Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow computer


  • Please log in to reply

#1
Ksunshine

Ksunshine

    New Member

  • Member
  • Pip
  • 7 posts
Hi, I recently downloaded some music and my computer has started to become very slow. My weather desktop icon takes forever to load with the current temperature, when it use to pop right up. My internet browser takes forever to pop up after clicking it. Also, I've been seeing the spinning (busy) icon a lot because things are not responding like mozilla. Thank you, Please help! I followed the instructions and used the OTL and the following is the report that was given:

OTL logfile created on: 8/14/2012 5:46:33 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Owner\Favorites\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 23.80% Memory free
8.21 Gb Paging File | 5.00 Gb Available in Paging File | 60.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 289.58 Gb Total Space | 92.52 Gb Free Space | 31.95% Space Free | Partition Type: NTFS
Drive D: | 291.59 Gb Total Space | 291.49 Gb Free Space | 99.97% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Favorites\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe (The Weather Channel)
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe (GFI Software)
PRC - C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe (GFI Software)
PRC - C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe (GFI Software)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Windows\SysWOW64\atashost.exe (WebEx Communications, Inc.)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)


========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\e899cda47704280f54949c69b78c55cc\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll ()
MOD - C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\cfece6f67593b4d8bb58d23b7fdcc470\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\c477bbff1e4662263255a1bf17bd9c2a\System.Windows.Input.Manipulations.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\05787d96761cf20b76b927ace10ef1d3\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\94b346f2ab12d38efb1331ded5783396\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\79ac99fe5274fb82ffcff2c15f71854c\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\bb97517e4ca64e02282fca24612ce8ad\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\4837a5c6204d53e7aa4f7dd94b98207c\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (SBAMSvc) -- C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe (GFI Software)
SRV - (SBPIMSvc) -- C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe (GFI Software)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (atashost) -- C:\Windows\SysWOW64\atashost.exe (WebEx Communications, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Partner Service) -- C:\ProgramData\Partner\partner.exe (Google Inc.)
SRV - (eDataSecurity Service) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)


========== Driver Services (SafeList) ==========

DRV:64bit: - (RapportKE64) -- C:\Windows\SysNative\Drivers\RapportKE64.sys (Trusteer Ltd.)
DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\SBREdrv.sys (GFI Software)
DRV:64bit: - (SbFw) -- C:\Windows\SysNative\drivers\SbFw.sys (GFI Software)
DRV:64bit: - (sbwtis) -- C:\Windows\SysNative\DRIVERS\sbwtis.sys (GFI Software)
DRV:64bit: - (sbhips) -- C:\Windows\SysNative\drivers\sbhips.sys (GFI Software)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (sbapifs) -- C:\Windows\SysNative\DRIVERS\sbapifs.sys (GFI Software)
DRV:64bit: - (SBFWIMCLMP) -- C:\Windows\SysNative\DRIVERS\SBFWIM.sys (GFI Software)
DRV:64bit: - (SBFWIMCL) -- C:\Windows\SysNative\DRIVERS\sbfwim.sys (GFI Software)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\DRIVERS\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\Drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (LSI Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (psdvdisk) -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys (Egis Incorporated)
DRV:64bit: - (PSDNServ) -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys (Egis Incorporated)
DRV:64bit: - (PSDFilter) -- C:\Windows\SysNative\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (RapportCerberus_42020) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys ()
DRV - (RapportEI64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (Trusteer Ltd.)
DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (Trusteer Ltd.)
DRV - (SBRE) -- C:\Windows\SysWOW64\drivers\SBREDrv.sys (GFI Software)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...&m=aspire_x1700
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.foxtab...tC&cr=259155398
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {36668FFD-7809-43FB-A609-999C5A7AB5FE}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{36668FFD-7809-43FB-A609-999C5A7AB5FE}: "URL" = http://search.foxtab...tC&cr=259155398
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://supertoolbar....s}&locale=en_US
IE - HKCU\..\SearchScopes\{36668FFD-7809-43FB-A609-999C5A7AB5FE}: "URL" = http://search.foxtab...tC&cr=259155398
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...&rlz=1I7ACAW_en
IE - HKCU\..\SearchScopes\{F06A6441-27EE-42C8-A2F0-D52DFCC312DB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{F8DAD3E4-A2EC-47E4-9805-9D9693B24F50}: "URL" = http://search.condui...&ctid=CT3072253
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}:1.0.3.93
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/06/01 22:37:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/09 17:27:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/09 17:12:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{57E72829-C158-4341-BBED-58F0AD1740FD}: C:\Program Files (x86)\Google\Google Photos Screensaver\FF_ext [2009/03/27 12:46:39 | 000,000,000 | ---D | M]

