:OTL IE - HKU\S-1-5-21-2207004095-3857170591-459827392-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3318001&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP40D8C39A-BC3E-48D0-9156-28653467081A&SSPV= IE - HKU\S-1-5-21-2207004095-3857170591-459827392-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56847 FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found CHR - Extension: cacaoweb = C:\Users\SOPHIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebbadcnkcgcfgpbmcdleckpejgopimf\1.18_0\ O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files (x86)\iTuelper.exe (Apple Inc.) O4 - HKU\S-1-5-21-2207004095-3857170591-459827392-1000\..\Run: [APISupport] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\SOPHIE\AppData\Local\Conduit\APISupport\APISupport.dll",DLLRunAPISupport File not found O4 - HKU\S-1-5-21-2207004095-3857170591-459827392-1000\..\Run: [Google+ Auto Backup] "C:\Users\SOPHIE\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart File not found O4 - HKU\S-1-5-21-2207004095-3857170591-459827392-1000\..\Run: [TBHostSupport] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\SOPHIE\AppData\Local\TBHostSupport\TBHostSupport_0.dll",DLLRunTBHostSupportPlugin File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - File not found O33 - MountPoints2\{7bfd59ac-4cce-11e1-b317-b870f4f68826}\Shell - "" = AutoRun O33 - MountPoints2\{7bfd59ac-4cce-11e1-b317-b870f4f68826}\Shell\AutoRun\command - "" = F:\laucher.exe O33 - MountPoints2\{7bfd59b6-4cce-11e1-b317-b870f4f68826}\Shell - "" = AutoRun O33 - MountPoints2\{7bfd59b6-4cce-11e1-b317-b870f4f68826}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{a01c46d8-7207-11e3-82da-bfeff8002381}\Shell - "" = AutoRun O33 - MountPoints2\{a01c46d8-7207-11e3-82da-bfeff8002381}\Shell\AutoRun\command - "" = E:\unlock.exe autoplay=true O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\unlock.exe autoplay=true MsConfig:64bit - StartUpReg: [b]SweetIM[/b] - hkey= - key= - File not found [2012/03/09 10:28:02 | 003,628,016 | ---- | C] (Piriform Ltd) -- C:\Program Files\CCleaner316.exe [4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [2012/03/02 09:41:20 | 000,000,000 | ---D | M] -- C:\93e378cb2d795bdefe22d690 [2011/08/11 12:27:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Symantec [2012/03/05 13:39:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Norton [2011/08/11 12:28:23 | 000,000,000 | ---D | M] -- C:\ProgramData\NortonInstaller [2013/12/06 04:30:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GUM3D0.tmp [2013/07/12 19:33:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GUM7C7A.tmp [2013/05/15 11:22:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GUMCE3B.tmp [2012/03/02 10:34:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OfficialVideoConverter [2011/08/11 12:27:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Symantec [2012/03/02 10:32:27 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{0D5BBB2B-F044-46C3-877B-6A6BE1E08D19} [6 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ] :reg [-HKEY_CURRENT_USER\Software\Beamrise] [-HKEY_CURRENT_USER\Software\Symantec] [-HKEY_LOCAL_MACHINE\Software\Symantec] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=DWORD:0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=DWORD:0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=DWORD:0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2CC87437-DC69-4E81-9C1A-745B1FC0556C}"=- "{52309ABD-6DFF-416B-9667-7CC02F646754}"=- "TCP Query User{4D29ED47-FEA7-4CD1-963D-4B2A170148A3}C:\users\sophie\appdata\roaming\cacaoweb\cacaoweb.exe"=- "TCP Query User{FA3C00C7-D0A7-4819-A36D-444DD99D7124}C:\users\sophie\appdata\roaming\cacaoweb\cacaoweb.exe"=- "UDP Query User{4563AE2E-09F4-4596-AD9C-80C81120DC5A}C:\users\sophie\appdata\roaming\cacaoweb\cacaoweb.exe"=- "UDP Query User{CE0ED87A-85B5-4BBF-943F-7BC45A2F524C}C:\users\sophie\appdata\roaming\cacaoweb\cacaoweb.exe"=- :Files C:\windows\Temp\* :commands [emptytemp]