Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Conduit Virus


  • This topic is locked This topic is locked
22 replies to this topic

#1 Centuck

Centuck

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 16 April 2013 - 02:51 PM

Hi there,

 

I recently noticed that my homepages were changed to http://search.conduit.com/?ctid=CT3289075&SearchSource=48&CUI=UN34434332395774257&UM=2 and I could not change them back to normal.  If I changed my homepage in my Internet Settings, IE would open up at the search conduit page.  I found in my programs that there was a search conduit program, I removed it and now I was able to change my IE homepage as well as my Google Chrome homepage and it worked fine.  Though everything seems fine, I am afraid there are still remnants of this program/virus around. Malwarebytes found nothing.  Also as I was typing this message, Windows Security Essentials found "HackTool:Win32/Keygen" on my system.  It said it successfully removed it.

 

Please advise me on what to do.  When my Malwarebytes is finished, I will post the results on here as well.  Thanks for the future help,


Centuck

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 10.17.2
Run by Nelda at 13:54:30 on 2013-04-16
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.8182.5255 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxcccoms.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Lexmark 3300 Series\lxccmon.exe
C:\Program Files (x86)\Lexmark 3300 Series\ezprint.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\System32\WUDFHost.exe
C:\Users\Nelda\AppData\Local\Akamai\netsession_win.exe
D:\Steam\Steam.exe
C:\Users\Nelda\AppData\Local\Akamai\netsession_win.exe
D:\uTorrent\uTorrent.exe
C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\Razer\Lycosa\razerhid.exe
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
D:\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\AllShare\AllShareAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Razer\Lycosa\razertra.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
D:\AllShare\AllShareDMS\AllShareDMS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
L:\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Microsoft Games\solitaire\solitaire.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uSearch Bar = Preserve
uProxyOverride = 127.0.0.1:9421;<local>;*.local
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\26.0.1410.64\npchrome_frame.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Akamai NetSession Interface] "C:\Users\Nelda\AppData\Local\Akamai\netsession_win.exe"
uRun: [Google Update] "C:\Users\Nelda\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "D:\Steam\Steam.exe" -silent
uRun: [uTorrent] "D:\uTorrent\uTorrent.exe"  /MINIMIZED
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
mRun: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [PWRISOVM.EXE] D:\PowerISO\PWRISOVM.EXE -startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AllShareAgent] D:\AllShare\AllShareAgent.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHOTOF~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 142.165.21.5 142.165.200.5
TCP: Interfaces\{7C0A0A50-B0CB-437A-9F4B-FB0F39FAF541} : DHCPNameServer = 142.165.21.5 142.165.200.5
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\26.0.1410.64\npchrome_frame.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
x64-Run: [LXCCCATS] rundll32 C:\Windows\System32\spool\DRIVERS\x64\3\LXCCtime.dll,RunDLLEntry
x64-Run: [lxccmon.exe] "C:\Program Files (x86)\Lexmark 3300 Series\lxccmon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark 3300 Series\ezprint.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-4-5 236544]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008]
R2 SamsungAllShareV2.0;Samsung AllShare PC;D:\AllShare\AllShareDMS\AllShareDMS.exe [2012-3-2 25504]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
R3 danewFltr;NewDeathAdder Mouse;C:\Windows\System32\drivers\danew.sys [2011-1-7 12032]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2010-4-6 301232]
R3 Lycosa;Lycosa Keyboard;C:\Windows\System32\drivers\Lycosa.sys [2011-1-7 20352]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-4-16 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 ioatdma1;ioatdma1;C:\Windows\System32\drivers\qd162x64.sys [2009-11-16 40144]
S3 ioatdma2;Intel® QuickData Technology device ver.2;C:\Windows\System32\drivers\qd262x64.sys [2009-11-16 42192]
S3 SimpleSlideShowServer;SimpleSlideShowServer;D:\AllShare\AllShareSlideShowService.exe [2012-3-2 27584]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-24 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-8 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-04-16 19:46:48 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{94C996E1-7767-4644-A69C-415166A7F00B}\offreg.dll
2013-04-16 19:07:33 -------- d-----w- C:\components
2013-04-16 14:02:19 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{94C996E1-7767-4644-A69C-415166A7F00B}\mpengine.dll
2013-04-16 13:51:17 -------- d-----w- C:\Users\Nelda\AppData\Local\{7D0C6D57-BC2B-4BBF-A1F7-AF3AC52C9B9E}
2013-04-15 17:36:01 -------- d-----w- C:\Users\Nelda\AppData\Local\{58D3F2F3-6250-4E40-8431-17D4DAA43D84}
2013-04-15 07:38:51 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-14 07:28:24 -------- d-----w- C:\Users\Nelda\AppData\Local\{44865B27-290B-4E1F-960A-555BD9DDB32F}
2013-04-12 21:16:32 -------- d-----w- C:\Users\Nelda\AppData\Local\{F990EEB6-7E63-475E-8D4D-9F68086DFFEB}
2013-04-11 09:19:36 -------- d-----w- C:\Users\Nelda\AppData\Local\{6D0C9CC9-293C-4806-9486-3823CD87E305}
2013-04-10 14:42:19 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2013-04-09 16:51:23 -------- d-----w- C:\Users\Nelda\AppData\Local\{EB4A4D96-BFAA-4904-856E-26F20AAD62A6}
2013-04-08 16:37:02 -------- d-----w- C:\Users\Nelda\AppData\Local\{6D5606E5-A442-4BAB-AE18-FF3C2C83AFBF}
2013-04-07 00:38:24 -------- d-----w- C:\Users\Nelda\AppData\Local\{BDDCA3E9-AD33-4AED-9EAA-5920A2E854CA}
2013-04-04 21:35:23 -------- d-----w- C:\Users\Nelda\AppData\Local\{29C9F5D7-3FE5-4D14-AA8D-A2A6B9B86CE4}
2013-04-04 05:46:26 -------- d-----w- C:\Users\Nelda\AppData\Local\SCE
2013-04-03 23:18:46 -------- d-----w- C:\Users\Nelda\AppData\Local\{8B562EB7-CBBD-41B3-9164-37E2D9A0779A}
2013-04-02 17:06:03 -------- d-----w- C:\Users\Nelda\AppData\Local\{8AC1D683-43E1-474D-BAAA-606C1800E11B}
2013-03-31 22:12:21 -------- d-----w- C:\Users\Nelda\AppData\Local\{8AFD7A69-2D07-4401-92A2-8B9C55B248FD}
2013-03-29 17:26:59 -------- d-----w- C:\Users\Nelda\AppData\Local\{52EF7145-5C3B-431D-B76E-4FA20F02C29A}
2013-03-29 04:15:33 -------- d-----w- C:\Users\Nelda\AppData\Local\{E2243C53-A004-4D4F-A3D4-829D96CCEF76}
2013-03-28 16:15:09 -------- d-----w- C:\Users\Nelda\AppData\Local\{AB6269FB-48C6-408F-9378-3E6AD5750340}
2013-03-27 06:08:05 -------- d-----w- C:\Users\Nelda\AppData\Local\{E1BE52ED-F52F-4DB1-A475-0B48A4F5487F}
2013-03-26 00:26:30 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-25 22:25:20 -------- d-----w- C:\Users\Nelda\AppData\Local\{2350A816-9DBC-41F2-83DE-66F84AB42703}
2013-03-23 02:08:57 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-22 15:51:12 -------- d-----w- C:\Users\Nelda\AppData\Local\{18CF39E7-B59D-4BB5-AC41-27F613FAD9ED}
2013-03-21 16:21:43 -------- d-----w- C:\Users\Nelda\AppData\Local\{771FFF90-74D8-4315-9D71-B8D6CDE472AE}
2013-03-21 01:25:12 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{17356187-0C0B-4D7B-BA4B-B33DF4D3FB17}\gapaengine.dll
2013-03-20 15:55:53 -------- d-----w- C:\Users\Nelda\AppData\Local\{3E09843D-202E-40FD-9C6D-748EAA2CC6B4}
2013-03-19 15:51:28 -------- d-----w- C:\Users\Nelda\AppData\Local\{3F673567-D9E2-45A9-B921-B3F9A36DEBB0}
2013-03-18 15:57:35 -------- d-----w- C:\Users\Nelda\AppData\Local\{652E213B-1EB1-4835-B082-D4B8553F6066}
.
==================== Find3M  ====================
.
2013-04-15 17:56:00 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-15 17:56:00 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-11 14:22:56 770384 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2013-04-11 14:22:56 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2013-04-02 10:34:28 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-03-23 02:08:54 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-03-23 02:08:53 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-03-02 06:04:53 1655656 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-15 06:08:40 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-02-15 06:02:26 158720 ----a-w- C:\Windows\System32\aaclient.dll
2013-02-15 04:37:10 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-02-15 04:34:10 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-02-15 03:25:51 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-01-24 06:01:01 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-01-20 21:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-01-20 21:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
.
============= FINISH: 13:54:43.35 ===============
 

