Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

wow.dll


  • This topic is locked This topic is locked
6 replies to this topic

#1 Alohakakou

Alohakakou

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 18 April 2013 - 02:35 AM

I can't seem to track down where the call is coming from for wow.dll. I get a message on startup: C:\Users\User\AppData\Local\Temp\sxmretq\sbdpwsu\wow.dll.

I've searched the registry, disabled startup items in msconfig, scanned with many different antiviruses. During scanning, a trojan was found and deleted, along with spyware. I'm attaching the hjt log. Thanks for any help.



BC AdBot (Login to Remove)

 


#2 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 302 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:07:07 AM

Posted 18 April 2013 - 06:06 AM

Hy
my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully. :spacer:
:spacer:
:spacer:
  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • I am currently visiting an evening school and working nightshift only which might be evening for you. In this time I am mostly online with my mobile devices and won't be able to reply.
:spacer:
:spacer:
:spacer:
Download OTL to your Desktop.
  • Double click on the icon to run it.
  • Under the Custom.jpg box paste this in
  • activex
    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.
    %PROGRAMFILES%\*.exe
    %LOCALAPPDATA%\*.exe
    %systemroot%\*. /mp /s
    %windir%\installer\*. /5
    %localappdata%\*. /5
    /md5start
    services.exe
    user32.dll
    /md5stop
    CREATERESTOREPOINT
    
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please post both logfiles in your next reply.

Edited by Larusso, 18 April 2013 - 06:14 AM.

regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#3 Alohakakou

Alohakakou
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 18 April 2013 - 06:18 PM

Here are the contents of both files:

 

OTL logfile created on: 4/18/2013 11:38:32 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lionel\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.90 Gb Total Physical Memory | 6.20 Gb Available Physical Memory | 78.52% Memory free
15.79 Gb Paging File | 13.96 Gb Available in Paging File | 88.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 679.00 Gb Total Space | 586.47 Gb Free Space | 86.37% Space Free | Partition Type: NTFS
Drive D: | 4.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: CHANCEYAGI-PC | User Name: Chance Yagi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/04/18 11:37:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lionel\Downloads\OTL.exe
PRC - [2013/04/08 22:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/03/18 03:25:46 | 001,236,336 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2013/03/18 03:25:44 | 018,828,128 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
PRC - [2013/01/31 05:11:58 | 000,542,632 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012/12/18 09:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011/10/01 06:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 06:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/04/08 22:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/08 22:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/08 22:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013/04/08 22:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013/04/08 22:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/12/25 19:49:36 | 000,151,648 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
SRV:64bit: - [2011/06/09 11:01:00 | 000,555,392 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2010/11/29 10:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010/11/11 09:00:32 | 000,467,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/11/11 09:00:32 | 000,306,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2010/11/11 08:59:36 | 008,251,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/09/22 13:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 16:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 15:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/18 03:25:46 | 001,236,336 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/12/18 09:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2012/07/13 10:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/01 06:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 06:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/18 06:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Disabled | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/05/20 06:16:10 | 000,146,592 | ---- | M] (Atheros) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011/05/20 06:15:20 | 000,080,032 | ---- | M] (Atheros Commnucations) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/12/20 13:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 13:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/08/25 15:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/08/04 12:44:24 | 000,266,240 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2010/03/22 18:05:40 | 000,960,992 | ---- | M] (Atheros Communications, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 11:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 10:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/04/14 19:17:13 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/02/11 12:28:41 | 000,038,456 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiark.sys -- (gfiark)
DRV:64bit: - [2012/12/13 10:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/12 20:19:38 | 000,082,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2012/09/03 19:50:20 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020200}_0)
DRV:64bit: - [2012/08/21 10:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 20:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/16 02:58:29 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/16 02:58:29 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/01 06:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 06:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 06:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 06:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/01 13:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 16:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/07/20 03:39:58 | 012,287,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/12 17:22:50 | 002,727,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/05/20 17:15:34 | 000,282,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/05/20 06:15:34 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/05/20 06:15:34 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/05/20 06:15:34 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/05/20 06:15:34 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/05/20 06:15:34 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/05/20 06:15:32 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/05/12 22:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/02/10 12:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 12:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/20 06:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011/01/12 15:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/01 06:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/11/30 12:02:54 | 000,412,264 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/29 10:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/20 17:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 17:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 17:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 14:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 14:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/10/13 02:12:04 | 001,244,224 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2010/10/10 23:11:00 | 001,924,096 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2010/02/27 05:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/07/13 15:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 15:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 15:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 10:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 10:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 10:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 10:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/06 16:08:46 | 001,077,760 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AGUx64.sys -- (A5AGU)
DRV:64bit: - [2008/05/15 00:28:00 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2007/01/19 16:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV:64bit: - [2006/11/01 07:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 15:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B56E2DE5-15DE-4C25-8BD1-EA58D472B53D}
IE:64bit: - HKLM\..\SearchScopes\{B56E2DE5-15DE-4C25-8BD1-EA58D472B53D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{B56E2DE5-15DE-4C25-8BD1-EA58D472B53D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 
IE - HKCU\..\SearchScopes,DefaultScope = {77673C11-0FA3-4D33-92EF-E0D10ADF169F}
IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.gamesagogo.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
IE - HKCU\..\SearchScopes\{99969822-025D-430B-86E9-D939407318A2}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120206,17118,0,18,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Chance Yagi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
 