[2010/03/23 17:09:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2010/03/23 17:09:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/08/13 15:08:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\extensions
[2012/05/11 21:21:51 | 000,000,000 | ---D | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2010/06/24 10:23:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(611)
[2009/12/29 19:02:30 | 000,000,000 | ---D | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}
[2012/05/21 14:40:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/08/06 10:55:00 | 000,000,000 | ---D | M] (uTorrentControl2) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/07/09 15:45:12 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}(40)
[2012/06/28 16:44:51 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/06/24 10:23:39 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\extensions\[email protected](610).beard
[2011/06/16 18:04:41 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\extensions\[email protected]
[2012/08/06 11:38:05 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\extensions\[email protected]
[2009/10/16 20:04:39 | 000,002,186 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\searchplugins\bing.xml
[2012/04/18 00:39:24 | 000,000,935 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\searchplugins\conduit.xml
[2011/08/11 15:45:44 | 000,005,423 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\searchplugins\Foxtab Web Search.xml
[2012/07/09 17:27:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/15 14:42:00 | 000,330,316 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TZX8T27D.DEFAULT\EXTENSIONS\[email protected]
[2011/06/01 20:20:36 | 000,310,942 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TZX8T27D.DEFAULT\EXTENSIONS\[email protected]
[2012/06/14 17:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/12/23 23:02:06 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
[2012/06/14 17:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 17:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://search.condui...SearchSource=48
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://search.condui...SearchSource=48
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.77\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.77\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.77\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U18 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
CHR - plugin: Pando Web Installer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50524.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Ask Toolbar = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaandgknhidclennijgnchhaiefkmch\7.15.4.24146_0\
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AT_AgathaRuizdelaPrada = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nccdaldnlpmblnjpbboadeocpnclfcbm\2\
CHR - Extension: uTorrentControl2 = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/13 15:11:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ArcSoft MediaImpression Monitor] C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe (ArcSoft, Inc.)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe (GFI Software)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DW7] C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe (The Weather Channel)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{837B3148-6FB2-41B5-B954-E8C54E2A8FF4}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C163FDE0-3634-4EAC-8584-85130DD122FA}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/xhtml+xml - No CLSID value found
O18:64bit: - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/xhtml+xml; charset=utf-8 - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml; charset=iso-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml; charset=utf-8 - No CLSID value found
O18 - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img10.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img10.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/13 17:07:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/13 15:22:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2012/08/06 19:45:50 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012/08/06 19:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GFI Software
[2012/08/06 19:45:10 | 000,061,184 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys
[2012/08/06 19:44:34 | 000,119,416 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SbFwIm.sys
[2012/08/06 19:44:33 | 000,258,304 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SbFw.sys
[2012/08/06 19:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2012/08/06 19:43:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GFI Software
[2012/08/06 19:43:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\GFI Software
[2012/08/06 11:29:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012/08/06 11:04:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2012/08/06 11:03:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2012/08/06 10:53:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Vid-Saver
[2012/08/06 10:52:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vid-Saver
[2012/08/06 10:52:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrentControl2
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/14 18:06:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-297246481-326183896-2051262528-1000UA.job
[2012/08/14 17:50:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/14 17:34:10 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/14 17:34:07 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/08/14 17:34:03 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-297246481-326183896-2051262528-1000Core.job
[2012/08/14 17:33:44 | 000,119,513 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/08/14 17:33:40 | 000,119,513 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/08/14 17:33:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/14 08:04:33 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/14 08:04:33 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/13 20:04:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2012/08/13 20:04:43 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/13 20:04:25 | 000,375,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/13 15:11:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/11 14:58:00 | 000,777,604 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/11 14:58:00 | 000,655,726 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/11 14:58:00 | 000,124,312 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/09 21:06:35 | 000,329,893 | ---- | M] () -- C:\Users\Owner\Documents\collegebook renter.xps
[2012/08/06 19:47:27 | 000,001,942 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\VIPRE Internet Security.lnk
[2012/08/06 11:04:50 | 000,000,810 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/07/31 14:49:50 | 000,000,976 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/29 20:52:38 | 000,101,688 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/09 21:06:32 | 000,329,893 | ---- | C] () -- C:\Users\Owner\Documents\collegebook renter.xps
[2012/08/06 19:47:27 | 000,001,942 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\VIPRE Internet Security.lnk
[2012/08/06 11:04:50 | 000,000,810 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/07/31 14:49:50 | 000,000,976 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/05/03 20:43:50 | 000,711,240 | ---- | C] () -- C:\Windows\is-6554D.exe
[2011/08/10 16:03:03 | 000,001,500 | ---- | C] () -- C:\Windows\wininit.ini
[2011/06/01 19:00:59 | 000,792,388 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/25 23:49:57 | 000,000,346 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2010/05/26 12:35:31 | 000,119,513 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/05/26 12:35:21 | 000,119,513 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/05/26 12:13:46 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/05/26 11:54:36 | 000,000,732 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2010/03/15 17:32:24 | 000,019,850 | ---- | C] () -- C:\Users\Owner\AppData\Local\slot1.mm1
[2010/02/24 11:34:22 | 000,000,036 | ---- | C] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache
[2009/12/03 21:07:57 | 000,024,088 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2009/03/26 19:58:32 | 000,014,848 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2009/06/03 15:38:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ace
[2009/02/05 16:48:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Acer
[2009/03/13 21:10:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Acer GameZone Console
[2012/01/29 18:02:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ArcVP
[2009/10/27 19:29:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Big Fish Games
[2009/04/23 18:02:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/06 14:49:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\EPSON
[2009/03/29 11:56:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\eSobi
[2010/09/06 09:30:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Fighters
[2009/10/27 17:28:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FloodLightGames
[2009/11/14 12:20:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Gaijin Ent
[2010/03/16 16:54:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Gamelab
[2012/08/06 19:43:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GFI Software
[2010/03/16 17:15:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2010/03/09 17:49:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Gogii Games
[2010/03/15 16:36:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\iWin
[2009/02/05 16:48:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2010/01/23 09:45:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\McGraw-HillLicensing
[2010/04/05 14:04:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ML
[2010/03/18 13:59:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Oberon Games
[2012/08/06 11:25:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OnlineArmor
[2009/08/30 10:42:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2010/06/04 07:50:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Opera
[2009/12/03 21:07:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PeerNetworking
[2010/03/17 20:48:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PlayFirst
[2010/01/23 09:45:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ProtectDisc
[2012/08/13 17:53:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\QuickScan
[2011/06/01 16:28:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Samsung
[2010/03/09 17:27:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Super-Cow
[2010/10/25 23:49:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2010/03/23 17:09:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Thunderbird
[2010/04/30 09:03:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Trusteer
[2010/04/26 17:34:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Unity
[2012/08/14 18:17:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2010/05/31 17:52:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
[2012/08/13 20:03:25 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:3F9A3DFF
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:EBFD4E6F
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:250A84D5
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:EB3AF287
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:FF23EFF2
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:D29B16C5
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:3C6E4889
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:40464012
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:07A0D262
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:38337420
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:F3E112E0
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:C4B264B5
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B8F8512D
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:172B8774
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:09A43FB1
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5C462DAE
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:DA23AD9A
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:6DA18708
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4BFE8B22
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4A74A9A7
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4290D685
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9BAFBDA0
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:30E8F700
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:FE29FBBF
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:FC420CE6
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:FE53E4F7
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:86B23CB4
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:17927369
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:773DA865
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:2B99FE60