Attached Files


Edited by Centuck, 16 April 2013 - 03:06 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,626 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:22 AM

Posted 16 April 2013 - 05:11 PM


Hello Centuck

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-
  • Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
  • Gringo




I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 satchfan

satchfan

  • Malware Response Team
  • 333 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:06:22 AM

Posted 16 April 2013 - 05:20 PM

Hello Centuck and welcome to Bleeping Computer.

 

My name is Satchfan and I would be glad to help you with your computer problem.

 

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

 

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested.

 

===================================================

 

Run RogueKiller

 

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.

 

Download RogueKiller to your desktop.

 

For 64-bit systems download it from here

 

  • close all running programs
  • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on Report and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.


Please post the contents of the RKreport.txt in your next reply.

 

Satchfan


SignatureBCnoASAP.gif

 


#4 Centuck

Centuck
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 16 April 2013 - 05:43 PM

Sorry but who's instructions do i follow?  Gringo says to delete the results of RogueKiller and Satchafan says not to.  Do I follow Gringo or Satchafan?  When this is answered I will complete these tasks.


Thanks,
Centuck



#5 satchfan

satchfan

  • Malware Response Team
  • 333 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:06:22 AM

Posted 16 April 2013 - 05:54 PM

Both instructions are correct but I’d like to see the results of RogueKiller before we decide on a preferred course of action.

 

Please run RogueKiller as I instructed and post the results.

 

Thanks

 

Satchfan


Edited by satchfan, 16 April 2013 - 05:54 PM.

SignatureBCnoASAP.gif

 


#6 Centuck

Centuck
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 16 April 2013 - 06:12 PM

Attached are the results as requested.

Attached Files


Edited by Centuck, 16 April 2013 - 06:13 PM.


#7 satchfan

satchfan

  • Malware Response Team
  • 333 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:06:22 AM

Posted 17 April 2013 - 02:41 AM

That’s good; nothing showing up there.

 

Download and run AdwCleaner

 

Download AdwCleaner from here and save it to your desktop.

 

  • run AdwCleaner and select Delete
  • when it has finished it will ask to reboot - allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

 

Download and run OTL

 

  • download OTL to your desktop.
  • double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • click Scan all users.
  • under Custom Scan paste this in


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT

     

  • click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
  • when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • you may need two posts to fit them both in.

===================================================

 

Run aswMBR

 

  • download aswMBR.exe to your desktop.
  • double click the aswMBR.exe to run it
  • if asked, accept the AVAST virus definition download
  • click the "Scan" button to start scan
  • on completion of the scan click Save log, save it to your desktop and post in your next reply. Note - do NOT attempt any Fix yet.

Logs to include with next post:

 

AdwCleaner log
OTL.txt
Extras.txt
aswMBR log

 

Thanks

 

Satchfan


SignatureBCnoASAP.gif

 


#8 Centuck

Centuck
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 18 April 2013 - 05:12 PM

OTL logfile created on: 4/18/2013 3:23:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nelda\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
7.99 Gb Total Physical Memory | 6.19 Gb Available Physical Memory | 77.48% Memory free
15.98 Gb Paging File | 13.78 Gb Available in Paging File | 86.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59.53 Gb Total Space | 0.54 Gb Free Space | 0.90% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 414.86 Gb Free Space | 44.54% Space Free | Partition Type: NTFS
 
