbd-00e0b8e93bef}\Shell - "" = AutoRunO33 - MountPoints2\{13c05a23-2966-11df-bdbd-00e0b8e93bef}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -aO33 - MountPoints2\{24e94a57-f95e-11e1-9204-00e0b8e93bef}\Shell - "" = AutoRunO33 - MountPoints2\{24e94a57-f95e-11e1-9204-00e0b8e93bef}\Shell\AutoRun\command - "" = F:\setup.exe -aO33 - MountPoints2\{95cdd317-bf5c-11de-a592-00e0b8e93bef}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\usbassistant.exeO33 - MountPoints2\{95cdd317-bf5c-11de-a592-00e0b8e93bef}\Shell\open\command - "" = E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\usbassistant.exeO33 - MountPoints2\{d9572b2e-236d-11df-8077-00e0b8e93bef}\Shell\AutoRun\command - "" = E:\MSMSGS.EXEO33 - MountPoints2\{f580654e-014e-11e0-90e5-00e0b8e93bef}\Shell - "" = AutoRunO33 - MountPoints2\{f580654e-014e-11e0-90e5-00e0b8e93bef}\Shell\AutoRun\command - "" = E:\KODAK_Software_Downloader.exeO33 - MountPoints2\{fbcc72b2-c19c-11e1-8d2c-00e0b8e93bef}\Shell - "" = AutoRunO33 - MountPoints2\{fbcc72b2-c19c-11e1-8d2c-00e0b8e93bef}\Shell\AutoRun\command - "" = F:\setup.exe -aO34 - HKLM BootExecute: (autocheck autochk *)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/07/01 23:48:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christopher\Desktop\OTL.com[2013/07/01 23:36:53 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT[2013/07/01 23:36:40 | 000,000,000 | ---D | C] -- C:\JRT[2013/07/01 23:23:54 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Christopher\Desktop\JRT.exe[2013/07/01 15:15:29 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Christopher\Desktop\aswMBR.exe[2013/06/30 20:58:58 | 000,000,000 | ---D | C] -- C:\Program Files\Provocraft[2013/06/30 20:55:28 | 000,000,000 | ---D | C] -- C:\Users\Christopher\AppData\Roaming\com.cricut.Cricut-CraftRoom[2013/06/30 20:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\Cricut-Craft Room ========== Files - Modified Within 30 Days ========== [2013/07/01 23:49:08 | 000,598,588 | ---- | M] () -- C:\Windows\System32\perfh009.dat[2013/07/01 23:49:08 | 000,102,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat[2013/07/01 23:48:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christopher\Desktop\OTL.com[2013/07/01 23:43:31 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2013/07/01 23:43:27 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job[2013/07/01 23:43:18 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml[2013/07/01 23:43:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0[2013/07/01 23:43:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0[2013/07/01 23:43:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2013/07/01 23:43:03 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys[2013/07/01 23:24:49 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Christopher\Desktop\JRT.exe[2013/07/01 23:21:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2013/07/01 23:12:15 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2013/07/01 16:19:39 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\RGames Updater.job[2013/07/01 16:01:35 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/07/01 15:47:34 | 000,000,512 | ---- | M] () -- C:\Users\Christopher\Desktop\MBR.dat[2013/07/01 15:21:43 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk[2013/07/01 15:21:33 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Christopher\Desktop\aswMBR.exe[2013/06/30 20:55:18 | 000,000,844 | ---- | M] () -- C:\Users\Public\Desktop\Cricut-Craft Room.lnk[2013/06/30 20:39:06 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe[2013/06/30 20:39:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2013/07/01 16:01:35 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/07/01 15:47:34 | 000,000,512 | ---- | C] () -- C:\Users\Christopher\Desktop\MBR.dat[2013/06/30 20:55:18 | 000,000,856 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cricut-Craft Room.lnk[2013/06/30 20:55:18 | 000,000,844 | ---- | C] () -- C:\Users\Public\Desktop\Cricut-Craft Room.lnk[2011/04/22 20:37:02 | 000,000,000 | ---- | C] () -- C:\Users\Christopher\AppData\Local\Yjebowelijosifad.bin[2011/04/22 20:37:01 | 000,000,120 | ---- | C] () -- C:\Users\Christopher\AppData\Local\Wcocipejoxiredox.dat[2009/10/22 18:36:44 | 000,020,992 | ---- | C] () -- C:\Users\Christopher\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2009/10/22 18:34:37 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini ========== ZeroAccess Check ========== [2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2010/07/26 11:51:48 | 011,584,512 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both ========== LOP Check ========== [2009/12/30 21:09:42 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\BudgetExpress 3[2010/04/19 13:47:24 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Canon[2013/06/30 20:55:28 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\com.cricut.Cricut-CraftRoom[2011/02/09 17:26:54 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\FrostWire[2010/09/13 15:02:29 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Hoyle FaceCreator[2012/07/12 19:12:08 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Hoyle Puzzle and Board Games[2012/11/29 01:29:41 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\IMVU[2012/11/04 00:43:30 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\IMVUClient[2012/08/11 14:05:26 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\MusicOasis[2011/10/31 21:06:03 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\ooVoo Details[2012/11/03 20:17:19 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\RoboForm[2011/12/19 13:58:42 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Sammsoft[2013/07/01 23:44:39 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\uTorrent[2011/10/29 10:33:46 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\W Photo Studio[2010/07/17 15:51:01 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\W Photo Studio Viewer[2010/07/17 15:48:31 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\Walgreens[2010/08/20 19:04:10 | 000,000,000 | ---D | M] -- C:\Users\Christopher\AppData\Roaming\WeatherBug ========== Purity Check ========== < End of report > Extras.txt OTL Extras logfile created on: 7/1/2013 11:51:02 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christopher\DesktopWindows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18975)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.63% Memory free4.21 Gb Paging File | 3.23 Gb Available in Paging File | 76.64% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 101.79 Gb Total Space | 57.16 Gb Free Space | 56.15% Space Free | Partition Type: NTFS Computer Name: ALLISONPC | User Name: Christopher | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All usersCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation).hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-21-3185870392-4161843172-2390803151-1000\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- C:\Program Files\File Type Helper\FileTypeHelper.exe "%1" (Microsoft)Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0"VistaSp1" = Reg Error: Unknown registry data type -- File not found"VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 1"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"EnableFirewall" = 1"DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{05B8AA24-1A1F-4493-B289-9520F655202D}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 | "{06696D6B-FE7E-4D84-9A34-2228CEE3A676}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 | "{170E644C-A2B3-4197-9CD4-66825187251B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{18D7E47A-0EB3-437F-A829-B9C815915A35}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{22138FD1-FC9F-460B-858D-DA8D1D2CA9CA}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 | "{238C22BC-6B1C-4363-9CB4-05AB65E15287}" = rport=445 | protocol=6 | dir=out | app=system | "{2B2E2F3D-A98A-430C-88D9-57EE7B1E90A6}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 | "{2F4B9519-FC7D-404B-A8F4-AA5B256E84AF}" = rport=139 | protocol=6 | dir=out | app=system | "{2F6729A6-C7FF-412A-A9B5-354C7AFF583E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{30C72D2F-D682-49DE-9B53-E043E4629A88}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3AFDD445-56E7-47AD-9B85-980F6DB6B873}" = rport=137 | protocol=17 | dir=out | app=system | "{3D8A3FF2-BE95-4C2D-A3C5-A56747207357}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4D329ED2-FD35-4298-AAEE-186E8E9A4863}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{78BC0921-4FB9-4946-9FDA-B55FC9725783}" = rport=138 | protocol=17 | dir=out | app=system | "{83447CFC-333E-468D-B2C2-79B3B0ABE855}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{906BCF71-D762-4D75-9E8E-7EEE94846D5F}" = lport=139 | protocol=6 | dir=in | app=system | "{99CF1051-3312-4CBC-8577-187F03F58975}" = lport=138 | protocol=17 | dir=in | app=system | "{B23C3990-E871-47D7-923A-F7A47E8BE0E1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{BD9FDF87-3F73-409F-A1BA-4D9A453EDC76}" = lport=445 | protocol=6 | dir=in | app=system | "{CA284688-3F2D-4E48-A868-3D4A63C29F13}" = lport=137 | protocol=17 | dir=in | app=system | "{D04C6589-006A-404B-AAD1-575AEC2F87E4}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{F6FB9C5B-01BF-45E9-AAA4-0BE4B6BA1B16}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{F77D54ED-C0B6-4DA2-AEE8-B701835164F8}" = lport=2869 | protocol=6 | dir=in | app=system | "{FD826A57-4DBA-41DF-B7DF-7478954398E2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FE6E37CC-E46E-4950-B7B4-F480BECAF117}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 | "{FF4BCBD3-59E2-402B-9358-B0DB34D26D16}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0A16CF3D-18C4-4529-92D5-CA8C5B3F56CD}" = protocol=58 | dir=in | [email protected],-28545 | "{0B0150AE-D223-456B-B405-667B8BD90DEF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{141A4C59-F777-4AF4-A471-548681FF4D61}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{16A76FEA-A909-45AD-9706-1620B40F99FC}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe | "{3737F6C7-2A0F-40DB-8C8A-F7BFBAA267E4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{39C558C2-94A1-4EAC-A4F7-CBF9A09CAE85}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{3BBA2850-F1CB-4876-B233-12B3EA99FCB7}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{42BC205F-0DC4-410A-99D4-49ABFC93E517}" = protocol=1 | dir=out | [email protected],-28544 | "{54D5F87B-1AFD-468B-9DC0-CF7E71D929D7}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe | "{5AB081A2-04A8-4778-8588-FE4914AC6582}" = protocol=1 | dir=in | [email protected],-28543 | "{782E0702-16FF-47CB-BBCE-CF62C19A0533}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | "{7F34E647-04C7-425E-8CFD-3B617C2FE57A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{86C75B14-C5CD-4219-A54A-A1771D30AF3D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{8F05708E-73ED-4EBA-8D43-832B3C8805AC}" = dir=in | app=c:\program files\msn messenger\livecall.exe | "{93720019-60A3-46A4-B333-6FA5BDFD3772}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{9CC71714-6A32-4BD8-B0A2-62B8F54F2CBA}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe | "{9D0F472F-7C13-4B10-8D23-333FF48CABCB}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{A357F0D9-6967-49F0-B63F-8F9B0F2EB0D6}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{AE215C4F-7589-4E67-9A50-5D8ABAEF51B4}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe | "{B8AB99F2-222F-4F4A-9A08-E20DF6865288}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{BAF97DD7-8683-4687-97F4-E12E2EA74ECA}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe | "{BE28A2AB-52B5-4D54-AB77-3D33DCE5F984}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{BE86BE8F-89FD-48B8-B540-8DCD952510C0}" = protocol=58 | dir=out | [email protected],-28546 | "{C328066E-2B40-4A1B-8221-C11BB4FB3F9E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{E6EDBC03-C86E-438A-ADBC-E0BEA28ED3F8}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe | "{F614F23C-F653-4DBE-B7C1-90148789ACE6}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{FA25FF20-33CA-48E0-949F-3FFEF82ED9AD}" = dir=in | app=c:\program files\itunes\itunes.exe | "TCP Query User{1912B191-34C5-468C-AEE3-6CA8E635857E}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{3477BC3E-1E05-4B5D-959B-6A7DB5E23CE9}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{549454E8-3C03-4B5A-AD9B-EDAF19835F21}C:\program files\frostwire 5\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe | "TCP Query User{58571D07-5824-4765-8792-BD1E2B8CD7A3}C:\program files\cricut-craft room\ccrbridge.exe" = protocol=6 | dir=in | app=c:\program files\cricut-craft room\ccrbridge.exe | "TCP Query User{6693F4C3-6D6B-4CBA-810A-9E5DB2B77110}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe | "TCP Query User{B6FA7940-3D79-42CC-B77C-E6742545B491}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | "TCP Query User{D0E3BA64-E9D2-410B-8CB7-90A44214981E}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe | "TCP Query User{F58BD15D-7245-4108-8FBC-F82A17DC2BE5}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | "UDP Query User{0555CB79-B612-4240-8137-24E49D854914}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | "UDP