< End of report >

OTL Extras logfile created on: 8/14/2012 5:46:33 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Owner\Favorites\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 23.80% Memory free
8.21 Gb Paging File | 5.00 Gb Available in Paging File | 60.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 289.58 Gb Total Space | 92.52 Gb Free Space | 31.95% Space Free | Partition Type: NTFS
Drive D: | 291.59 Gb Total Space | 291.49 Gb Free Space | 99.97% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 7B 45 A1 3F 99 39 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1AE82C5C-E944-45B5-89C5-5647AAB1A81E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C7BD6B9C-6838-4BDA-9683-F2542F6C5D82}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DFD618CB-585D-497F-998B-F0B0076EED7E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F3EE7A27-1046-4DA0-8A7F-59AE177E68FA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01781356-2522-4A77-BE29-D1AE57193501}" = protocol=17 | dir=in | app=c:\users\owner\combat arms\nmservice.exe |
"{04A52BED-B898-4E2B-AF13-D1E84FDC4B1B}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{0F95DA41-7BF5-43AD-A581-3B8F967334DE}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{1668E2CF-BBE3-4A2A-922B-9268236D8434}" = dir=in | app=c:\program files (x86)\acer arcade live\acer videomagician\acer videomagician.exe |
"{1DA4DF50-7A05-409D-BA6B-03E28E26184D}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{1DB88665-1E18-41BB-BEFC-3CA0B187D0D0}" = protocol=58 | dir=out | [email protected],-203 |
"{1F890090-52D8-4D2E-870A-E2F0B1EEDA82}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2FDC4712-0070-4C45-B27B-7328262E6169}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{31DC956A-5FBB-454C-A648-7458A7E99237}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{380305B0-7B23-418B-9D7E-D1ABF426CE83}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4F05FA66-0FAF-444B-A077-49822DAC8322}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{5049B2FE-261E-42E6-90FE-6D9358A31028}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{5A516DC0-C83C-4F92-91EF-4A21F674CACD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{60A5F4A5-5D3F-44FB-B485-541C3A893C51}" = dir=in | app=c:\program files (x86)\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{6FADE3B4-DBF8-4F3D-91DD-F7A32A087BA6}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dv magician\acer dv magician.exe |
"{743D8FE1-0953-4A9A-BF80-26A5E88361EA}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{74B0972F-DE31-4AE5-B29F-86B9F046E147}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{75C296CF-0AD4-47E8-A008-5F82604D1AD7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{7643B6C0-1B9E-482D-93BE-F0547AC92F6A}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{7F05F8C9-C59E-4115-917C-28660801B211}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{8B2D6748-9520-4FDC-A824-E2187F290785}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{8CB91948-6C3F-40BA-8BC6-A3DAAA3394F1}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{94B00D51-AAFF-484A-A6EA-AC69F9376F8B}" = dir=in | app=c:\program files (x86)\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{951E6639-C9F5-4DCC-AF59-7FB313285A95}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{9E2EF6CA-A204-42E0-BA8A-8D1D773BAECD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A092596C-49C7-43A9-BB8D-91927551E4EC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A3EE557F-F25E-48D4-816F-DCC98A31A546}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{A8B00F72-40AF-489A-8012-676A1406B88F}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{AA79948C-41E7-4988-BEB4-A42F697DB896}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{AB77AFF3-2463-4364-B83B-FC34CC1F67C8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{ADB4489C-DCFF-47CE-9F39-90954D6A188D}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{B210854B-3AAD-4C22-B6CE-60036938A56F}" = protocol=6 | dir=in | app=c:\users\owner\combat arms\nmservice.exe |
"{C5DDF33C-217B-4EB2-8BE3-90BEA6FF2BAB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CE03CC5B-9061-4C40-AF7E-7468034587F7}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{D354E72A-C412-4C0A-927A-98DE05EE8DDB}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{D4288692-7C3D-4D23-BBF5-39FD6A28DE8E}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{D6ECAA16-3D32-4E90-874B-A687F0686A54}" = protocol=58 | dir=in | app=system |
"{EAE9D013-EC6C-4D68-A944-321CEE09B288}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{F042D123-C7C6-4813-9034-DBCA5F2EA3EB}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia\acer homemedia.exe |
"{F38D0A6F-F457-4AF5-B0A8-01F32F118FD2}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{F55BEE00-276C-4F9F-B76C-6504B7B3C514}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F74F06A6-4D22-48BE-AEEC-B4E7562BA324}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{FAADB008-A78E-402C-8129-3F129A23DE75}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{92BAB116-9814-4753-AC94-086EBCE09A31}C:\users\owner\combat arms\engine.exe" = protocol=6 | dir=in | app=c:\users\owner\combat arms\engine.exe |
"TCP Query User{A250454E-317B-4619-AEA0-DE4746AB756D}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{B9E3DB6D-18A6-491A-B254-7B86A60AA1B3}C:\users\owner\appdata\local\temp\pyld54a.tmp\pyrun.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\pyld54a.tmp\pyrun.exe |