Computer Name: NELDA-PC | User Name: Nelda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/04/18 15:22:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nelda\Downloads\OTL.exe
PRC - [2013/04/15 11:53:50 | 000,802,136 | ---- | M] (BitTorrent Inc.) -- D:\uTorrent\uTorrent.exe
PRC - [2013/03/29 13:53:56 | 001,631,144 | ---- | M] (Valve Corporation) -- D:\Steam\Steam.exe
PRC - [2013/03/29 13:53:56 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/01/26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Nelda\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/08/24 01:57:08 | 000,336,992 | ---- | M] (Power Software Ltd) -- D:\PowerISO\PWRISOVM.EXE
PRC - [2012/03/02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) -- D:\AllShare\AllShareDMS\AllShareDMS.exe
PRC - [2012/03/01 23:59:26 | 000,285,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- D:\AllShare\AllShareAgent.exe
PRC - [2010/11/20 06:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/05/05 18:56:06 | 000,251,392 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
PRC - [2010/04/27 16:41:26 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
PRC - [2010/03/26 10:52:24 | 001,234,216 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/01/20 16:07:54 | 000,172,544 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
PRC - [2009/10/09 17:32:20 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Lycosa\razertra.exe
PRC - [2009/10/08 16:41:14 | 000,232,960 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\Razer\Lycosa\razerhid.exe
PRC - [2009/06/03 20:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 23:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2007/12/19 13:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
PRC - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe
PRC - [2007/05/11 08:58:58 | 000,103,344 | ---- | M] (Lexmark International Inc.) -- C:\Program Files (x86)\Lexmark 3300 Series\ezprint.exe
PRC - [2007/05/11 08:57:22 | 000,205,744 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark 3300 Series\lxccmon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/04/09 02:57:07 | 000,390,096 | ---- | M] () -- C:\Users\Nelda\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 02:57:05 | 004,050,896 | ---- | M] () -- C:\Users\Nelda\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 02:56:15 | 000,598,480 | ---- | M] () -- C:\Users\Nelda\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013/04/09 02:56:14 | 000,124,368 | ---- | M] () -- C:\Users\Nelda\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013/04/09 02:56:13 | 001,606,096 | ---- | M] () -- C:\Users\Nelda\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013/03/29 13:53:56 | 001,114,024 | ---- | M] () -- D:\Steam\bin\chromehtml.dll
MOD - [2013/03/26 18:16:40 | 020,341,672 | ---- | M] () -- D:\Steam\bin\libcef.dll
MOD - [2013/03/25 16:23:34 | 000,651,776 | ---- | M] () -- D:\Steam\SDL2.dll
MOD - [2013/02/13 18:43:33 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\40ec6eb5a95de56636ea90f638d1eb2c\System.ServiceProcess.ni.dll
MOD - [2013/02/13 18:43:32 | 012,082,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\d4593afc94701312b24fa76ec4d9b871\System.Web.ni.dll
MOD - [2013/02/13 18:36:55 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/02/13 01:38:35 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0783e0b01fd91c2c42abe0cb3e5d0c19\System.Windows.Forms.ni.dll
MOD - [2013/01/11 10:08:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\f62409df88e3dde635df0808c7177097\System.Runtime.Remoting.ni.dll
MOD - [2013/01/11 10:08:39 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\6e5a88684e45c45cddf654a902b9c789\PresentationCore.ni.dll
MOD - [2013/01/11 10:08:32 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\54fef0787e00fc172cf386ba94bb7f10\WindowsBase.ni.dll
MOD - [2013/01/11 10:08:18 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\293b5e60e01e652ae1bf4096bc6e9f9e\System.Drawing.ni.dll
MOD - [2013/01/11 10:08:10 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\5434074a2458956c9a421cf3a8aab676\System.Core.ni.dll
MOD - [2013/01/11 10:08:02 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\353fd535963fff2f9086c2f655a47ace\System.Xml.ni.dll
MOD - [2013/01/11 10:08:00 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7600fa0122191abced58b5e98303dfb3\System.Configuration.ni.dll
MOD - [2013/01/11 10:07:59 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\73507c607e4c46f5e04122de0cc5f3fd\System.ni.dll
MOD - [2013/01/11 10:07:55 | 014,417,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3ef97e67e8d2c09fd2495ed952e1afbc\mscorlib.ni.dll
MOD - [2013/01/09 19:09:21 | 000,689,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\61fe2f344612f7b3b87f630e89b261e6\System.Data.SqlServerCe.ni.dll
MOD - [2013/01/09 19:07:22 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll
MOD - [2013/01/09 19:07:21 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013/01/09 19:07:21 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013/01/09 19:07:01 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 19:06:49 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 19:06:46 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 19:06:46 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/09 19:06:42 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/12/11 11:51:10 | 001,100,800 | ---- | M] () -- D:\Steam\bin\avcodec-53.dll
MOD - [2012/12/11 11:51:10 | 000,192,000 | ---- | M] () -- D:\Steam\bin\avformat-53.dll
MOD - [2012/12/11 11:51:10 | 000,124,416 | ---- | M] () -- D:\Steam\bin\avutil-51.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/04 19:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/05/05 18:56:06 | 000,251,392 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
MOD - [2010/04/27 16:41:26 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
MOD - [2009/10/09 17:32:20 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Lycosa\razertra.exe
MOD - [2009/08/20 12:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009/08/20 12:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/08/20 12:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/06/10 15:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/06/03 20:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 20:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2005/12/13 15:51:56 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3300 Series\lxccdrec.dll
MOD - [2005/06/14 17:08:28 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3300 Series\iptk.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/04/05 20:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/11/07 09:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV:64bit: - [2007/03/26 07:49:58 | 000,566,704 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxcccoms.exe -- (lxcc_device)
SRV - [2013/04/15 11:56:00 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/29 13:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/03/21 10:21:56 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2012/03/02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- D:\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)
SRV - [2012/03/02 17:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- D:\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)
SRV - [2007/03/26 07:49:26 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxcccoms.exe -- (lxcc_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/24 01:56:56 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/05 23:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 19:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 06:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/06 01:37:42 | 000,301,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2010/03/24 01:47:26 | 000,034,472 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iqvw64e.sys -- (NAL)
DRV:64bit: - [2010/03/23 18:37:34 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr)
DRV:64bit: - [2009/12/21 23:50:00 | 000,007,552 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vHidDev.sys -- (vhidmini)
DRV:64bit: - [2009/11/16 08:45:26 | 000,042,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2)
DRV:64bit: - [2009/11/16 08:45:22 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1)
DRV:64bit: - [2009/09/30 14:45:52 | 000,020,352 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3190942660-1574409567-1745578382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3190942660-1574409567-1745578382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-3190942660-1574409567-1745578382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp
IE - HKU\S-1-5-21-3190942660-1574409567-1745578382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-3190942660-1574409567-1745578382-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3190942660-1574409567-1745578382-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3190942660-1574409567-1745578382-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3190942660-1574409567-1745578382-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>;*.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nelda\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nelda\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Nelda\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
 