Query User{2A140609-6FFD-4D8F-8F74-C4B906CB2EF2}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{35804B98-29CD-4BE3-B70F-4207A1087CFB}C:\program files\frostwire 5\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe | "UDP Query User{5FC16C7F-BF14-4EEA-A93C-EBCFA1DC3C48}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | "UDP Query User{7F6EE1E9-336F-40CD-B553-0C2B213E3B7F}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe | "UDP Query User{A81A9171-8CFC-4AF1-B2B4-88036DEA9063}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe | "UDP Query User{C0E6D71B-691F-4D13-9D67-F24DAEECF822}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{C81CC194-2D69-4540-B57A-96E2C7AF2491}C:\program files\cricut-craft room\ccrbridge.exe" = protocol=17 | dir=in | app=c:\program files\cricut-craft room\ccrbridge.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{06FE1146-4FF8-45DF-B0D9-CBA8E38C708C}" = REALTEK USB Wireless LAN Driver"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510" = Canon MP510"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5"{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes"{6FB3A94A-CAA8-4A7B-8E1D-CBB34A5E5FB8}" = KODAK Share Button App"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime"{77E912CE-6396-45B8-90C0-DF402B3D7566}" = BudgetExpress 3"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management"{856480C9-2428-15E1-97BC-685EE2A7B8E6}" = MusicOasis"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0"{B618B8E1-FB71-4237-8361-C3EA3EF15EF7}" = SavetheChildren Reminder by We-Care.com v4.1.18.4"{C99E1908-FDFE-8B4D-2E14-E836ECC4D880}" = Cricut Craft Room®"{CBF3C503-946E-45EA-B347-EACC41781989}" = W Photo Studio"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{CF404C21-47EB-4FA5-B920-91746874ED43}" = Ulead Photo Express My Scrapbook 2.0"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skypeâ„¢ 5.3"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5"{F8024EB8-5B34-46FE-B15D-20ACF26FC20E}" = Hoyle Puzzle and Board Games"00BD1CD47675C125126C80095FCC12CFA4D311DB" = Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)"3D970B9F930E7AAE23C06D39A1AC98548C90B442" = Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)"A622B79B943ECA1F0AECF1FF5BE13D458F345EBB" = Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"Adobe Shockwave Player" = Adobe Shockwave Player 11.6"Agere Systems Soft Modem" = Agere Systems HDA Modem"AI RoboForm" = RoboForm 7-8-3-5 (All Users)"avast" = avast! Free Antivirus"CK Creative Clips and Fonts All Occasions Combo" = CK Creative Clips and Fonts All Occasions Combo"com.cricut.Cricut-CraftRoom" = Cricut Craft Room®"Cricut Driver v2.01" = Cricut Driver v2.01"Cricut DesignStudio" = Cricut DesignStudio"ENTERPRISER" = Microsoft Office Enterprise 2007"Fast Free Converter" = Fast Free Converter"Font Commander_is1" = Font Commander 1.1"FrostWire 5" = FrostWire 5.3.8"Google Chrome" = Google Chrome"Graboid Video" = Graboid Video 3.1"HDMI" = Intel® Graphics Media Accelerator Driver"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"Money2007b" = Microsoft Money Essentials"Monopoly Here & Now Edition" = Monopoly Here & Now Edition"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)"Mozilla Sunbird (0.5)" = Mozilla Sunbird (0.5)"MozillaMaintenanceService" = Mozilla Maintenance Service"MusicOasis" = MusicOasis"NSS" = Norton Security Scan"Quicken WillMaker Plus 2008" = Quicken WillMaker Plus 2008"RealPlayer 15.0" = RealPlayer"SynTPDeinstKey" = Synaptics Pointing Device Driver"uTorrent" = µTorrent"VLC media player" = VLC media player 1.0.1"WeddingFonts1.2" = WeddingFonts"WildTangent gateway Master Uninstall" = Gateway Games"Yahoo! Companion" = Yahoo! Toolbar"Yahoo! Messenger" = Yahoo! Messenger"Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3185870392-4161843172-2390803151-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Consumer Input Firefox Extension" = Consumer Input Firefox Extension (remove only)"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software"RivalGaming" = RivalGaming ========== Last 20 Event Log Errors ========== [ OSession Events ]Error - 5/8/2011 3:22:42 PM | Computer Name = AllisonPC | Source = Microsoft Office 12 Sessions | ID = 7001Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ]Error - 7/1/2013 11:43:57 PM | Computer Name = AllisonPC | Source = ACPI | ID = 327693Description = : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. Error - 7/1/2013 11:44:49 PM | Computer Name = AllisonPC | Source = Service Control Manager | ID = 7000Description = Error - 7/1/2013 11:44:49 PM | Computer Name = AllisonPC | Source = Service Control Manager | ID = 7000Description = < End of report >
  3. I'm going to be honest here, I put this in Malware Removal but I honestly have no idea how bad this machine has it but there is definitely something wrong. Avast was completely disabled before I started taking a look at the laptop. Very slow loading for everything (for a 2GHz dual core with 2GB of RAM). Download speeds for files (tested with Wi-Fi only) are abismal and do not get any faster than 50KB/s max. The homepage is set to a search engine at search.conduit.com. Inability to access task manager and other utilities. Running Avast before this yielded 8 infected files in the initial scan and an additional infected file in a boot scan. And avast brings up the blocked URL threat detected window every 5-25 minutes. Adw Cleaner # AdwCleaner v2.303 - Logfile created 07/01/2013 at 15:09:10# Updated 08/06/2013 by Xplode# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)# User : Christopher - ALLISONPC# Boot Mode : Normal# Running from : C:\Users\Christopher\Downloads\adwcleaner.exe# Option [search] ***** [services] ***** Found : DefaultTabUpdate ***** [Files / Folders] ***** File Found : C:\ENDFile Found : C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xmlFile Found : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pwwscfuq.default\extensions\[email protected] Found : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pwwscfuq.default\extensions\[email protected] Found : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pwwscfuq.default\searchplugins\Askcom.xmlFile Found : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pwwscfuq.default\searchplugins\search-here.xmlFile Found : C:\Users\Public\Desktop\PC Optimizer Pro.lnkFile Found : C:\Windows\tasks\PC Optimizer Pro Updates.jobFolder Found : C:\Program Files\Ask.comFolder Found : C:\Program Files\ConduitFolder Found : C:\Program Files\CrawlerFolder Found : C:\Program Files\Free Offers from Freeze.comFolder Found : C:\Program Files\PC Optimizer ProFolder Found : C:\Program Files\uTorrentControl2Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Optimizer ProFolder Found : C:\ProgramData\PC Optimizer ProFolder Found : C:\ProgramData\WeCareReminderFolder Found : C:\Users\CHRIST~1\AppData\Local\Temp\AskSearchFolder Found : C:\Users\CHRIST~1\AppData\Local\Temp\OpenCandyFolder Found : C:\Users\Christopher\AppData\Local\ConduitFolder Found : C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomcFolder Found : C:\Users\Christopher\AppData\Local\OpenCandyFolder Found : C:\Users\Christopher\AppData\LocalLow\AskToolbarFolder Found : C:\Users\Christopher\AppData\LocalLow\ConduitFolder Found : C:\Users\Christopher\AppData\LocalLow\PriceGongFolder Found : C:\Users\Christopher\AppData\LocalLow\uTorrentControl2Folder Found : C:\Users\Christopher\AppData\Roaming\DefaultTabFolder Found : C:\Users\Christopher\AppData\Roaming\OpenCandyFolder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registry] ***** Key Found : HKCU\Software\APNKey Found : HKCU\Software\AppDataLow\Software\AskToolbarKey Found : HKCU\Software\AppDataLow\Software\CompeteIncKey Found : HKCU\Software\AppDataLow\Software\ConduitKey Found : HKCU\Software\AppDataLow\Software\DefaultTabKey Found : HKCU\Software\AppDataLow\Software\PriceGongKey Found : HKCU\Software\AppDataLow\Software\SmartBarKey Found : HKCU\Software\AppDataLow\Software\uTorrentControl2Key Found : HKCU\Software\AppDataLow\ToolbarKey Found : HKCU\Software\Ask.comKey Found : HKCU\Software\ConduitKey Found : HKCU\Software\Default TabKey Found : HKCU\Software\DefaultTabKey Found : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomcKey Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}Key Found : HKCU\Software\pc optimizer proKey Found : HKCU\Software\wecarereminderKey Found : HKCU\Software\YahooPartnerToolbarKey Found : HKCU\Software\ZugoKey Found : HKLM\Software\APNKey Found : HKLM\Software\AskToolbarKey Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}Key Found : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLLKey Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Found : HKLM\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}Key Found : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserKey Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveXKey Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWndKey Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminderKey Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1Key Found : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEFKey Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEFKey Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}Key Found : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}Key Found : HKLM\Software\ConduitKey Found : HKLM\Software\Default TabKey Found : HKLM\Software\Freeze.comKey Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomcKey Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B1B34C2-CB4B-4F8A-B796-3E0F34DB3183}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63622982-B075-4E7B-A1B3-C36FF724CC0F}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask ToolbarKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82EKey Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FAKey Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5EDKey Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CCKey Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EAKey Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0EKey Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDFKey Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65EKey Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEFKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTabKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc optimizer proKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 ToolbarKey Found : HKLM\Software\pc optimizer proKey Found : HKLM\Software\uTorrentControl2Key Found : HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}Key Found : HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}Key Found : HKU\S-1-5-21-3185870392-4161843172-2390803151-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18975 -\\ Mozilla Firefox v14.0.1 (en-US) File : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\pwwscfuq.default\prefs.js Found : user_pref("CT2612669_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...] Found : user_pref("Smartbar.ConduitSearchEngineList", "IMVU Inc Customized Web Search"); Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT2612669");Found : user_pref("browser.search.defaultengine", "Ask.com");Found : user_pref("browser.search.defaultenginename", "Ask.com");Found : user_pref("browser.search.order.1", "Ask.com");Found : user_pref("browser.search.selectedEngine", "IMVU Inc Customized Web Search"); Found : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");Found : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");Found : user_pref("extensions.asktb.abar-war-timeout", "4000");Found : user_pref("extensions.asktb.apn_dbr", "ff_7.0.1");Found : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);Found : user_pref("extensions.asktb.cbid", "FM");Found : user_pref("extensions.asktb.config-updated", true);Found : user_pref("extensions.asktb.crumb", "2012.02.10+08.32.42-toolbar015iad-US-Um9tZSxHQSxVbml0ZWQgU3RhdG[...] Found : user_pref("extensions.asktb.displaybehavior", "");Found : user_pref("extensions.asktb.displaytext", "");Found : user_pref("extensions.asktb.dtid", "TES002U1US");Found : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);Found : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "USGA0488");Found : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "F");Found : user_pref("extensions.asktb.ff-original-keyword-url", "");Found : user_pref("extensions.asktb.first-restart-after-config-update", true);Found : user_pref("extensions.asktb.fresh-install", false);Found : user_pref("extensions.asktb.guid", "0ef5806c-0065-4574-a007-37618c5e7644");Found : user_pref("extensions.asktb.hpr", "YES");Found : user_pref("extensions.asktb.hts-enabled", false);Found : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]Found : user_pref("extensions.asktb.if", "first");Found : user_pref("extensions.asktb.l", "dis");Found : user_pref("extensions.asktb.last-config-req", "1352144706347");Found : user_pref("extensions.asktb.last-search-timestamp", "1345652564716");Found : user_pref("extensions.asktb.locale", "en_US");Found : user_pref("extensions.asktb.location", "Rome,GA,United States");Found : user_pref("extensions.asktb.lstation", "");Found : user_pref("extensions.asktb.new-tab-enabled", true);Found : user_pref("extensions.asktb.news-native-on", true);Found : user_pref("extensions.asktb.o", "14193");Found : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);Found : user_pref("extensions.asktb.pstate", "");Found : user_pref("extensions.asktb.qsrc", "2871");Found : user_pref("extensions.asktb.r", "3");Found : user_pref("extensions.asktb.sa", "YES");Found : user_pref("extensions.asktb.sa-enabled", "false");Found : user_pref("extensions.asktb.saguid", "B3467A86-270E-45DF-8D42-D740F7FA6AAD");Found : user_pref("extensions.asktb.save-searches", false);Found : user_pref("extensions.asktb.search-history-queries", "greg spires||riverbend in chattanooga||google|[...] Found : user_pref("extensions.asktb.search-suggestions-enabled", true);Found : user_pref("extensions.asktb.silent-upgrade", true);Found : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);Found : user_pref("extensions.asktb.socialmini-first", true);Found : user_pref("extensions.asktb.socialmini-interval", "1200000");Found : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");Found : user_pref("extensions.asktb.socialmini-max-items", "30");Found : user_pref("extensions.asktb.socialmini-native-on", true);Found : user_pref("extensions.asktb.socialmini-speed", "10000");Found : user_pref("extensions.asktb.socialmini-transition-first-open", false);Found : user_pref("extensions.asktb.themeid", "");Found : user_pref("extensions.asktb.timeinstalled", "2/10/2012 11:33:50 AM");Found : user_pref("extensions.asktb.to", "");Found : user_pref("extensions.asktb.v", "3.15.4.100013");Found : user_pref("extensions.asktb.version", "5.15.4.23821");Found : user_pref("extensions.asktb.volume", ""); -\\ Google Chrome v23.0.1271.91 File : C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [22992 octets] - [01/07/2013 15:09:10] ########## EOF - C:\AdwCleaner[R1].txt - [23053 octets] ########## aswMBR aswMBR version 0.9.9.1771 Copyright© 2011 AVAST SoftwareRun date: 2013-07-01 15:36:20-----------------------------15:36:20.636 OS Version: Windows 6.0.6002 Service Pack 215:36:20.637 Number of processors: 2 586 0xF0D15:36:20.638 ComputerName: ALLISONPC UserName: 15:36:21.427 Initialize success15:36:22.064 AVAST engine defs: 1212020015:36:30.452 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-015:36:30.455 Disk 0 Vendor: ST912081 3.AA Size: 114473MB BusType: 315:36:30.598 Disk 0 MBR read successfully15:36:30.601 Disk 0 MBR scan15:36:30.604 Disk 0 unknown MBR code15:36:30.614 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 204815:36:30.627 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 104232 MB offset 2097356815:36:30.633 Disk 0 scanning sectors +23444070415:36:30.811 Disk 0 scanning C:\Windows\system32\drivers15:36:38.448 Service scanning15:36:55.667 Modules scanning15:37:01.264 Disk 0 trace - called modules:15:37:01.319 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 15:37:01.325 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85beaac8]15:37:01.330 3 CLASSPNP.SYS[881ac8b3] -> nt!IofCallDriver -> [0x8406a8d0]15:37:01.336 5 acpi.sys[806926bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84078030]15:37:01.828 AVAST engine scan C:\Windows15:37:04.059 AVAST engine scan C:\Windows\system3215:39:07.937 AVAST engine scan C:\Windows\system32\drivers15:39:33.756 AVAST engine scan C:\Users\Christopher15:46:01.089 AVAST engine scan C:\ProgramData15:47:34.474 Disk 0 MBR has been saved successfully to "C:\Users\Christopher\Desktop\MBR.dat"15:47:34.484 The log file has been saved successfully to "C:\Users\Christopher\Desktop\aswMBR.txt" Malwarebytes Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.07.01.08 Windows Vista Service Pack 2 x86 NTFSInternet Explorer 8.0.6001.18975Christopher :: ALLISONPC [administrator] 7/1/2013 4:18:29 PMmbam-log-2013-07-01 (16-18-29).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 212949Time elapsed: 7 minute(s), 30 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 1HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Data: C:\Users\Christopher\AppData\Local\c2c831f9\X -> Quarantined and deleted successfully. Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 2C:\Users\Christopher\AppData\Local\SysWow64\msoft32.exe (Trojan.Agent.EXTX) -> Quarantined and deleted successfully.C:\Users\Christopher\Local Settings\Temporary Internet Files\Content.IE5\C3X9XGWE\nuokIN[1] (Trojan.Agent.EXTX) -> Quarantined and deleted successfully. (end)