"TCP Query User{DF64359C-1B85-4E39-B481-0A063C5E0057}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{EF440ABB-07AB-462E-83D3-131D60292B8F}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{F23A828E-0857-4D76-8FA4-C4C27DCDE45E}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{09E7766F-497B-4D6D-BF83-62F82EE0EAB2}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{21BBC452-CCF8-428E-9DF3-65113B12EA42}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{792A2B2C-A119-49F7-ABAF-9600217EBC60}C:\users\owner\combat arms\engine.exe" = protocol=17 | dir=in | app=c:\users\owner\combat arms\engine.exe |
"UDP Query User{798A0967-AA4B-47D7-8291-3CFBD34CE9AA}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{DBEFAAB2-C2E1-4BF5-9E43-EC2ABF77C1A1}C:\users\owner\appdata\local\temp\pyld54a.tmp\pyrun.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\pyld54a.tmp\pyrun.exe |
"UDP Query User{F17F6CEA-4046-4036-B065-23124FF6177F}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{19639A51-FCC5-40BA-9F07-D8292A07249B}" = VirtualCom driver
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro AntiVirus
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro AntiVirus
"{AF5020D9-116A-46AC-A922-087592F37EC9}" = MobileMe Control Panel
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8B2C435-8737-431E-8784-24CD13B0B821}" = PE585QAEncoder-64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem
"EPSON NX100 Series" = EPSON NX100 Series Printer Uninstall
"LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C62B23-9336-4AF2-8DD4-BBDBE599DD76}" = Google Photos Screensaver
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{24176A21-AFC8-3DCC-A2BB-901734AA64B9}" = Google Talk Plugin
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EAEB0A6-582A-490B-B075-D837677365C2}" = 2WIREUSBWLANInstaller
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83BF64AF-208C-4D29-AD00-971A8FFC59F8}" = VIPRE Internet Security
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B9B02A9E-8074-4C3F-AAE5-311528F34FED}" = NTI Photo Maker Hot Fix
"{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}" = OpenOffice.org 3.2
"{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" = VIPRE Internet Security
"{C3FAEA0F-82B6-45E2-9A3D-4E49BE6C9451}" = MSN Toolbar Platform
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6E52B1B-9905-469A-B8CD-399FDFA98873}" = MIT MathML Fonts 1.0
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C8E95BF5-C07F-4D98-BB42-F58FC98BC03E}" = Google Apps
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6D9C5C7-88DF-486C-9BFC-DF8C4D5D1FAF}" = ArcSoft MediaImpression for Kodak
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DDA223A7-627F-4173-9CA4-A9C531BCBB62}" = NTI JewelCase Maker Hot Fix
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 4.65
"Acer Assist" = Acer Assist
"Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1
"Acer Registration" = Acer Registration
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combat Arms" = Combat Arms
"Disney Toontown Online" = Disney Toontown Online
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{B9B02A9E-8074-4C3F-AAE5-311528F34FED}" = NTI Photo Maker Hot Fix
"InstallShield_{DDA223A7-627F-4173-9CA4-A9C531BCBB62}" = NTI JewelCase Maker Hot Fix
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Rapport_msi" = Rapport
"RealPlayer 15.0" = RealPlayer
"SnapNShare" = Snap 'n Share Pro
"SpywareBlaster_is1" = SpywareBlaster 4.6
"The Weather Channel App" = The Weather Channel App
"uTorrent" = µTorrent
"uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar
"Video Express_is1" = VideoExpress1.0
"Vid-Saver" = Vid-Saver
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"ActiveTouchMeetingClient" = WebEx
"SOE-DC Universe Online Live" = DC Universe Online Live
"SOE-Free Realms" = Free Realms
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/14/2011 10:18:33 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6287

Error - 2/15/2011 7:04:58 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\real\realplayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/15/2011 9:33:50 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/15/2011 9:33:50 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1139

Error - 2/15/2011 9:33:50 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1139

Error - 2/15/2011 6:51:07 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 2/15/2011 6:51:07 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 2/15/2011 6:51:16 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 2/15/2011 6:51:36 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/16/2011 12:56:42 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ OSession Events ]
Error - 4/13/2011 1:21:21 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/2/2011 3:17:18 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/14/2011 7:30:06 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/14/2011 7:30:28 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/5/2011 8:32:43 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/26/2011 5:29:23 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/6/2011 11:36:45 AM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/25/2011 8:31:55 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/5/2011 7:16:46 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 5 seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/9/2011 8:15:32 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/7/2009 7:02:52 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10000
Description =

Error - 6/8/2009 11:22:52 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10000
Description =

Error - 6/8/2009 8:10:53 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10000
Description =

Error - 6/9/2009 10:04:28 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10000
Description =

Error - 6/10/2009 1:04:07 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10000
Description =