[2013/04/16 07:53:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nelda\AppData\Roaming\Mozilla\Firefox\extensions
[2013/01/15 17:38:52 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Nelda\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2013/04/16 07:53:06 | 000,000,000 | ---D | M] (uTorrentControl_v6) -- C:\Users\Nelda\AppData\Roaming\Mozilla\Firefox\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.ca/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Nelda\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nelda\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nelda\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = C:\Users\Nelda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Nelda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Nelda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\26.0.1410.64\npchrome_frame.dll (Google Inc.)
O3 - HKU\S-1-5-21-3190942660-1574409567-1745578382-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 3300 Series\ezprint.exe (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [LXCCCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCCtime.DLL ()
O4:64bit: - HKLM..\Run: [lxccmon.exe] C:\Program Files (x86)\Lexmark 3300 Series\lxccmon.exe (Lexmark International, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AllShareAgent] D:\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [Lycosa] C:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PWRISOVM.EXE] D:\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3190942660-1574409567-1745578382-1000..\Run: [Akamai NetSession Interface] C:\Users\Nelda\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-3190942660-1574409567-1745578382-1000..\Run: [Steam] D:\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3190942660-1574409567-1745578382-1000..\Run: [uTorrent] D:\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3190942660-1574409567-1745578382-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3190942660-1574409567-1745578382-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3190942660-1574409567-1745578382-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3190942660-1574409567-1745578382-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 142.165.21.5 142.165.200.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C0A0A50-B0CB-437A-9F4B-FB0F39FAF541}: DhcpNameServer = 142.165.21.5 142.165.200.5
O18:64bit: - Protocol\Handler\gcf - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\26.0.1410.64\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ba693052-2b3f-11e0-b28a-00271383c11e}\Shell - "" = AutoRun
O33 - MountPoints2\{ba693052-2b3f-11e0-b28a-00271383c11e}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/18 10:52:43 | 000,000,000 | ---D | C] -- C:\Users\Nelda\AppData\Local\{CCDB9FDA-82CB-4EAF-BF1E-09148631BCB4}
[2013/04/18 01:46:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/04/17 11:36:28 | 000,000,000 | ---D | C] -- C:\Users\Nelda\AppData\Local\{683E5E1C-C3E8-4FF4-9AF7-8C47816C23E2}
[2013/04/16 13:07:33 | 000,000,000 | ---D | C] -- C:\components
[2013/04/16 07:51:17 | 000,000,000 | ---D | C] -- C:\Users\Nelda\AppData\Local\{7D0C6D57-BC2B-4BBF-A1F7-AF3AC52C9B9E}
[2013/04/15 11:36:01 | 000,000,000 | ---D | C] -- C:\Users\Nelda\AppData\Local\{58D3F2F3-6250-4E40-8431-17D4DAA43D84}
[2013/04/14 01:28:24 | 000,000,000 | ---D | C] -- C:\Users\Nelda\AppData\Local\{44865B27-290B-4E1F-960A-555BD9DDB32F}
[2013/04/12 15:16:32 | 000,000,000 | ---D | C] -- C:\Users\Nelda\AppData\Local\{F990EEB6-7E63-475E-8D4D-9F68086DFFEB}
[2013/04/11 03:19:36 | 000,000,000 | ---D | C] -- C:\Users\Nelda\AppData\Local\{6D0C9CC9-293C-4806-9486-3823CD87E305}
[2013/04/11 03:00:52 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/04/11 03:00:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/04/11 03:00:51 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/04/11 03:00:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/04/11 03:00:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/04/11 03:00:50 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/04/11 03:00:50 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/04/11 03:00:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/04/11 03:00:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/04/11 03:00:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/04/11 03:00:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/04/11 03:00:49 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/04/11 03:00:48 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/04/11 03:00:48 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/04/11 03:00:48 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/04/10 08:42:19 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/04/10 08:42:19 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/04/10 08:42:19 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/04/10 08:42:18 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/04/10 08:42:18 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/04/10 08:42:18 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/04/10 08:42:06 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/04/10 08:42:05 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/10 08:42:05 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/04/10 08:42:05 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/04/10 08:42:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/04/10 08:42:04 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/04/09 10:51:23 | 000,000,000 | ---D | C] -- C:\Users\Nelda\AppData\Local\{EB4A4D96-BFAA-4904-856E-26F20AAD62A6}
[2013/04/08 10:37:02 | 000,000,000 | ---D | C] -- C:\Users\Nelda\AppData\Local\{6D5606E5-A442-4BAB-AE18-FF3C2C83AFBF}
[2013/04/06 18:38:24 | 000,000,000 | ---D | C] -- C:\Users\Nelda\AppData\Local\{BDDCA3E9-AD33-4AED-9EAA-5920A2E854CA}
[2013/04/04 15:35:23 | 000,000,000 | ---D | C] -- C:\Users\Nelda\AppData\Local\{29C9F5D7-3FE5-4D14-AA8D-A2A6B9B86CE4}
[2013/04/03 23:46:26 | 000,000,000 | ---D | C] -- C:\Users\Nelda\AppData\Local\SCE
[2013/04/03 17:18:46 | 000,000,000 | ---D | C] -- C:\Users\Nelda\AppData\Local\{8B562EB7-CBBD-41B3-9164-37E2D9A0779A}
[2013/04/02 11:06:03 | 000,000,000 | ---D | C] -- C:\Users\Nelda\AppData\Local\{8AC1D683-43E1-474D-BAAA-606C1800E11B}
[2013/03/31 16:12:21 | 000,000,000 | ---D | C] -- C:\Users\Nelda\AppData\Local\{8AFD7A69-2D07-4401-92A2-8B9C55B248FD}
[2013/03/29 11:26:59 | 000,000,000 | ---D | C] -- C:\Users\Nelda\AppData\Local\{52EF7145-5C3B-431D-B76E-4FA20F02C29A}
[2013/03/28 22:15:33 | 000,000,000 | ---D | C] -- C:\Users\Nelda\AppData\Local\{E2243C53-A004-4D4F-A3D4-829D96CCEF76}
[2013/03/28 10:15:09 | 000,000,000 | ---D | C] -- C:\Users\Nelda\AppData\Local\{AB6269FB-48C6-408F-9378-3E6AD5750340}
[2013/03/27 00:08:05 | 000,000,000 | ---D | C] -- C:\Users\Nelda\AppData\Local\{E1BE52ED-F52F-4DB1-A475-0B48A4F5487F}
[2013/03/25 18:26:30 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/03/25 16:25:20 | 000,000,000 | ---D | C] -- C:\Users\Nelda\AppData\Local\{2350A816-9DBC-41F2-83DE-66F84AB42703}
[2013/03/22 20:08:57 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/03/22 20:08:57 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/03/22 20:08:57 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/03/22 09:51:12 | 000,000,000 | ---D | C] -- C:\Users\Nelda\AppData\Local\{18CF39E7-B59D-4BB5-AC41-27F613FAD9ED}
[2013/03/21 10:21:43 | 000,000,000 | ---D | C] -- C:\Users\Nelda\AppData\Local\{771FFF90-74D8-4315-9D71-B8D6CDE472AE}
[2013/03/20 09:55:53 | 000,000,000 | ---D | C] -- C:\Users\Nelda\AppData\Local\{3E09843D-202E-40FD-9C6D-748EAA2CC6B4}
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/18 15:21:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/18 15:20:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/18 15:20:43 | 2139,439,103 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/18 14:55:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/18 14:54:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/18 14:41:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3190942660-1574409567-1745578382-1000UA.job
[2013/04/18 10:59:32 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/18 10:59:32 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/18 10:56:50 | 000,783,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/18 10:56:50 | 000,667,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/18 10:56:50 | 000,126,128 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/18 01:41:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3190942660-1574409567-1745578382-1000Core.job
[2013/04/16 07:51:37 | 000,000,530 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2013/04/15 11:56:00 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/04/15 11:56:00 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/04/11 20:03:09 | 000,001,137 | ---- | M] () -- C:\Users\Nelda\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2013/04/11 08:22:56 | 000,770,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100.dll
[2013/04/11 08:22:56 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp100.dll
[2013/04/11 03:19:16 | 000,448,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/10 07:43:20 | 000,002,330 | ---- | M] () -- C:\Users\Nelda\Desktop\Google Chrome.lnk
[2013/04/04 05:35:05 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/04/04 05:30:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/04/04 05:29:44 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/03/22 20:08:54 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013/03/22 20:08:53 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/01/15 17:51:58 | 000,016,659 | ---- | C] () -- C:\Windows\W2BNEUnin.dat
[2012/12/03 20:20:35 | 000,000,600 | ---- | C] () -- C:\Users\Nelda\AppData\Local\PUTTY.RND
[2012/04/05 19:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/05 19:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/12/14 18:20:51 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxccusb1.dll
[2011/12/14 18:20:51 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxccpmui.dll
[2011/12/14 18:20:51 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxccinpa.dll
[2011/12/14 18:20:51 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcciesc.dll
[2011/12/14 18:20:51 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcccomx.dll
[2011/12/14 18:20:51 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxccinst.dll
[2011/12/14 18:20:50 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxccserv.dll
[2011/12/14 18:20:50 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcchbn3.dll
[2011/12/14 18:20:50 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcccomc.dll
[2011/12/14 18:20:50 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcclmpm.dll
[2011/12/14 18:20:50 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcccoms.exe
[2011/12/14 18:20:50 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcccomm.dll
[2011/12/14 18:20:50 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxccih.exe
[2011/12/14 18:20:50 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxccppls.exe
[2011/12/14 18:20:50 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxccprox.dll
[2011/12/14 18:20:50 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxccpplc.dll
[2011/12/14 18:20:49 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcccfg.exe
[2011/11/26 19:32:15 | 000,044,834 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011/09/12 16:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/18 18:21:00 | 000,000,017 | ---- | C] () -- C:\Users\Nelda\AppData\Local\resmon.resmoncfg
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 00:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 00:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 00:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 23:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 07:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 00:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 23:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 19:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 00:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 00:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SVCHOST.EXE  >
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 19:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 19:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 01:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 00:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< %systemroot%\*. /rp /s >
 