 
[2013/03/30 23:52:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Chance Yagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Chance Yagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Chance Yagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Chance Yagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Chance Yagi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/04/17 18:42:25 | 000,000,019 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Qwiklinx) - {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\Chance Yagi\AppData\Roaming\Qwiklinx\Qwiklinx.dll (Qwiklinx, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\RunOnce: [SpUninstallCleanUp] REG delete HKEY_CURRENT_USER\Software\SearchProtect /f File not found
O4 - HKLM..\RunOnce: [SpybotSnD] C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
O4 - HKCU..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f File not found
O4 - HKCU..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1E069D0-DF80-4D39-AC75-980DF9E666B6}: DhcpNameServer = 216.136.95.2 66.132.94.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CDAD6DF1-7B78-4D6F-B834-A8568265DAB2}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - 
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNA1100 Smart Wizard.lnk - C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe - ()
MsConfig:64bit - StartUpReg: AccuWeatherWidget - hkey= - key= - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ApnUpdater - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Apoint - hkey= - key= - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: AthBtTray - hkey= - key= - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
MsConfig:64bit - StartUpReg: AtherosBtStack - hkey= - key= - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
MsConfig:64bit - StartUpReg: Dell DataSafe Online - hkey= - key= - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
MsConfig:64bit - StartUpReg: Dell Webcam Central - hkey= - key= - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
MsConfig:64bit - StartUpReg: DW7 - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: EEventManager - hkey= - key= - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
MsConfig:64bit - StartUpReg: EPLTarget - hkey= - key= - Reg Error: Value error. File not found
MsConfig:64bit - StartUpReg: Facebook Update - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: HotKeysCmds - hkey= - key= - C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: IgfxTray - hkey= - key= - C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: IntelliPoint - hkey= - key= - c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: IntelTBRunOnce - hkey= - key= - C:\Windows\SysNative\wscript.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: jswtrayutil - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: LTCM Client - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Persistence - hkey= - key= - C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: QuickSet - hkey= - key= - c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
MsConfig:64bit - StartUpReg: RTHDVCPL - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: SearchEngineProtection - hkey= - key= - C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe (Oberon Media )
MsConfig:64bit - StartUpReg: SearchProtect - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SearchProtectAll - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Smart PC Cleaner - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SpeetItUpFree - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Zune Launcher - hkey= - key= - C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/17 18:12:23 | 000,000,000 | ---D | C] -- C:\Users\Chance Yagi\Desktop\RK_Quarantine
[2013/04/15 08:32:21 | 000,038,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfiark.sys
[2013/04/14 21:15:17 | 000,000,000 | ---D | C] -- C:\Users\Chance Yagi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/04/14 21:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/04/14 21:08:45 | 000,000,000 | ---D | C] -- C:\Users\Chance Yagi\AppData\Roaming\LavasoftStatistics
[2013/04/14 19:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2013/04/14 19:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/04/14 19:18:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013/04/14 19:18:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/04/14 19:18:22 | 000,000,000 | ---D | C] -- C:\Users\Chance Yagi\AppData\Local\adawarebp
[2013/04/14 19:18:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013/04/14 19:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2013/04/14 19:18:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013/04/14 19:17:13 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013/04/14 19:17:13 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/04/14 19:17:12 | 000,000,000 | ---D | C] -- C:\Users\Chance Yagi\AppData\Roaming\Ad-Aware Antivirus
[2013/04/14 19:04:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/04/14 18:16:27 | 000,000,000 | ---D | C] -- C:\Users\Chance Yagi\AppData\Local\temp
[2013/04/14 18:08:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/14 18:08:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/14 18:08:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/14 18:08:43 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/04/14 18:07:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/14 18:06:50 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/04/14 12:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/04/14 12:56:16 | 000,000,000 | ---D | C] -- C:\Users\Chance Yagi\AppData\Local\NPE
[2013/04/14 12:56:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/04/14 12:53:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013/04/14 12:34:55 | 000,000,000 | ---D | C] -- C:\Users\Chance Yagi\AppData\Roaming\Google
[2013/04/14 12:32:06 | 000,000,000 | ---D | C] -- C:\components
[2013/04/14 12:29:00 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/04/13 16:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2013/04/13 16:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/04/13 16:29:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2013/04/13 16:28:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2013/04/13 16:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2013/04/13 16:28:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2013/04/13 16:27:35 | 000,000,000 | ---D | C] -- C:\Users\Chance Yagi\AppData\Roaming\Auslogics
[2013/04/13 16:25:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2013/04/13 16:25:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2013/04/13 16:24:40 | 000,000,000 | ---D | C] -- C:\Users\Chance Yagi\Desktop\rkill
[2013/04/13 16:24:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/04/13 16:24:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/04/13 16:24:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/04/13 16:22:46 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/04/13 16:22:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2013/04/13 16:13:38 | 000,000,000 | R--D | C] -- C:\Users\Chance Yagi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013/04/10 07:27:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/04/10 07:27:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/04/10 07:27:13 | 000,000,000 | ---D | C] -- C:\Users\Chance Yagi\AppData\Local\Conduit
[2013/04/10 07:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/04/06 04:57:20 | 000,000,000 | ---D | C] -- C:\Users\Chance Yagi\AppData\Local\Supreme Savings
[2013/03/31 00:19:18 | 000,000,000 | ---D | C] -- C:\Users\Chance Yagi\Documents\Music
[2013/03/31 00:03:21 | 000,000,000 | ---D | C] -- C:\Users\Chance Yagi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Playtopus
[2013/03/31 00:03:17 | 000,000,000 | ---D | C] -- C:\Users\Chance Yagi\AppData\Local\Playtopus
[2013/03/31 00:00:27 | 000,000,000 | ---D | C] -- C:\Users\Chance Yagi\AppData\Roaming\Oberon Media
[2013/03/31 00:00:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberon Media
[2013/03/31 00:00:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gamesagogo_w3i
[2013/03/31 00:00:17 | 000,000,000 | ---D | C] -- C:\Users\Chance Yagi\AppData\Roaming\VisicomToolBar
[2013/03/31 00:00:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GamesBar
[2013/03/30 23:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/03/30 23:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2013/03/30 23:53:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2013/03/30 23:53:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Protector
[2013/03/30 23:53:16 | 000,000,000 | ---D | C] -- C:\Users\Chance Yagi\AppData\Local\Programs
[2013/03/30 23:53:12 | 000,019,896 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2013/03/30 23:53:12 | 000,000,000 | ---D | C] -- C:\Users\Chance Yagi\AppData\Roaming\Systweak
[2013/03/30 23:53:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013/03/30 23:53:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013/03/30 23:52:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/30 23:52:35 | 000,000,000 | ---D | C] -- C:\Users\Chance Yagi\AppData\Roaming\Qwiklinx
[2013/03/30 23:52:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Qwiklinx
[2013/03/26 03:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/18 11:36:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/18 11:19:17 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/18 11:19:17 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/18 11:18:16 | 000,779,788 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/18 11:18:16 | 000,660,770 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/18 11:18:16 | 000,121,408 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/18 11:12:37 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/04/18 11:12:36 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/18 11:12:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/18 11:11:57 | 2064,252,927 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/17 18:42:25 | 000,000,019 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/04/14 21:15:17 | 000,001,266 | ---- | M] () -- C:\Users\Chance Yagi\Desktop\Revo Uninstaller.lnk
[2013/04/14 19:17:13 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/04/14 18:08:33 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/04/14 12:58:00 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/04/14 12:54:41 | 000,001,248 | ---- | M] () -- C:\Users\Chance Yagi\Desktop\Auslogics Disk Defrag.lnk
[2013/04/13 16:29:28 | 000,001,260 | ---- | M] () -- C:\Users\Chance Yagi\Desktop\Spybot - Search & Destroy.lnk
[2013/04/13 16:26:28 | 000,002,281 | ---- | M] () -- C:\Users\Chance Yagi\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/13 16:25:30 | 000,001,283 | ---- | M] () -- C:\Users\Chance Yagi\Desktop\Auslogics Registry Cleaner.lnk
[2013/04/13 16:24:21 | 000,002,257 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/13 16:13:57 | 000,000,588 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2013/04/13 09:36:50 | 000,000,000 | ---- | M] () -- C:\END
[2013/04/10 02:33:23 | 000,417,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/06 04:57:06 | 000,002,333 | ---- | M] () -- C:\Users\Chance Yagi\Desktop\Continue SweetIM installation.lnk
[2013/04/05 03:38:31 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/04/05 03:38:30 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/03/31 00:30:02 | 000,000,839 | ---- | M] () -- C:\Users\Chance Yagi\Desktop\Chance - Shortcut.lnk
[2013/03/26 03:38:57 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
 