Error - 6/10/2009 11:28:50 AM | Computer Name = Owner-PC | Source = HTTP | ID = 15016
Description =

Error - 6/10/2009 1:07:35 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10005
Description =

Error - 6/10/2009 1:07:35 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 6/10/2009 1:07:35 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/10/2009 6:09:30 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10000
Description =


< End of report >
  • 0

Advertisements


#2
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#3
Ksunshine

Ksunshine

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here is the requested data.
Thank you so much!
OTL logfile created on: 8/19/2012 1:59:35 PM - Run 2
OTL by OldTimer - Version 3.2.58.0 Folder = C:\Users\Owner\Favorites\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 32.06% Memory free
8.20 Gb Paging File | 5.44 Gb Available in Paging File | 66.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 289.58 Gb Total Space | 96.08 Gb Free Space | 33.18% Space Free | Partition Type: NTFS
Drive D: | 291.59 Gb Total Space | 291.49 Gb Free Space | 99.97% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Favorites\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe (Adobe Systems, Inc.)
PRC - C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe (The Weather Channel)
PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe (GFI Software)
PRC - C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe (GFI Software)
PRC - C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe (GFI Software)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Windows\SysWOW64\atashost.exe (WebEx Communications, Inc.)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)


========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\e899cda47704280f54949c69b78c55cc\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll ()
MOD - C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\cfece6f67593b4d8bb58d23b7fdcc470\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\c477bbff1e4662263255a1bf17bd9c2a\System.Windows.Input.Manipulations.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\05787d96761cf20b76b927ace10ef1d3\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\94b346f2ab12d38efb1331ded5783396\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\79ac99fe5274fb82ffcff2c15f71854c\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\bb97517e4ca64e02282fca24612ce8ad\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\4837a5c6204d53e7aa4f7dd94b98207c\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SBAMSvc) -- C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe (GFI Software)
SRV - (SBPIMSvc) -- C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe (GFI Software)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (atashost) -- C:\Windows\SysWOW64\atashost.exe (WebEx Communications, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Partner Service) -- C:\ProgramData\Partner\partner.exe (Google Inc.)
SRV - (eDataSecurity Service) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)


========== Driver Services (SafeList) ==========

DRV:64bit: - (RapportKE64) -- C:\Windows\SysNative\Drivers\RapportKE64.sys (Trusteer Ltd.)
DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\SBREdrv.sys (GFI Software)
DRV:64bit: - (SbFw) -- C:\Windows\SysNative\drivers\SbFw.sys (GFI Software)
DRV:64bit: - (sbwtis) -- C:\Windows\SysNative\DRIVERS\sbwtis.sys (GFI Software)
DRV:64bit: - (sbhips) -- C:\Windows\SysNative\drivers\sbhips.sys (GFI Software)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (sbapifs) -- C:\Windows\SysNative\DRIVERS\sbapifs.sys (GFI Software)
DRV:64bit: - (SBFWIMCLMP) -- C:\Windows\SysNative\DRIVERS\SBFWIM.sys (GFI Software)
DRV:64bit: - (SBFWIMCL) -- C:\Windows\SysNative\DRIVERS\sbfwim.sys (GFI Software)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\DRIVERS\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\Drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (LSI Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (psdvdisk) -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys (Egis Incorporated)
DRV:64bit: - (PSDNServ) -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys (Egis Incorporated)
DRV:64bit: - (PSDFilter) -- C:\Windows\SysNative\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (RapportCerberus_42020) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys ()
DRV - (RapportEI64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (Trusteer Ltd.)
DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (Trusteer Ltd.)
DRV - (SBRE) -- C:\Windows\SysWOW64\drivers\SBREDrv.sys (GFI Software)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...&m=aspire_x1700
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.foxtab...tC&cr=259155398
IE - HKLM\..\SearchScopes,DefaultScope = {36668FFD-7809-43FB-A609-999C5A7AB5FE}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{36668FFD-7809-43FB-A609-999C5A7AB5FE}: "URL" = http://search.foxtab...tC&cr=259155398
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://supertoolbar....s}&locale=en_US
IE - HKCU\..\SearchScopes\{36668FFD-7809-43FB-A609-999C5A7AB5FE}: "URL" = http://search.foxtab...tC&cr=259155398
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...&rlz=1I7ACAW_en
IE - HKCU\..\SearchScopes\{F06A6441-27EE-42C8-A2F0-D52DFCC312DB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{F8DAD3E4-A2EC-47E4-9805-9D9693B24F50}: "URL" = http://search.condui...&ctid=CT3072253
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}:1.0.3.93
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/06/01 22:37:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/09 17:27:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/16 17:57:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{57E72829-C158-4341-BBED-58F0AD1740FD}: C:\Program Files (x86)\Google\Google Photos Screensaver\FF_ext [2009/03/27 12:46:39 | 000,000,000 | ---D | M]