========== Drive Information ==========
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST31000528AS ATA Device
Partitions: 1
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: KINGSTON SNV425S264GB ATA Device
Partitions: 2
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE2 - 
Interface type: USB
Media Type: 
Model: Generic USB SD Reader USB Device
Partitions: 0
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE3 - 
Interface type: USB
Media Type: 
Model: Generic USB CF Reader USB Device
Partitions: 0
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE4 - 
Interface type: USB
Media Type: 
Model: Generic USB SM Reader USB Device
Partitions: 0
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE5 - 
Interface type: USB
Media Type: 
Model: Generic USB MS Reader USB Device
Partitions: 0
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 932.00GB
Starting Offset: 1048576
Hidden sectors: 0
 
 
DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0
 
 
DeviceID: Disk #1, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 60.00GB
Starting Offset: 105906176
Hidden sectors: 0
 
 
< End of report >
 

 

OTL Extras logfile created on: 4/18/2013 3:23:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nelda\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
7.99 Gb Total Physical Memory | 6.19 Gb Available Physical Memory | 77.48% Memory free
15.98 Gb Paging File | 13.78 Gb Available in Paging File | 86.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59.53 Gb Total Space | 0.54 Gb Free Space | 0.90% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 414.86 Gb Free Space | 44.54% Space Free | Partition Type: NTFS
 