========== Files Created - No Company Name ==========
 
[2013/04/14 19:18:43 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/04/14 18:08:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/14 18:08:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/14 18:08:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/14 18:08:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/14 18:08:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/14 12:58:00 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/04/14 12:58:00 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/04/14 12:54:41 | 000,001,248 | ---- | C] () -- C:\Users\Chance Yagi\Desktop\Auslogics Disk Defrag.lnk
[2013/04/14 12:53:39 | 000,001,266 | ---- | C] () -- C:\Users\Chance Yagi\Desktop\Revo Uninstaller.lnk
[2013/04/13 16:29:28 | 000,001,260 | ---- | C] () -- C:\Users\Chance Yagi\Desktop\Spybot - Search & Destroy.lnk
[2013/04/13 16:25:30 | 000,001,283 | ---- | C] () -- C:\Users\Chance Yagi\Desktop\Auslogics Registry Cleaner.lnk
[2013/04/13 16:24:21 | 000,002,281 | ---- | C] () -- C:\Users\Chance Yagi\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/13 16:24:21 | 000,002,257 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/10 07:49:23 | 000,000,588 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2013/04/06 04:57:06 | 000,002,333 | ---- | C] () -- C:\Users\Chance Yagi\Desktop\Continue SweetIM installation.lnk
[2013/04/05 03:38:31 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/04/05 03:38:30 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/03/31 00:30:02 | 000,000,839 | ---- | C] () -- C:\Users\Chance Yagi\Desktop\Chance - Shortcut.lnk
[2013/03/30 23:53:38 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe
[2013/03/30 23:52:55 | 000,000,000 | ---- | C] () -- C:\END
[2013/03/26 03:38:57 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/12/25 21:26:24 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012/12/25 19:48:01 | 000,000,094 | ---- | C] () -- C:\Windows\EART730.ini
[2011/11/25 19:19:50 | 000,014,336 | ---- | C] () -- C:\Users\Chance Yagi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/16 02:43:57 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/10/16 02:43:54 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/10/16 02:43:53 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/10/16 02:43:51 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/10/16 02:43:50 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/10/16 01:31:37 | 000,017,776 | ---- | C] () -- C:\Windows\EvtMessage.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 18:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 19:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 15:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 17:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 15:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/04/01 14:05:41 | 000,000,000 | ---D | M] -- C:\Users\Chance Yagi\AppData\Roaming\.minecraft
[2013/04/14 19:21:39 | 000,000,000 | ---D | M] -- C:\Users\Chance Yagi\AppData\Roaming\Ad-Aware Antivirus
[2013/04/14 12:55:23 | 000,000,000 | ---D | M] -- C:\Users\Chance Yagi\AppData\Roaming\Auslogics
[2012/12/25 20:32:05 | 000,000,000 | ---D | M] -- C:\Users\Chance Yagi\AppData\Roaming\Epson
[2011/11/25 17:17:53 | 000,000,000 | ---D | M] -- C:\Users\Chance Yagi\AppData\Roaming\Fingertapps
[2012/12/25 20:32:05 | 000,000,000 | ---D | M] -- C:\Users\Chance Yagi\AppData\Roaming\Leader Technologies
[2011/11/25 17:17:37 | 000,000,000 | ---D | M] -- C:\Users\Chance Yagi\AppData\Roaming\Leadertech
[2013/03/31 00:00:27 | 000,000,000 | ---D | M] -- C:\Users\Chance Yagi\AppData\Roaming\Oberon Media
[2012/11/04 21:06:05 | 000,000,000 | ---D | M] -- C:\Users\Chance Yagi\AppData\Roaming\PCDr
[2013/03/30 23:52:41 | 000,000,000 | ---D | M] -- C:\Users\Chance Yagi\AppData\Roaming\Qwiklinx
[2012/12/25 20:40:40 | 000,000,000 | ---D | M] -- C:\Users\Chance Yagi\AppData\Roaming\SoftGrid Client
[2013/04/14 12:32:26 | 000,000,000 | ---D | M] -- C:\Users\Chance Yagi\AppData\Roaming\Systweak
[2011/11/25 18:04:05 | 000,000,000 | ---D | M] -- C:\Users\Chance Yagi\AppData\Roaming\TP
[2013/03/31 00:00:17 | 000,000,000 | ---D | M] -- C:\Users\Chance Yagi\AppData\Roaming\VisicomToolBar
[2012/02/13 13:15:06 | 000,000,000 | ---D | M] -- C:\Users\Chance Yagi\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013/04/14 19:04:45 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011/10/16 01:52:20 | 000,000,000 | ---D | M] -- C:\apps
[2013/04/14 18:16:27 | 000,000,000 | ---D | M] -- C:\ComboFix
[2013/04/14 12:32:06 | 000,000,000 | ---D | M] -- C:\components
[2011/11/26 07:47:19 | 000,000,000 | ---D | M] -- C:\Dell
[2009/07/13 19:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011/10/16 02:44:59 | 000,000,000 | ---D | M] -- C:\Drivers
[2011/10/16 01:29:51 | 000,000,000 | ---D | M] -- C:\Intel
[2012/09/24 23:23:27 | 000,000,000 | R--D | M] -- C:\MSOCache
[2009/07/13 17:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013/04/14 18:08:28 | 000,000,000 | ---D | M] -- C:\Program Files
[2013/04/14 19:18:40 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013/04/14 21:09:30 | 000,000,000 | ---D | M] -- C:\ProgramData
[2013/04/14 18:16:27 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011/11/25 17:19:23 | 000,000,000 | -HSD | M] -- C:\System Recovery
[2013/04/18 11:40:07 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/01/03 21:16:34 | 000,000,000 | ---D | M] -- C:\Temp
[2012/01/06 20:41:21 | 000,000,000 | ---D | M] -- C:\Users
[2013/04/14 18:15:12 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %windir%\installer\*. /5 >
[2013/04/14 12:58:00 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}
[2013/04/14 18:08:27 | 000,000,000 | ---D | M] -- C:\Windows\installer\{D954C6C2-544B-4091-A47F-11E77162883E}
[2013/04/14 19:18:43 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F075020E-43B2-4F2C-9723-C81CE162E7B6}
 
< %localappdata%\*. /5 >
[2013/04/14 19:18:24 | 000,000,000 | ---D | M] -- C:\Users\Chance Yagi\AppData\Local\adawarebp
[2013/04/14 12:34:23 | 000,000,000 | ---D | M] -- C:\Users\Chance Yagi\AppData\Local\Conduit
[2013/04/13 16:29:19 | 000,000,000 | ---D | M] -- C:\Users\Chance Yagi\AppData\Local\CrashDumps
[2013/04/14 12:34:57 | 000,000,000 | ---D | M] -- C:\Users\Chance Yagi\AppData\Local\Google
[2013/04/14 15:42:19 | 000,000,000 | ---D | M] -- C:\Users\Chance Yagi\AppData\Local\NPE
[2013/04/14 18:14:44 | 000,000,000 | ---D | M] -- C:\Users\Chance Yagi\AppData\Local\Playtopus
[2013/04/14 15:25:29 | 000,000,000 | ---D | M] -- C:\Users\Chance Yagi\AppData\Local\Supreme Savings
[2013/04/17 21:14:28 | 000,000,000 | ---D | M] -- C:\Users\Chance Yagi\AppData\Local\temp
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 15:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 15:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 15:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: USER32.DLL  >
[2010/11/20 17:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\erdnt\cache86\user32.dll
[2010/11/20 17:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 17:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/20 17:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll
[2010/11/20 17:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 17:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34
 