[2010/03/23 17:09:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2010/03/23 17:09:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/08/13 15:08:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\extensions
[2012/05/11 21:21:51 | 000,000,000 | ---D | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2010/06/24 10:23:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(611)
[2009/12/29 19:02:30 | 000,000,000 | ---D | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}
[2012/05/21 14:40:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/08/06 10:55:00 | 000,000,000 | ---D | M] (uTorrentControl2) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/07/09 15:45:12 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}(40)
[2012/06/28 16:44:51 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/06/24 10:23:39 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\extensions\[email protected](610).beard
[2011/06/16 18:04:41 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\extensions\[email protected]
[2012/08/06 11:38:05 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\extensions\[email protected]
[2009/10/16 20:04:39 | 000,002,186 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\searchplugins\bing.xml
[2012/04/18 00:39:24 | 000,000,935 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\searchplugins\conduit.xml
[2011/08/11 15:45:44 | 000,005,423 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\searchplugins\Foxtab Web Search.xml
[2012/07/09 17:27:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/15 14:42:00 | 000,330,316 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TZX8T27D.DEFAULT\EXTENSIONS\[email protected]
[2011/06/01 20:20:36 | 000,310,942 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TZX8T27D.DEFAULT\EXTENSIONS\[email protected]
[2012/06/14 17:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/12/23 23:02:06 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
[2012/06/14 17:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 17:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://search.condui...SearchSource=48
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://search.condui...SearchSource=48
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.77\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.77\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.77\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U18 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
CHR - plugin: Pando Web Installer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50524.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Ask Toolbar = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaandgknhidclennijgnchhaiefkmch\7.15.4.24146_0\
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AT_AgathaRuizdelaPrada = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nccdaldnlpmblnjpbboadeocpnclfcbm\2\
CHR - Extension: uTorrentControl2 = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/13 15:11:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ArcSoft MediaImpression Monitor] C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe (ArcSoft, Inc.)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe (GFI Software)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DW7] C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe (The Weather Channel)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{837B3148-6FB2-41B5-B954-E8C54E2A8FF4}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C163FDE0-3634-4EAC-8584-85130DD122FA}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/xhtml+xml - No CLSID value found
O18:64bit: - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/xhtml+xml; charset=utf-8 - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml; charset=iso-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml; charset=utf-8 - No CLSID value found
O18 - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img10.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img10.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/16 17:56:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/13 17:07:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/13 15:22:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2012/08/06 19:45:50 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012/08/06 19:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GFI Software
[2012/08/06 19:45:10 | 000,061,184 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys
[2012/08/06 19:44:34 | 000,119,416 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SbFwIm.sys
[2012/08/06 19:44:33 | 000,258,304 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SbFw.sys
[2012/08/06 19:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2012/08/06 19:43:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GFI Software
[2012/08/06 19:43:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\GFI Software
[2012/08/06 11:29:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012/08/06 10:53:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Vid-Saver
[2012/08/06 10:52:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vid-Saver
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/19 14:06:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-297246481-326183896-2051262528-1000UA.job
[2012/08/19 13:50:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/19 13:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/19 13:12:30 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/08/19 13:12:26 | 000,119,513 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/08/19 13:12:21 | 000,119,513 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/08/19 13:12:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/19 07:00:04 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/19 07:00:04 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/19 05:09:24 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-297246481-326183896-2051262528-1000Core.job
[2012/08/19 05:00:43 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/17 22:03:02 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Owner.job
[2012/08/16 22:02:46 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Owner.job
[2012/08/16 22:02:07 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Owner.job
[2012/08/16 18:17:33 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2012/08/16 17:52:41 | 000,001,738 | ---- | M] () -- C:\Windows\SysWow64\EmailAVConfig.xml
[2012/08/15 22:09:23 | 000,001,190 | ---- | M] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012/08/14 19:26:03 | 000,375,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/13 15:11:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/11 14:58:00 | 000,777,604 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/11 14:58:00 | 000,655,726 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/11 14:58:00 | 000,124,312 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/09 21:06:35 | 000,329,893 | ---- | M] () -- C:\Users\Owner\Documents\collegebook renter.xps
[2012/08/06 19:47:27 | 000,001,942 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\VIPRE Internet Security.lnk
[2012/07/31 14:49:50 | 000,000,976 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/29 20:52:38 | 000,101,688 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/16 22:02:06 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Owner.job
[2012/08/16 17:52:41 | 000,001,738 | ---- | C] () -- C:\Windows\SysWow64\EmailAVConfig.xml
[2012/08/15 22:09:23 | 000,001,190 | ---- | C] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012/08/15 22:01:44 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Owner.job
[2012/08/15 22:01:43 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Owner.job
[2012/08/09 21:06:32 | 000,329,893 | ---- | C] () -- C:\Users\Owner\Documents\collegebook renter.xps
[2012/08/06 19:47:27 | 000,001,942 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\VIPRE Internet Security.lnk
[2012/07/31 14:49:50 | 000,000,976 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/05/03 20:43:50 | 000,711,240 | ---- | C] () -- C:\Windows\is-6554D.exe
[2011/08/10 16:03:03 | 000,001,500 | ---- | C] () -- C:\Windows\wininit.ini
[2011/06/01 19:00:59 | 000,792,388 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/25 23:49:57 | 000,000,346 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2010/05/26 12:35:31 | 000,119,513 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/05/26 12:35:21 | 000,119,513 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/05/26 12:13:46 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/05/26 11:54:36 | 000,000,732 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2010/03/15 17:32:24 | 000,019,850 | ---- | C] () -- C:\Users\Owner\AppData\Local\slot1.mm1
[2010/02/24 11:34:22 | 000,000,036 | ---- | C] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache
[2009/12/03 21:07:57 | 000,024,088 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2009/03/26 19:58:32 | 000,014,848 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2009/06/03 15:38:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ace
[2009/02/05 16:48:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Acer
[2009/03/13 21:10:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Acer GameZone Console
[2012/01/29 18:02:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ArcVP
[2009/10/27 19:29:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Big Fish Games
[2009/04/23 18:02:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/06 14:49:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\EPSON
[2009/03/29 11:56:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\eSobi
[2010/09/06 09:30:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Fighters
[2009/10/27 17:28:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FloodLightGames
[2009/11/14 12:20:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Gaijin Ent
[2010/03/16 16:54:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Gamelab
[2012/08/06 19:43:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GFI Software
[2010/03/16 17:15:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2010/03/09 17:49:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Gogii Games
[2010/03/15 16:36:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\iWin
[2009/02/05 16:48:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2010/01/23 09:45:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\McGraw-HillLicensing
[2010/04/05 14:04:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ML
[2010/03/18 13:59:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Oberon Games
[2012/08/06 11:25:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OnlineArmor
[2009/08/30 10:42:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2010/06/04 07:50:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Opera
[2009/12/03 21:07:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PeerNetworking
[2010/03/17 20:48:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PlayFirst
[2010/01/23 09:45:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ProtectDisc
[2012/08/17 16:03:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\QuickScan
[2011/06/01 16:28:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Samsung
[2010/03/09 17:27:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Super-Cow
[2010/10/25 23:49:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2010/03/23 17:09:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Thunderbird
[2010/04/30 09:03:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Trusteer
[2010/04/26 17:34:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Unity
[2010/05/31 17:52:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
[2012/08/16 22:02:46 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\ReclaimerUpdateFiles_Owner.job
[2012/08/17 22:03:02 | 000,000,366 | ---- | M] () -- C:\Windows\Tasks\ReclaimerUpdateXML_Owner.job
[2012/08/16 22:02:07 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Owner.job
[2012/08/16 18:16:15 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:3F9A3DFF
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:EBFD4E6F
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:250A84D5
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:EB3AF287
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:FF23EFF2
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:D29B16C5
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:3C6E4889
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:40464012
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:07A0D262
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:38337420
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:F3E112E0
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:C4B264B5
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B8F8512D
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:172B8774
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:09A43FB1
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5C462DAE
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:DA23AD9A
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:6DA18708
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4BFE8B22
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4A74A9A7
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4290D685
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9BAFBDA0
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:30E8F700
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:FE29FBBF
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:FC420CE6
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:FE53E4F7
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:86B23CB4
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:17927369
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:773DA865
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:2B99FE60