Computer Name: NELDA-PC | User Name: Nelda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{757129A2-329F-442C-9510-31D9709872D2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{9132EED7-8526-4B9F-8413-A2DA692BE6D5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0933C3D5-BB0E-496A-9EC5-684CD64B026C}" = protocol=6 | dir=in | app=c:\windows\system32\lxcccoms.exe | 
"{0976380C-D0E5-439E-8235-366B220156D5}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{15758E23-ADF6-48A6-BC61-42484D44DFC3}" = protocol=6 | dir=in | app=d:\utorrent\utorrent.exe | 
"{1B802227-7036-4527-AC90-A071EAAE8ADF}" = protocol=17 | dir=in | app=d:\utorrent\utorrent.exe | 
"{1DD7E8B8-B412-49E8-80A3-D5AAD31AE9D1}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxccpswx.exe | 
"{1DFF1EC6-0C91-46E2-9B6F-24B1A1AF56DA}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii public test.exe | 
"{211604EE-2E47-4295-A205-205CD8F5FFDE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{219D0E67-5A64-4E53-9360-086E66079FD3}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{25E00EC2-A6B1-4553-80F6-2A40231769D6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{27FE90E0-73FE-486C-A49E-A351CE9E89EC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{32C629E5-448B-4C7E-A939-252E77A1998E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{367FFDAF-8A00-46A7-A721-E2441E48D376}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{36B938A9-36D6-4123-8B55-ED1E9209AF18}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{370B950D-F74C-4A58-A8D9-6EC1D752A0F9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{41906FAC-5CE0-4A85-B7EA-0C85894A36EE}" = dir=in | app=d:\allshare\allsharedms\allsharedms.exe | 
"{42132572-1E31-4A3C-8760-27F01098C7A7}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe | 
"{47078EA3-70B8-452B-91BB-3A8E1ECCF73A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{537C3807-D682-4824-8AA3-67D8ECE452EA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{54FBFB24-1279-4DC9-A13E-0708A71B7FF8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{573343BF-A2B6-4AFA-B424-B60A38A53C23}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{5B846055-C60D-41E4-8590-7346A0559F3A}" = protocol=6 | dir=in | app=d:\diablo iii\diablo iii.exe | 
"{63BB2998-7833-4FFE-8321-2D7931456B1A}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxcccoms.exe | 
"{64C871F9-BB42-47FF-B628-B9604B579D75}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{6CD8519F-99EA-46A5-B85D-494E532281C5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7054EEEE-C95A-45BC-8B4D-50959A31C374}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxccpswx.exe | 
"{7055B9B0-057D-4C4C-8A52-EC40C42684D7}" = protocol=17 | dir=in | app=c:\windows\system32\lxcccoms.exe | 
"{7C2916F1-397F-46BA-95F0-3E57A4E2CF13}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{7CB214D3-0E7D-42C9-8E1A-D6658451157C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{7D4268F2-82B3-43F3-8B40-FCEAC94EE21C}" = protocol=17 | dir=in | app=d:\steam\steam.exe | 
"{88185E3E-FA23-466A-AE8D-550F6AB61E6E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{8AB4732F-FA56-4385-8ED4-D963B2374D44}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{8AF79367-6C33-4E18-ABD3-449B896F888A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{9169AE98-3F08-433E-B111-E657614C32ED}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxcccoms.exe | 
"{95AE09B3-D357-4409-85F2-6F520A72D68A}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii.exe | 
"{95ED432F-5F40-4546-B4B0-834B1A0E7EE9}" = dir=in | app=d:\allshare\allshareagent.exe | 
"{965980B9-D669-4431-9092-4F2103DAC36C}" = protocol=6 | dir=in | app=d:\steam\steam.exe | 
"{985981FB-31BF-411D-91AC-6A08F599411A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{9D8B9186-6CE5-47D5-8CE7-690E9B0AED88}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{A309EA08-78BD-4A00-B29A-5773C64853CE}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii.exe | 
"{A3A902DF-3A3A-421D-8A9C-3BE6ACC2C8C2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A418D584-CB3C-4B67-A6EF-DBD65D3012BF}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{A61B1E79-9347-4744-B2B4-EAD346DE18B1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{AA8DD9EE-119A-41AD-8AF2-E966088F30E5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{AB3C53CC-11D0-4073-B265-050856E43FC5}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{CACFD593-7D6C-475F-B98B-B5FF6A65FCA5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{CD068D3A-8838-4630-ACB6-1750052A6B74}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{D730D8DF-4593-4A52-8BA8-3CFDC78C10AC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{DCC45669-21A7-45A5-8371-68B5AC3D4E14}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe | 
"{E265791F-AD68-4029-8426-0CE91539FEA8}" = dir=in | app=d:\allshare\allshare.exe | 
"{E75203AA-941D-44BB-B8B9-677008EAEEB4}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{EAFDE693-B92B-4C77-A7C9-4DDE47DD66CE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{EDD14F3A-BAB6-4115-BBA0-5E96FDBD0656}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii public test.exe | 
"{EE6D3FD0-97A4-4D09-A7C4-E87DE0DF8E46}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{EE9F3FEB-FDBA-4C27-9D82-C6FCD3FA7D6B}" = protocol=17 | dir=in | app=d:\diablo iii\diablo iii.exe | 
"{F82BF68A-34A7-42EA-86C8-02F72652D3AA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{FB8EF71D-EFD2-4902-91E5-E128DBBA6646}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"TCP Query User{2336D76C-472D-42EA-8897-40B7A30FBEB9}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | 
"TCP Query User{31224771-D4D4-4C00-99E0-440410961293}D:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\warcraft iii\war3.exe | 
"TCP Query User{41F76AFA-38E0-4A32-8CD7-986AB2FCAA3E}D:\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{4EC7F1B9-3D47-4232-9F95-15963321C5D2}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 
"TCP Query User{69FEAB70-0EBB-4205-A922-778298DC6506}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | 
"TCP Query User{843696ED-8C08-4D91-94F6-C60520695534}C:\users\nelda\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\nelda\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{8BB6F91F-DD1F-4E80-A9F3-1024E769C61B}D:\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base21029\sc2.exe | 
"TCP Query User{9083F869-84EB-4142-B7C5-10E98849DEDF}D:\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base23260\sc2.exe | 
"TCP Query User{93C343A4-EE03-4952-9887-7D23F616AC33}D:\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base19679\sc2.exe | 
"TCP Query User{9600C3C8-9B70-4979-97D8-6FB338524E79}D:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=d:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"TCP Query User{A87CD171-CE4C-442A-BBA5-3CAE02C52945}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"TCP Query User{A9C7E06B-84ED-409E-AD31-1F9E7304A297}C:\users\nelda\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\nelda\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{AAEBF85A-9103-4869-88D2-E2B62CB3558D}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | 
"TCP Query User{B000680D-CAC1-4CB7-881D-3A443385B575}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | 
"TCP Query User{B371044E-45BF-4D43-9DB3-232192AB897B}D:\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base22612\sc2.exe | 
"TCP Query User{B403E4C2-9D0C-4AF7-B393-AF2F2029D109}D:\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base23260\sc2.exe | 
"TCP Query User{B8DA8F34-13CC-4F49-920C-9AC595A6D51F}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{B9229FE1-581E-4D6C-B5E2-5FCDA1DAB860}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe | 
"TCP Query User{C580D20B-30AD-43FE-B75A-0F53B8E517F7}C:\program files (x86)\plex\plex media center\plex.exe" = protocol=6 | dir=in | app=c:\program files (x86)\plex\plex media center\plex.exe | 
"TCP Query User{D0715A0B-891E-400E-AFE9-C839010524CC}D:\steam\steamapps\common\magic the gathering tactics\mtgtactics.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\magic the gathering tactics\mtgtactics.exe | 
"TCP Query User{DA82BE96-BAFE-4B9C-9FCB-C7025B14BB8F}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"TCP Query User{EF5D845F-4D60-4997-8054-9A8F36C9ECF3}D:\steam\steamapps\centuck\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\centuck\team fortress 2\hl2.exe | 
"TCP Query User{F30A0323-A105-43EF-A000-45AC245A34F9}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{0482ACF2-7793-463B-8A7B-57EF64D5ADEC}C:\program files (x86)\plex\plex media center\plex.exe" = protocol=17 | dir=in | app=c:\program files (x86)\plex\plex media center\plex.exe | 
"UDP Query User{191C26E5-CCFA-4A65-942F-B93A1A832178}D:\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base23260\sc2.exe | 
"UDP Query User{223AA0D0-C920-4DFE-A6D7-321793B40704}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | 
"UDP Query User{2D965909-78C5-4EF4-8CE7-69D4BA742B9B}D:\steam\steamapps\centuck\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\centuck\team fortress 2\hl2.exe | 
"UDP Query User{33ECF60E-AF80-4FE6-8D02-B1FF1DA4713D}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"UDP Query User{387E85FB-9173-40A5-91A8-97522318C61A}C:\users\nelda\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\nelda\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{3A3E8BFC-35CE-4AB1-B0DC-D23424487298}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{4BF8C52C-92A0-49C7-B7DF-683A5C80CDE7}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | 
"UDP Query User{4CFF4AC2-F169-4AB1-8960-C5798558C8E4}D:\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base22612\sc2.exe | 
"UDP Query User{4D563652-5DAB-4976-8DC6-7B58AE41BF4E}D:\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base19679\sc2.exe | 
"UDP Query User{5A354A23-45B4-42F0-A5BE-3B556FE4FACB}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe | 
"UDP Query User{5E88BFDD-9AFE-4AFB-B293-FF03367BE45F}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 
"UDP Query User{6BE35F36-3C3C-4436-9E5C-97441914C1B2}D:\steam\steamapps\common\magic the gathering tactics\mtgtactics.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\magic the gathering tactics\mtgtactics.exe | 
"UDP Query User{79DA97E7-0311-4101-9A51-A47EE4C3D8F8}D:\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base23260\sc2.exe | 
"UDP Query User{89C3C464-2ECA-4404-8514-D8230BB1A50B}D:\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{8F4730E2-A1DF-46EE-B710-4486EF90F681}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{8F778718-E885-4D89-ADAD-3E31FFD1B314}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{92AC93DA-7AF4-4017-B541-44AE3F9FF046}D:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=d:\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"UDP Query User{9D054D73-DF6B-4CCD-A16A-340B75AFECE1}D:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\warcraft iii\war3.exe | 
"UDP Query User{BAF5100C-AC60-4E92-8391-A9EED43F6C13}D:\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{EF25999F-4D4C-41FA-8834-30C208D8E215}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | 
"UDP Query User{F0A2F84D-9456-42F9-A950-15FBEE22EE01}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | 
"UDP Query User{F79A3851-CC82-472D-84B1-2E6047AD2B64}C:\users\nelda\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\nelda\appdata\local\akamai\netsession_win.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{08347912-0AA5-C85E-BC02-416568E741B4}" = AMD Drag and Drop Transcoding
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center
"{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FE78439-7CAA-45FE-A808-2D7A0FC98643}" = iTunes
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English
"{D5558268-0050-4B95-AD5E-426960E1EFE1}" = Intel® Network Connections 15.3.68.0
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}" = Microsoft Device Emulator (64 bit) version 3.0 - ENU
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"Lexmark 3300 Series" = Lexmark 3300 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"PROSetDX" = Intel® Network Connections 15.3.68.0
"WinRAR archiver" = WinRAR 4.01 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{C00A9857-850C-4C68-A583-2EF4F24706F5}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90849E84-F026-4638-A184-E6FCFD472C34}" = Brother P-touch Software
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.1 HD Edition
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.4
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2023017-DEE4-44F7-8A71-CA6084BF534C}" = Brother P-touch Address Book 1.1
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEDDF868-E272-47E9-A8EA-E5CC7B179077}" = Brother QL-570 User's Guide
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder™ Mouse
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Google Chrome Frame" = Google Chrome Frame
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"InstallShield_{B2023017-DEE4-44F7-8A71-CA6084BF534C}" = Brother P-touch Address Book 1.1
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"InstallShield_{DEDDF868-E272-47E9-A8EA-E5CC7B179077}" = Brother QL-570 User's Guide
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"PowerISO" = PowerISO
"StarCraft II" = StarCraft II
"Steam App 570" = Dota 2
"uTorrent" = µTorrent
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.1.11
"Warcraft II BNE" = Warcraft II BNE
"Warcraft III" = Warcraft III
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3190942660-1574409567-1745578382-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
"Warcraft III" = Warcraft III: All Products
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/17/2013 11:17:34 PM | Computer Name = Nelda-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 999
 
Error - 4/17/2013 11:17:35 PM | Computer Name = Nelda-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 4/17/2013 11:17:35 PM | Computer Name = Nelda-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1997
 
Error - 4/17/2013 11:17:35 PM | Computer Name = Nelda-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1997
 
Error - 4/17/2013 11:17:36 PM | Computer Name = Nelda-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 4/17/2013 11:17:36 PM | Computer Name = Nelda-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2995
 
Error - 4/17/2013 11:17:36 PM | Computer Name = Nelda-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2995
 
Error - 4/17/2013 11:17:37 PM | Computer Name = Nelda-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 4/17/2013 11:17:37 PM | Computer Name = Nelda-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3994
 
Error - 4/17/2013 11:17:37 PM | Computer Name = Nelda-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3994
 
[ System Events ]
Error - 3/31/2013 7:38:28 PM | Computer Name = Nelda-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
 
Error - 4/3/2013 12:03:19 PM | Computer Name = Nelda-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
 Client Service service to connect.
 
Error - 4/3/2013 12:03:19 PM | Computer Name = Nelda-PC | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
 error:   %%1053
 
Error - 4/4/2013 7:17:18 PM | Computer Name = Nelda-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
 
Error - 4/8/2013 6:42:12 AM | Computer Name = Nelda-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR6.
 
Error - 4/8/2013 6:42:12 AM | Computer Name = Nelda-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR6.
 
Error - 4/8/2013 6:42:13 AM | Computer Name = Nelda-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR6.
 
Error - 4/9/2013 3:06:57 AM | Computer Name = Nelda-PC | Source = Service Control Manager | ID = 7043
Description = The Group Policy Client service did not shut down properly after receiving
 a preshutdown control.
 
Error - 4/16/2013 3:26:05 PM | Computer Name = Nelda-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR6.
 
Error - 4/16/2013 3:30:36 PM | Computer Name = Nelda-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR7.
 
 
< End of report >

Attached Files



#9 satchfan

satchfan

  • Malware Response Team
  • 333 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:06:22 AM

Posted 19 April 2013 - 02:37 AM

P2P - I see you have P2P software, (uTorrent), installed on your machine.

 

We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

 

If your computer is infected, it almost certainly contributed to your current situation.

 

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

 

Please see this topic for more information:

 

Perils of P2P File Sharing

 

I would strongly recommend that you uninstall it now. You can do so via Control Panel, Programs, and then Programs and Features.

 

Should you decide to keep it, please don’t use it until we have finished up here.

 

===================================================

 

If you did not set this proxy remove it, (check with your Internet Provider if you are not sure):

 

IE - HKU\S-1-5-21-3190942660-1574409567-1745578382-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>;*.local

 

In Internet Explorer go to Tools, Internet Options

 

Click on the “Connections” tab then Lan Settings, remove the entry for 127.0.0.1:9421, then uncheck "Use a proxy server" and check "Automatically detect settings".

 

If you use Firefox click on Tools, Options “Advanced” tab, “Network” tab then Settings. Select the Auto-detect proxy settings for this network then click OK.

 

===================================================

 

Run RogueKiller

 

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

 

Close all running programs.

 

Download one of these to your desktop:


for a 32-bt system download this
for 64-bit use this one

  • close all running programs
  • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on Report and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

 

Please post the contents of the RKreport.txt in your next reply.

 

Satchfan


SignatureBCnoASAP.gif

 


#10 Centuck

Centuck
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 22 April 2013 - 02:38 AM

I apologize for the delay, have hardly been home but here are the results.  Also note that earlier tonight I had a strange issue where I was just browsing in google chrome and suddenly chrome kept opening various instances of itself like crazy, and then some errors popped up so I quickly powered down my machine.  But anyways, here are the results.

 

 

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Nelda [Admin rights]
Mode : Scan -- Date : 04/22/2013 01:35:27
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED] ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: ST31000528AS ATA Device +++++
--- User ---
[MBR] ec8be7ef0fd0826a2387e84425566974
[BSP] 2038c570e5d13e61b0b3eea90809b259 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: KINGSTON SNV425S264GB ATA Device +++++
--- User ---
[MBR] 46175c290234a557194b36cedf87e6f5
[BSP] 092fe5777c0750c2c99d896224b1f8f9 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 60955 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[1]_S_04222013_02d0135.txt >>
RKreport[1]_S_04222013_02d0135.txt


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,626 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:22 AM

Posted 22 April 2013 - 02:42 AM


Hello Centuck

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Centuck

Centuck
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 22 April 2013 - 10:50 PM

Below are the results.  If anything weird happens with my computer I will let you know.

 

 

ComboFix 13-04-22.01 - Nelda 22/04/2013  21:25:02.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.8182.6599 [GMT -6:00]
Running from: c:\users\Nelda\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPLBBAE.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-23 to 2013-04-23  )))))))))))))))))))))))))))))))
.
.
2013-04-23 03:28 . 2013-04-23 03:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-22 07:48 . 2013-04-22 07:48 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-04-22 07:47 . 2013-04-22 07:48 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-04-22 05:23 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2013-04-22 05:15 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-04-22 05:15 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-04-22 05:15 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-04-22 05:15 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-04-22 05:15 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-04-22 05:15 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-04-22 05:15 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-04-21 08:41 . 2013-04-10 02:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-18 07:46 . 2013-04-18 07:46 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-04-16 19:07 . 2013-04-16 19:07 -------- d-----w- C:\components
2013-04-10 14:42 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 14:42 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 14:42 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 14:42 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 14:42 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 14:42 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 14:42 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 14:42 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-10 14:42 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-04 05:46 . 2013-04-04 05:48 -------- d-----w- c:\users\Nelda\AppData\Local\SCE
2013-03-26 00:26 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-15 17:56 . 2012-04-04 18:28 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-15 17:56 . 2011-05-16 20:43 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-11 09:01 . 2010-10-28 09:24 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-04 11:35 . 2013-03-23 02:08 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-02 10:34 . 2010-10-27 14:02 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-23 02:08 . 2012-06-12 22:34 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-03-23 02:08 . 2011-11-18 22:36 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-12 05:45 . 2013-03-13 15:43 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 15:43 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 15:43 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 05:45 . 2013-03-13 15:43 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 04:48 . 2013-03-13 15:43 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 15:43 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"Akamai NetSession Interface"="c:\users\Nelda\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"uTorrent"="d:\utorrent\uTorrent.exe" [2013-04-15 802136]
"Steam"="d:\steam\Steam.exe" [2013-03-29 1631144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-29 210216]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2010-05-06 251392]
"Lycosa"="c:\program files (x86)\Razer\Lycosa\razerhid.exe" [2009-10-08 232960]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"PWRISOVM.EXE"="d:\poweriso\PWRISOVM.EXE" [2012-08-24 336992]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"AllShareAgent"="d:\allshare\AllShareAgent.exe" [2012-03-02 285072]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-18 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO 5.1 HD Edition.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2011-1-28 172544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys [2009-11-16 40144]
R3 ioatdma2;Intel® QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys [2009-11-16 42192]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SimpleSlideShowServer;SimpleSlideShowServer;d:\allshare\AllShareSlideShowService.exe [2012-03-02 27584]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-08 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 SamsungAllShareV2.0;Samsung AllShare PC;d:\allshare\AllShareDMS\AllShareDMS.exe [2012-03-02 25504]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2010-03-24 12032]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2010-04-06 301232]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2009-09-30 20352]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ   Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 19:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 17:56]
.
2013-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-17 00:00]
.
2013-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-17 00:00]
.
2013-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3190942660-1574409567-1745578382-1000Core.job
- c:\users\Nelda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-23 00:00]
.
2013-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3190942660-1574409567-1745578382-1000UA.job
- c:\users\Nelda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-23 00:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-04-27 7743008]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-27 1833504]
"LXCCCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCCtime.dll" [2007-02-22 28672]
"lxccmon.exe"="c:\program files (x86)\Lexmark 3300 Series\lxccmon.exe" [2007-05-11 205744]
"EzPrint"="c:\program files (x86)\Lexmark 3300 Series\ezprint.exe" [2007-05-11 103344]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 142.165.21.5 142.165.200.5
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\p*]
"DFC90B5F2B0FFA63D84FD16F6BF37C4B"="02:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2639327\\"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-22  21:29:49
ComboFix-quarantined-files.txt  2013-04-23 03:29
.
Pre-Run: 783,454,208 bytes free
Post-Run: 2,786,398,208 bytes free
.
- - End Of File - - 77F387D7522CD3785BAF88D164F8817A
 