< End of report >
 

Extras:

 

 

OTL Extras logfile created on: 4/18/2013 11:38:32 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lionel\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.90 Gb Total Physical Memory | 6.20 Gb Available Physical Memory | 78.52% Memory free
15.79 Gb Paging File | 13.96 Gb Available in Paging File | 88.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 679.00 Gb Total Space | 586.47 Gb Free Space | 86.37% Space Free | Partition Type: NTFS
Drive D: | 4.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: CHANCEYAGI-PC | User Name: Chance Yagi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B002273-EF00-4B66-BCD4-DFDAA4EA5B57}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{0C229076-6171-433F-B409-B2AA1FA54D85}" = lport=445 | protocol=6 | dir=in | app=system | 
"{19CA045C-C00D-49AE-ABEC-4720CA0B39E6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{25CF7FB0-611A-46E3-A2AF-7C3983369AB4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2BE81790-9B1E-44D3-9B3E-6E64B8410D6C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{302D7BCA-B66F-46F0-AA5F-402F53B839CA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{31D38882-1B10-4073-A39D-8DA9614FD40D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{34A973F5-90E4-49EA-AAEF-68AD90CCA471}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3FB67B71-B4D3-48CA-9D20-62CF1F6C2491}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4569B131-98CC-4DBC-959C-024CADF85E0A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{45B9633B-8DB0-4B4E-BF22-B6F3535AC3B0}" = rport=445 | protocol=6 | dir=out | app=system | 
"{51FD9C95-6363-42AD-989C-6FEA499E7346}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5663BE0A-5C96-4596-9088-DFD52A47B011}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{58AEEB19-324B-4512-B20A-6A527FBC4DFB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7A207F2C-206C-4402-9C9E-4D64769C0C12}" = rport=137 | protocol=17 | dir=out | app=system | 
"{83224AC1-558A-462C-8397-90718412A4AE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{87A7A017-4075-4213-AF3F-D52C274BA0AA}" = lport=137 | protocol=17 | dir=in | app=system | 
"{AB25606C-69A6-46AD-9C4B-FE29FD4260AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BD1567E5-8FA9-4C0A-9065-F8B18FD6AC9A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{C38CD1D1-4334-41C6-B2D5-44E9E4EC6A49}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C8211C9D-3C8A-40B0-B8B5-F1EB1DFB9BBF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CBF04FCB-BE6A-4FCB-AA83-C1B41FCA5FB8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{D83EE583-D2D4-4E38-B0C2-C88FC06BB64C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E5C7A1F8-D1BC-44B4-B9AC-44F9D72B9401}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E6A7957D-AF09-4C07-AF06-48701B053E1E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F8B909A7-92BE-42D4-9863-EA13B5C3D46A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{086E619B-4091-4CF9-9615-56F8A2082125}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe | 
"{1DDDC150-2F7F-48DC-AE6D-4B6E36F7623F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1FE17881-6ED3-4F61-A5DE-A94CBEA8E9B2}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{2A9974D0-C2B7-4BDC-B5C3-5CC48869C61C}" = protocol=6 | dir=out | app=system | 
"{2B170AB8-2559-4570-B68D-3CF4BCFD6719}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{31552949-850C-4AC8-8AB2-3D50ADCA00B8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{32638A41-9B9E-4B64-B333-2849DD3F7CE3}" = protocol=17 | dir=in | app=c:\users\chance yagi\appdata\local\temp\diq\flashplayer_187\software\sweetipacks.exe | 
"{34D98E99-55D4-41A3-9E06-09A32CD0E2D9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{35623A6F-AAB8-4301-9D2C-DC5D70CAFC5A}" = protocol=6 | dir=in | app=c:\users\chance yagi\appdata\local\temp\diq\flashplayer_187\software\sweetipacks.exe | 
"{3B32D517-4FC5-4563-AC4D-DCC6C4E260D3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3D3C8A48-D6F5-412B-BBFA-156AA2083FF2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{424F7320-D286-4B29-80F2-218A4CC3F9F0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{48B537FD-74F1-4089-8AD3-F4B55C8CBCCC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{4B0E5954-833D-4A49-9BF8-9330B1664CD7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{502C21A1-BA18-4634-8016-7F29679C2A6F}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"{5B3D1F20-0FA8-4682-9B2E-CD2DA4E1E4F7}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | 
"{5E70AB35-9AE7-45B5-A682-E5B13CF9EEF4}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"{64EAFCDF-A2E8-4454-9EFD-DCE48BA4C543}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6BBB31C2-994D-451F-B948-7022194CE5EE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{74E5E2E9-F04D-4BFA-8ECB-AA3BB425669F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7703F5C9-2385-42F3-8273-048779D80A0B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9061213F-90CB-4601-93B0-495F7C54D332}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A00D05DD-BE00-4339-AA07-7A0558231774}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A459851E-4267-43C4-895E-68015595B569}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{AB0B8190-0683-42DB-A125-21C99F535488}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AD638FF7-E52F-4107-868B-BCB49FCB06E3}" = dir=in | app=c:\users\chance yagi\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{BA0B6670-9C3A-4E11-83A8-EFF5DF3C05FE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C5F9DFEC-6F36-4D8A-95FE-FCFE9F3B3FE3}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{C9F5996A-F487-4312-A22A-0875B64ECA37}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{CC4E6FD1-AA1B-4084-A5DB-E591D880267F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D13D5D52-1E2F-4333-BD44-06628C7310A1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D56F6597-7CEE-49AB-AD2A-EB1AFB65FB1B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{D83FC32F-616E-4373-9AEB-259F1F8539C2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{DE34A55E-6937-411C-B2D8-C7E1574F1834}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EBE0F606-CBEA-4F17-9467-256AF79CBF5E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{F75A30F0-6D62-41B8-BC4B-A3DD86A3628B}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | 
"{F827A6B9-D7F0-45E5-8033-740E1D14ADB1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FBE09D0C-5943-4027-BC6D-D978BE982C14}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{043D1744-F842-4B32-AB22-3D03DE58A741}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"TCP Query User{191B22B7-D798-4184-9288-FF52E826F7A8}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{1F14D5AB-6921-4CAF-9F12-F58E18DF1A86}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{DA51342C-401A-4B11-9D31-202EFE028D45}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADDF4B84-5D28-4EAE-8511-EF808C8BC81C}" = HP Officejet 6500 E710n-z Basic Device Software
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"EPSON Artisan 730 Series" = EPSON Artisan 730 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"PC-Doctor for Windows" = Dell Support Center
"Zune" = Zune
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator
"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Help
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2E497885-E60B-420A-832D-0148B392E058}_is1" = Qwiklinx
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{400182B4-CA55-46A9-9D88-F8413DCFB36D}" = Blio
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{80F3F10B-A177-4494-93CE-98090D819093}" = Internet Explorer Toolbar 4.7 by SweetPacks
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2AE9709-283B-4B48-AA34-729C070A62FB}" = NETGEAR WNA1100 N150 Wireless USB Adapter
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4EE51E6-2C80-4B04-BDE0-ED4E87BEFECD}_is1" = Pavtube Video Converter Ver 4.1.1.3857
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage 
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}" = Dell Stage
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F075020E-43B2-4F2C-9723-C81CE162E7B6}" = Ad-Aware Antivirus
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"Dell Webcam Central" = Dell Webcam Central
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage 
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Revo Uninstaller" = Revo Uninstaller 1.94
"SpywareBlaster_is1" = SpywareBlaster 5.0
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"ZinioReader4" = Zinio Reader 4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Playtopus" = Playtopus
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/15/2013 11:39:53 PM | Computer Name = ChanceYagi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 4/17/2013 11:51:02 PM | Computer Name = ChanceYagi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 4/18/2013 12:07:58 AM | Computer Name = ChanceYagi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 4/18/2013 12:18:55 AM | Computer Name = ChanceYagi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 4/18/2013 12:30:09 AM | Computer Name = ChanceYagi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 4/18/2013 12:37:12 AM | Computer Name = ChanceYagi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 4/18/2013 12:43:06 AM | Computer Name = ChanceYagi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 4/18/2013 2:57:10 AM | Computer Name = ChanceYagi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 4/18/2013 3:43:08 AM | Computer Name = ChanceYagi-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
 - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program 
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8.  The value "*" of 
attribute "language" in element "assemblyIdentity" is invalid.
 