< End of report >
  • 0

#4
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
    IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://supertoolbar....s}&locale=en_US
    IE - HKCU\..\SearchScopes\{F8DAD3E4-A2EC-47E4-9805-9D9693B24F50}: "URL" = http://search.condui...&ctid=CT3072253
    FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}"
    FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
    [2012/08/06 10:55:00 | 000,000,000 | ---D | M] (uTorrentControl2) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    [2012/07/09 15:45:12 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}(40)
    [2011/06/16 18:04:41 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\extensions\[email protected]
    [2012/08/06 11:38:05 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\extensions\[email protected]
    [2012/04/18 00:39:24 | 000,000,935 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\searchplugins\conduit.xml
    O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
    [2012/08/06 11:29:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
    [2012/08/06 10:52:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vid-Saver
    [2012/08/06 10:52:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrentControl2
    [2010/03/15 16:36:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\iWin
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    C:\Program Files (x86)\Ask.com
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaandgknhidclennijgnchhaiefkmch
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done


Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
Ksunshine

Ksunshine

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
As of yet I haven't noticed a change but I really haven't got on my computer and tested things out, but THANK YOU SO MUCH for working with me! Here is the log from Combofix:

ComboFix 12-08-18.03 - Owner 08/19/2012 19:31:52.3.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2192 [GMT -5:00]
Running from: c:\users\Owner\Favorites\Downloads\ComboFix.exe
AV: GFI Software VIPRE *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AV: Trend Micro AntiVirus *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
FW: GFI Software VIPRE *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: GFI Software VIPRE *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Trend Micro AntiVirus *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Local\Vid-Saver
.
.
((((((((((((((((((((((((( Files Created from 2012-07-20 to 2012-08-20 )))))))))))))))))))))))))))))))
.
.
2012-08-20 00:54 . 2012-08-20 00:56 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-08-20 00:54 . 2012-08-20 00:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-20 00:54 . 2012-08-20 00:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-20 00:54 . 2012-08-20 00:54 -------- d-----w- c:\users\AppData\AppData\Local\temp
2012-08-20 00:06 . 2012-08-20 00:06 -------- d-----w- C:\_OTL
2012-08-19 10:13 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E90F7C9-FDCA-4486-BADA-50CA74CC6928}\mpengine.dll
2012-08-18 02:35 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-15 00:18 . 2012-06-28 03:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-15 00:18 . 2012-06-28 03:13 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-15 00:18 . 2012-06-28 00:07 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-15 00:15 . 2012-07-04 14:33 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 00:08 . 2012-05-11 16:34 788480 ----a-w- c:\windows\system32\localspl.dll
2012-08-15 00:08 . 2012-05-11 15:57 623616 ----a-w- c:\windows\SysWow64\localspl.dll
2012-08-15 00:07 . 2012-06-29 16:20 648192 ----a-w- c:\windows\system32\netapi32.dll
2012-08-07 00:45 . 2012-08-07 00:45 -------- d-----w- c:\programdata\GFI Software
2012-08-07 00:45 . 2012-04-14 02:30 61184 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-08-07 00:44 . 2011-09-29 18:16 119416 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-08-07 00:44 . 2012-04-14 02:30 258304 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-08-07 00:43 . 2012-08-07 00:43 -------- d-----w- c:\programdata\Downloaded Installations
2012-08-07 00:43 . 2012-08-07 00:43 -------- d-----w- c:\program files (x86)\GFI Software
2012-08-07 00:43 . 2012-08-07 00:43 -------- d-----w- c:\users\Owner\AppData\Roaming\GFI Software
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 18:02 . 2012-04-10 19:10 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 18:02 . 2011-05-26 20:22 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 00:09 . 2006-11-02 12:35 62134624 ----a-w- c:\windows\system32\mrt.exe
2012-07-30 01:52 . 2011-04-29 00:46 101688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-07-07 02:02 . 2012-07-07 02:02 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-07 02:02 . 2011-04-03 01:15 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-03 18:46 . 2010-09-04 14:23 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-22 20:37 . 2012-06-22 20:37 46472 ----a-w- c:\windows\SysWow64\sbbd.exe
2012-06-08 17:59 . 2012-07-10 22:10 12899840 ----a-w- c:\windows\system32\shell32.dll