 

Attached Files

  • Attached File  log.txt   17.13KB   1 downloads


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,626 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:22 AM

Posted 22 April 2013 - 11:12 PM


Hello Centuck

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Centuck

Centuck
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 23 April 2013 - 02:15 AM

Well one issue with my computer that just popped up recently is I get this error

(

Microsoft .NET Framework

"Unhandled exception has occurred in your application.  If you click Continue, the application will ignore this error and attempt to continue.  If you click Quit, the application will close immediately.

 

Could not load file or assembly "System.Data.SqlServerCe.Version=3.5.1.0Culture=neutral. PublicKeyToken=89845dcd8080cc91' or one of its dependencies.  The system cannot find the file specified.

)

when I try to shut down my computer.  I recently uninstalled microsoft visual studio 2008.  However when you uninstall this, it only uninstalls Visual Studio and not the other bunch of things it installs when visual studio installs.  So I manually uninstalled them from the programs list and now I get this error when I try to shut down my computer.  I believe it is because I have uninstalled the program/file it is looking for but I don't know why its trying to run at that point in time anyway.  Its not a serious issue just an annoying one.  Anyways,  below are the results of Combo Fix.

 

 

ComboFix 13-04-23.02 - Nelda 23/04/2013   1:01.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.8182.6139 [GMT -6:00]
Running from: c:\users\Nelda\Desktop\ComboFix.exe
Command switches used :: c:\users\Nelda\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-23 to 2013-04-23  )))))))))))))))))))))))))))))))
.
.
2013-04-23 07:04 . 2013-04-23 07:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-23 03:47 . 2013-04-10 02:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6DE72621-E49A-4B1C-8003-65C0FCE32229}\mpengine.dll
2013-04-22 07:48 . 2013-04-22 07:48 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-04-22 07:47 . 2013-04-22 07:48 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-04-22 05:23 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2013-04-22 05:15 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-04-22 05:15 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-04-22 05:15 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-04-22 05:15 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-04-22 05:15 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-04-22 05:15 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-04-22 05:15 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-04-21 08:41 . 2013-04-10 02:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-18 07:46 . 2013-04-18 07:46 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-04-16 19:07 . 2013-04-16 19:07 -------- d-----w- C:\components
2013-04-10 14:42 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 14:42 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 14:42 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 14:42 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 14:42 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 14:42 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 14:42 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 14:42 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-10 14:42 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-04 05:46 . 2013-04-04 05:48 -------- d-----w- c:\users\Nelda\AppData\Local\SCE
2013-03-26 00:26 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-15 17:56 . 2012-04-04 18:28 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-15 17:56 . 2011-05-16 20:43 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-11 09:01 . 2010-10-28 09:24 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-04 11:35 . 2013-03-23 02:08 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-02 10:34 . 2010-10-27 14:02 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-23 02:08 . 2012-06-12 22:34 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-03-23 02:08 . 2011-11-18 22:36 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-12 05:45 . 2013-03-13 15:43 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 15:43 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 15:43 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 05:45 . 2013-03-13 15:43 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 04:48 . 2013-03-13 15:43 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 15:43 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"Akamai NetSession Interface"="c:\users\Nelda\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"uTorrent"="d:\utorrent\uTorrent.exe" [2013-04-15 802136]
"Steam"="d:\steam\Steam.exe" [2013-03-29 1631144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-29 210216]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2010-05-06 251392]
"Lycosa"="c:\program files (x86)\Razer\Lycosa\razerhid.exe" [2009-10-08 232960]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"PWRISOVM.EXE"="d:\poweriso\PWRISOVM.EXE" [2012-08-24 336992]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"AllShareAgent"="d:\allshare\AllShareAgent.exe" [2012-03-02 285072]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-18 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO 5.1 HD Edition.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2011-1-28 172544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys [2009-11-16 40144]
R3 ioatdma2;Intel® QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys [2009-11-16 42192]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SimpleSlideShowServer;SimpleSlideShowServer;d:\allshare\AllShareSlideShowService.exe [2012-03-02 27584]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-08 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 SamsungAllShareV2.0;Samsung AllShare PC;d:\allshare\AllShareDMS\AllShareDMS.exe [2012-03-02 25504]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2010-03-24 12032]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2010-04-06 301232]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2009-09-30 20352]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ   Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 19:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 17:56]
.
2013-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-17 00:00]
.
2013-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-17 00:00]
.
2013-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3190942660-1574409567-1745578382-1000Core.job
- c:\users\Nelda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-23 00:00]
.
2013-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3190942660-1574409567-1745578382-1000UA.job
- c:\users\Nelda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-23 00:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-04-27 7743008]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-27 1833504]
"LXCCCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCCtime.dll" [2007-02-22 28672]
"lxccmon.exe"="c:\program files (x86)\Lexmark 3300 Series\lxccmon.exe" [2007-05-11 205744]
"EzPrint"="c:\program files (x86)\Lexmark 3300 Series\ezprint.exe" [2007-05-11 103344]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 142.165.21.5 142.165.200.5
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\p*]
"DFC90B5F2B0FFA63D84FD16F6BF37C4B"="02:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2639327\\"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-23  01:05:48
ComboFix-quarantined-files.txt  2013-04-23 07:05
ComboFix2.txt  2013-04-23 03:29
.
Pre-Run: 2,794,975,232 bytes free
Post-Run: 2,508,013,568 bytes free
.
- - End Of File - - D24C8140122C2869D17D68E2D34C3D1B
 

 



#15 Centuck

Centuck
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 24 April 2013 - 11:30 PM

Bumping Topic






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users