Error - 4/18/2013 5:13:49 PM | Computer Name = ChanceYagi-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 5/19/2012 2:36:34 AM | Computer Name = ChanceYagi-PC | Source = MCUpdate | ID = 0
Description = 11:36:33 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
 404: The requested URL does not exist on the server.  )  
 
Error - 5/19/2012 11:58:25 PM | Computer Name = ChanceYagi-PC | Source = MCUpdate | ID = 0
Description = 8:58:21 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
 404: The requested URL does not exist on the server.  )  
 
Error - 5/20/2012 1:31:28 PM | Computer Name = ChanceYagi-PC | Source = MCUpdate | ID = 0
Description = 10:31:28 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
 404: The requested URL does not exist on the server.  )  
 
Error - 5/21/2012 1:01:12 AM | Computer Name = ChanceYagi-PC | Source = MCUpdate | ID = 0
Description = 10:01:04 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
 404: The requested URL does not exist on the server.  )  
 
Error - 5/21/2012 1:03:04 PM | Computer Name = ChanceYagi-PC | Source = MCUpdate | ID = 0
Description = 10:03:04 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
 404: The requested URL does not exist on the server.  )  
 
Error - 5/22/2012 2:47:54 AM | Computer Name = ChanceYagi-PC | Source = MCUpdate | ID = 0
Description = 11:47:50 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
 404: The requested URL does not exist on the server.  )  
 
Error - 5/22/2012 6:12:06 AM | Computer Name = ChanceYagi-PC | Source = MCUpdate | ID = 0
Description = 3:12:02 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
 404: The requested URL does not exist on the server.  )  
 
Error - 5/22/2012 12:39:56 PM | Computer Name = ChanceYagi-PC | Source = MCUpdate | ID = 0
Description = 9:39:55 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
 404: The requested URL does not exist on the server.  )  
 
Error - 5/22/2012 11:34:56 PM | Computer Name = ChanceYagi-PC | Source = MCUpdate | ID = 0
Description = 8:34:50 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
 404: The requested URL does not exist on the server.  )  
 
Error - 5/23/2012 12:52:24 PM | Computer Name = ChanceYagi-PC | Source = MCUpdate | ID = 0
Description = 9:52:23 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
 404: The requested URL does not exist on the server.  )  
 
[ System Events ]
Error - 4/18/2013 2:44:49 AM | Computer Name = ChanceYagi-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 4/18/2013 2:46:35 AM | Computer Name = ChanceYagi-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 4/18/2013 2:46:35 AM | Computer Name = ChanceYagi-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 4/18/2013 2:46:35 AM | Computer Name = ChanceYagi-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 4/18/2013 2:48:35 AM | Computer Name = ChanceYagi-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 4/18/2013 2:48:35 AM | Computer Name = ChanceYagi-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 4/18/2013 2:48:35 AM | Computer Name = ChanceYagi-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 4/18/2013 2:53:15 AM | Computer Name = ChanceYagi-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 4/18/2013 2:53:15 AM | Computer Name = ChanceYagi-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 4/18/2013 2:53:15 AM | Computer Name = ChanceYagi-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
 
< End of report >


#4 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 302 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:07:07 AM

Posted 19 April 2013 - 02:01 AM

Hy there


Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if present):
Playtopus



I see you ran ComboFix without being instructed to. I would like to quote a section of the ComboFix tutorial located here: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
 

You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.




Download ComboFix from this location:

Link 1



* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.

Edited by Larusso, 19 April 2013 - 02:02 AM.

regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#5 Alohakakou

Alohakakou
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 20 April 2013 - 11:37 PM

Sorry, somebody had suggested I run ComboFix before I contacted you. Anyway, here's the log:

 

ComboFix 13-04-20.02 - Chance Yagi 04/20/2013  18:09:44.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8086.6278 [GMT -10:00]
Running from: G:\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lionel\AppData\Roaming\adaware-installer-reboot-required.tmp
E:\Setup.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-21 to 2013-04-21  )))))))))))))))))))))))))))))))
.
.
2013-04-21 04:23 . 2013-04-21 04:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-21 04:23 . 2013-04-21 04:23 -------- d-----w- c:\users\Chance Yagi\AppData\Local\temp
2013-04-21 04:23 . 2013-04-21 04:23 -------- d-----w- c:\users\ADMINI~1\AppData\Local\temp
2013-04-21 03:57 . 2013-04-21 03:57 -------- d-----w- c:\users\Chance Yagi\AppData\Roaming\OpenCandy
2013-04-21 03:57 . 2013-04-21 03:57 -------- d-----w- c:\program files (x86)\Magical Jelly Bean
2013-04-15 18:32 . 2013-02-11 22:28 38456 ----a-w- c:\windows\system32\drivers\gfiark.sys
2013-04-15 07:09 . 2013-04-16 03:37 -------- d-----w- c:\users\Lionel\AppData\Roaming\Ad-Aware Antivirus
2013-04-15 07:09 . 2013-04-15 07:10 -------- d-----w- c:\users\Lionel\AppData\Local\adawarebp
2013-04-15 07:09 . 2013-04-15 07:09 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2013-04-15 07:08 . 2013-04-15 07:08 -------- d-----w- c:\users\Chance Yagi\AppData\Roaming\LavasoftStatistics
2013-04-15 05:18 . 2013-04-21 04:08 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2013-04-15 05:18 . 2013-04-15 05:18 -------- d-----w- c:\programdata\Lavasoft
2013-04-15 05:18 . 2013-04-15 05:18 -------- d-----w- c:\programdata\Downloaded Installations
2013-04-15 05:18 . 2013-04-15 05:18 -------- d-----w- c:\users\Chance Yagi\AppData\Local\adawarebp
2013-04-15 05:18 . 2013-04-15 05:18 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-04-15 05:18 . 2013-04-15 05:18 -------- d-----w- c:\program files (x86)\adawaretb
2013-04-15 05:18 . 2013-04-15 05:18 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2013-04-15 05:17 . 2013-04-15 05:17 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-04-15 05:17 . 2013-04-20 22:40 -------- d-----w- c:\users\Chance Yagi\AppData\Roaming\Ad-Aware Antivirus
2013-04-14 22:57 . 2013-04-14 22:57 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-04-14 22:56 . 2013-04-15 01:42 -------- d-----w- c:\users\Chance Yagi\AppData\Local\NPE
2013-04-14 22:56 . 2013-04-14 22:56 -------- d-----w- c:\programdata\Norton
2013-04-14 22:53 . 2013-04-15 07:15 -------- d-----w- c:\program files (x86)\VS Revo Group
2013-04-14 22:33 . 2013-04-14 22:33 -------- d-----w- c:\users\Lionel\AppData\Local\Google
2013-04-14 22:32 . 2013-04-14 22:32 -------- d-----w- C:\components
2013-04-14 02:29 . 2013-04-15 01:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-04-14 02:29 . 2013-04-14 02:30 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2013-04-14 02:28 . 2013-04-14 02:28 -------- d-----w- c:\programdata\Licenses
2013-04-14 02:28 . 2009-03-24 19:52 129872 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2013-04-14 02:28 . 2013-04-14 02:30 -------- d-----w- c:\program files (x86)\SpywareBlaster
2013-04-14 02:27 . 2013-04-14 22:55 -------- d-----w- c:\users\Chance Yagi\AppData\Roaming\Auslogics
2013-04-14 02:25 . 2013-04-14 22:54 -------- d-----w- c:\program files (x86)\Auslogics
2013-04-14 02:24 . 2013-04-14 02:24 -------- d-----w- c:\program files\CCleaner
2013-04-14 02:22 . 2013-04-14 02:22 -------- d-----w- c:\program files\Google
2013-04-13 23:01 . 2013-04-14 02:15 -------- d-----w- c:\users\Lionel\AppData\Local\FreeFileViewer
2013-04-10 17:27 . 2013-04-13 05:21 -------- d-----w- c:\programdata\HitmanPro
2013-04-10 17:27 . 2013-04-10 17:27 -------- d-----w- c:\program files (x86)\Conduit
2013-04-10 17:27 . 2013-04-14 22:34 -------- d-----w- c:\users\Chance Yagi\AppData\Local\Conduit
2013-04-10 17:26 . 2013-04-10 17:27 -------- d-----w- c:\programdata\Tarma Installer
2013-04-10 05:51 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-04-06 14:57 . 2013-04-15 01:25 -------- d-----w- c:\users\Chance Yagi\AppData\Local\Supreme Savings
2013-03-31 13:57 . 2013-03-31 17:30 -------- d-----w- c:\users\Lionel\AppData\Roaming\PCFixSpeed
2013-03-31 13:56 . 2013-03-31 13:56 -------- d-----w- c:\users\Lionel\AppData\Roaming\Systweak
2013-03-31 10:03 . 2013-04-15 04:14 -------- d-----w- c:\users\Chance Yagi\AppData\Local\Playtopus
2013-03-31 10:00 . 2013-03-31 10:00 -------- d-----w- c:\users\Chance Yagi\AppData\Roaming\Oberon Media
2013-03-31 10:00 . 2013-03-31 10:00 -------- d-----w- c:\programdata\Oberon Media
2013-03-31 10:00 . 2013-04-14 22:36 -------- d-----w- c:\program files (x86)\gamesagogo_w3i
2013-03-31 10:00 . 2013-03-31 10:00 -------- d-----w- c:\users\Chance Yagi\AppData\Roaming\VisicomToolBar
2013-03-31 10:00 . 2013-03-31 10:00 -------- d-----w- c:\program files (x86)\GamesBar
2013-03-31 09:58 . 2013-03-31 09:58 -------- d-----w- c:\programdata\APN
2013-03-31 09:53 . 2013-03-31 09:53 -------- d-----w- c:\programdata\Systweak
2013-03-31 09:53 . 2013-03-31 09:53 -------- d-----w- c:\program files (x86)\Advanced System Protector
2013-03-31 09:53 . 2008-11-21 07:08 16896 ----a-w- c:\windows\system32\sasnative64.exe
2013-03-31 09:53 . 2013-03-31 09:53 -------- d-----w- c:\users\Chance Yagi\AppData\Local\Programs
2013-03-31 09:53 . 2013-04-14 22:32 -------- d-----w- c:\users\Chance Yagi\AppData\Roaming\Systweak
2013-03-31 09:53 . 2012-11-05 19:50 19896 ----a-w- c:\windows\system32\roboot64.exe
2013-03-31 09:53 . 2013-03-31 09:53 -------- d-----w- c:\windows\SysWow64\searchplugins
2013-03-31 09:53 . 2013-03-31 09:53 -------- d-----w- c:\windows\SysWow64\Extensions
2013-03-31 09:52 . 2013-03-31 09:52 -------- d-----w- c:\users\Chance Yagi\AppData\Roaming\Qwiklinx
2013-03-31 09:52 . 2013-03-31 09:52 -------- d-----w- c:\program files (x86)\Qwiklinx
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-10 06:17 . 2012-01-27 20:45 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-02 10:34 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-02-12 05:45 . 2013-03-13 00:35 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 00:35 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 00:35 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 00:35 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 00:35 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 00:35 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-21 07:41 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3E7C8B5A-96AB-438F-BF9B-782400655440}]
2013-02-08 03:53 1977256 ----a-w- c:\users\Chance Yagi\AppData\Roaming\Qwiklinx\Qwiklinx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\system32\DRIVERS\AGUx64.sys [2008-08-07 1077760]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-10-11 1924096]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2010-10-13 1244224]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-29 52584]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-02-11 38456]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-09-04 25584]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-27 1255736]
R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R4 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2011-05-20 146592]
R4 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [2011-05-20 80032]
R4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-12-26 151648]
R4 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392]
R4 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2010-03-23 960992]
R4 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R4 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
R4 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2010-08-04 266240]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-04-15 14456]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-20 25312]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-05-15 26624]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-05-20 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-05-20 298656]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-05-20 29344]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-05-20 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-05-20 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-05-20 154272]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-05-21 282272]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 412264]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-14 02:24 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-18 08:26]
.
2013-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-18 08:26]
.
.
--------- X64 Entries -----------
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3287375&octid=CT3287375&SearchSource=61&CUI=UN17406185644760218&UM=2&UP=SP388FD2A0-21AB-4EA1-A5A9-7BB12C58634A
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-20  18:24:20
ComboFix-quarantined-files.txt  2013-04-21 04:24
ComboFix2.txt  2013-04-15 04:16
.
Pre-Run: 629,036,650,496 bytes free
Post-Run: 628,975,316,992 bytes free
.
- - End Of File - - 4304D2CB0E08646AAAEB6D93D74E4AC2


#6 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 302 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:07:07 AM

Posted 21 April 2013 - 05:35 AM

Hy there :)

Download & SAVE to your Desktop Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Launch RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Then Click on Scan button.
  • Wait until the Status box shows "Scan Finished".
  • Click on "delete".
  • Wait until the Status box shows "Deleting Finished".
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop.
  • Exit/Close RogueKiller.

Edited by Larusso, 21 April 2013 - 05:40 AM.

regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#7 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 302 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:07:07 AM

Posted 24 April 2013 - 01:59 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users