2012-06-07 01:59 . 2012-06-07 01:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-05 16:47 . 2012-07-10 22:10 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-05 16:47 . 2012-07-10 22:10 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-05 16:22 . 2012-07-10 22:10 1797120 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:22 . 2012-07-10 22:10 1869824 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:29 . 2012-07-10 22:10 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-25 19:07 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-25 19:08 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-25 19:08 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-25 19:08 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-25 19:07 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-25 19:07 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-25 19:07 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-25 19:08 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-25 19:07 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-25 19:07 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 20:19 . 2012-06-25 19:07 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 20:19 . 2012-06-25 19:07 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-25 19:07 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 20:12 . 2012-06-25 19:07 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-06-02 00:22 . 2012-07-10 22:10 347136 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:22 . 2012-07-10 22:10 254464 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 00:05 . 2012-07-10 22:10 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 00:04 . 2012-07-10 22:10 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 00:03 . 2012-07-10 22:10 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-05-25 18:14 . 2010-07-04 06:12 57976 ----a-w- c:\windows\system32\drivers\sbredrv.sys
2012-05-25 18:14 . 2010-07-04 06:12 45936 ----a-w- c:\windows\system32\sbbd.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-30 00:52 121392 ----a-w- c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"DW7"="c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-08-06 13003448]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"ArcSoft MediaImpression Monitor"="c:\program files (x86)\Kodak\MediaImpression\ArcMonitor.exe" [2010-07-20 80384]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-11-26 296056]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"SBAMTray"="c:\program files (x86)\GFI Software\VIPRE\SBAMTray.exe" [2012-06-22 3050888]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
2007-11-19 22:17 1261568 ----a-w- c:\program files (x86)\Acer\Acer Assist\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
2007-11-26 18:21 3387392 ----a-w- c:\program files (x86)\Acer\Acer Registration\ACE1.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2012-02-23 16:38 59240 ----a-w- c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-26 04:36 28672 ----a-w- c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-07 00:05 421736 ----a-w- c:\program files (x86)\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 16:12 288080 ----a-w- c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
2009-09-28 15:05 240976 ----a-w- c:\program files (x86)\MSN Toolbar\Platform\4.0.0316.3\mswinext.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMMediaSharing]
2008-05-21 00:50 204908 ----a-w- c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 01:56 421888 ----a-w- c:\program files (x86)\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 16:07 252296 ----a-w- c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-25 140672]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-01-23 335288]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-05-21 269448]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 18:02]
.
2012-08-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-05 21:43]
.
2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-27 18:05]
.
2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-27 18:05]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-297246481-326183896-2051262528-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 14:31]
.
2012-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-297246481-326183896-2051262528-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 14:31]
.
2012-08-20 c:\windows\Tasks\ReclaimerUpdateFiles_Owner.job
- c:\users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.10\agent\rnupgagent.exe [2012-08-15 18:07]
.
2012-08-18 c:\windows\Tasks\ReclaimerUpdateXML_Owner.job
- c:\users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.10\agent\rnupgagent.exe [2012-08-15 18:07]
.
2012-08-20 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Owner.job
- c:\users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.10\agent\rnupgagent.exe [2012-08-15 18:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-30 00:53 50736 ----a-w- c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\windows\RAVCpl64.exe" [2008-08-19 6456352]
"Skytel"="c:\windows\Skytel.exe" [2008-08-19 1833504]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1023416]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://search.foxtab.com/?s=0&chnl=dcom&cd=2XzutBtN2Y1L1QzutDtDtBtCzyyByE0Fzy0FtDtCtA0B0EyE0EtN0D0TzutBtDtCtCtDzztCtC&cr=259155398
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tzx8t27d.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files (x86)\Ask.com\Updater\Updater.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\atashost.exe
c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\GFI Software\VIPRE\SBPIMSvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files (x86)\GFI Software\VIPRE\SBAMSvc.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
.
**************************************************************************
.
Completion time: 2012-08-19 20:05:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-20 01:05
.
Pre-Run: 103,427,649,536 bytes free
Post-Run: 103,123,193,856 bytes free
.
- - End Of File - - AEE2EE5DE7D26B8FFBD9E3CB85BF5054
  • 0

#6
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

How is your PC running now? :)
  • 0

#7
Ksunshine

Ksunshine

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I ran malwarebytes and nothing was found in the scan. My computer seems to be running faster than it was. Thank you for your help!
  • 0

#8
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Google Chrome and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these.

The WOT add-on will nicely help to enhance your security, no matter which web browser you use. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.
  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :cool:
  • 0

#9
Ksunshine

Ksunshine

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you so much for all your help!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP