Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

SAME MALWARE, DIFFERENT DAY!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

SAME MALWARE, DIFFERENT DAY!

Unread postby pieronly » August 1st, 2013, 1:16 pm

computer running really slow! chrome won't load certain programs and games that previously worked fine. ie has all kinds of adware on pages and can't find the appropriate add-ons to remove. started to get it fixed on the 19th however I had to go out of town. I'm back at home now and can address the issue. I redid the dds logs and will paste them below. I also removed the utorrent thingy. I have downloaded the ckscanner and will attach the txt file from that in the next few. HELP!!!!! PLEASE!!!!!! :cry:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2
Run by Pier at 13:08:55 on 2013-08-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6052.4277 [GMT -4:00]
.
AV: AVG Anti-Virus 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\CoolPic - Fun Social Pictures\ExtensionUpdaterService.exe
C:\Users\Pier\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
C:\windows\SysWOW64\NLSSRV32.EXE
C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
C:\Program Files\WBC Engine\ExtensionUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Users\Pier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
C:\Program Files (x86)\Free Ride Games\GPlayer.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Users\Pier\AppData\Local\Strongvault Online Backup\SMessaging.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Users\Pier\AppData\Local\Apps\2.0\45Z2HCQN.VB1\Q1T6Q6KP.P15\amaz..tion_f2fa081ea2183235_0002.0000_52f6f5477bfc400b\AmazonCloudDrive.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Pier\AppData\Local\Apps\2.0\45Z2HCQN.VB1\Q1T6Q6KP.P15\amaz..tion_f2fa081ea2183235_0002.0000_52f6f5477bfc400b\LocalServiceJre\bin\AmazonCloudDriveW.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://feed.snap.do/?publisher=VertiTec ... type=ds&q={searchTerms}
uSearch Page = hxxp://feed.snap.do/?publisher=VertiTec ... type=ds&q={searchTerms}
uSearchAssistant = hxxp://feed.snap.do/?publisher=VertiTec ... type=ds&q={searchTerms}
uURLSearchHooks: {37483b40-c254-4a72-bda4-22ee90182c1e} - <orphaned>
mURLSearchHooks: {37483b40-c254-4a72-bda4-22ee90182c1e} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Download and Sa Class: {00489C73-11E8-592F-2BE0-26F3B295EDC0} - C:\ProgramData\Download and Sa\50b682c1d7158.ocx
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: WBC Engine: {14DD0E04-D4F6-45d2-A958-F361FBD4F64F} - C:\Program Files\WBC Engine\Extension32.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Ask Toolbar: {4153492D-4700-A76A-76A7-7A786E7484D7} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Pier\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
BHO: Arcadesafari BHO: {adff4c9a-4f49-4a1f-8885-360e107b7938} -
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: CoolPic - Fun Social Pictures: {FEFE89E5-A43F-4f4b-8211-B11D91D02135} - C:\Program Files\CoolPic - Fun Social Pictures\Extension32.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Ask Toolbar: {4153492D-4700-A76A-76A7-7A786E7484D7} -
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
TB: Ask Toolbar: {4153492D-4700-A76A-76A7-7A786E7484D7} -
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Spotify Web Helper] "C:\Users\Pier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
uRun: [086A4DCF811AE88EC0C344BC2F81B98B33AD05BD._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mRun: [SMessaging] C:\Users\Pier\AppData\Local\Strongvault Online Backup\SMessaging.exe
mRun: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
dRun: [SearchProtect] \SearchProtect\bin\cltmng.exe
dRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
StartupFolder: C:\Users\Pier\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AMAZON~1.LNK - C:\Users\Pier\AppData\Local\Apps\2.0\45Z2HCQN.VB1\Q1T6Q6KP.P15\amaz..tion_f2fa081ea2183235_0002.0000_52f6f5477bfc400b\AmazonCloudDrive.exe
StartupFolder: C:\Users\Pier\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.co ... 5.11.0.cab
TCP: NameServer = 192.168.15.1
TCP: Interfaces\{355EFCA5-C4FC-4EA1-A1B8-961679752C83} : DHCPNameServer = 192.168.15.1
TCP: Interfaces\{704A8E1D-32E8-43FD-B8FD-ECF54BB46EDA} : DHCPNameServer = 192.168.15.1
TCP: Interfaces\{704A8E1D-32E8-43FD-B8FD-ECF54BB46EDA}\3516378616 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{704A8E1D-32E8-43FD-B8FD-ECF54BB46EDA}\66C61636B637 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{704A8E1D-32E8-43FD-B8FD-ECF54BB46EDA}\75966496253555F53643733336 : DHCPNameServer = 192.168.15.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWOW64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: WBC Engine: {14DD0E04-D4F6-45d2-A958-F361FBD4F64F} - C:\Program Files\WBC Engine\Extension64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: CoolPic - Fun Social Pictures: {FEFE89E5-A43F-4f4b-8211-B11D91D02135} - C:\Program Files\CoolPic - Fun Social Pictures\Extension64.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\System32\CbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\System32\CbFsMntNtf3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2012-6-7 55856]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2012-8-16 30568]
R2 APNMCP;Ask Update Service;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-6-5 169640]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-6-27 173192]
R2 CoolPic - Fun Social Pictures Updater;CoolPic - Fun Social Pictures Updater;C:\Program Files\CoolPic - Fun Social Pictures\ExtensionUpdaterService.exe [2013-7-21 185856]
R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\Pier\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2013-7-21 107520]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-9 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-9 682344]
R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2013-4-30 230408]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2013-4-30 70152]
R2 PGMTrusted;PGMTrusted;C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [2012-10-31 519920]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-8-23 2148216]
R2 WBC Engine Updater;WBC Engine Updater;C:\Program Files\WBC Engine\ExtensionUpdaterService.exe [2013-7-21 185856]
R2 X5XSEx_Pr143;X5XSEx_Pr143;C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.sys [2013-5-12 56136]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\System32\drivers\btath_flt.sys [2011-5-20 36000]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\drivers\btath_a2dp.sys [2011-5-20 298656]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\System32\drivers\btath_bus.sys [2011-5-20 29344]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\drivers\btath_hcrp.sys [2011-5-20 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\drivers\btath_lwflt.sys [2011-5-20 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\drivers\btath_rcp.sys [2011-5-20 154272]
R3 BtFilter;BtFilter;C:\windows\System32\drivers\btfilter.sys [2011-5-20 282272]
R3 cbfs3;EldoS Callback File System driver v3;C:\windows\System32\drivers\cbfs3.sys [2013-1-24 352144]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2012-6-7 176096]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-6-7 317440]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-12-9 24176]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-7-4 11880]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 CleanMyPCService;CleanMyPC Watcher;C:\Program Files\CleanMyPC\CleanMyPCService.exe --> C:\Program Files\CleanMyPC\CleanMyPCService.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DefaultTabSearch;DefaultTabSearch;C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [2013-5-30 573952]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-11-26 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-6-7 250984]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-11-26 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-11-26 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-8-4 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-11-13 14544]
S4 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-6-7 89600]
S4 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2011-5-20 146592]
S4 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2011-5-20 80032]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-7 13336]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S4 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
S4 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S4 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-6-7 1695040]
S4 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-6-7 2656280]
S4 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112]
S4 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-6-14 109064]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-07-28 19:42:51 193296 ----a-w- C:\windows\SysWow64\mci32.ocx
2013-07-28 19:42:50 212240 ----a-w- C:\windows\SysWow64\richtx32.ocx
2013-07-28 19:42:50 209608 ----a-w- C:\windows\SysWow64\tabctl32.ocx
2013-07-28 19:42:50 200704 ----a-w- C:\windows\SysWow64\THREED32.OCX
2013-07-28 19:42:48 -------- d-----w- C:\Program Files (x86)\The Holy Bible
2013-07-28 19:40:53 29696 ----a-w- C:\windows\SysWow64\VB5StKit.dll
2013-07-28 19:40:52 71680 ----a-w- C:\windows\ST5UNST.EXE
2013-07-28 19:40:50 1355776 ----a-w- C:\windows\SysWow64\MSVBVM50.dll
2013-07-28 19:36:59 -------- d-----w- C:\Users\Pier\New folder
2013-07-25 22:11:13 -------- d-----w- C:\Users\Pier\AppData\Roaming\Blio
2013-07-25 20:11:33 -------- d-----w- C:\Program Files (x86)\Coupons
2013-07-22 15:35:07 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-22 06:28:15 -------- d-----w- C:\Users\Pier\AppData\Roaming\WeatherLord
2013-07-22 06:28:15 -------- d-----w- C:\ProgramData\WeatherLord
2013-07-22 03:54:06 -------- d-----w- C:\Users\Pier\AppData\Roaming\HipSoft
2013-07-22 03:50:34 -------- d-----w- C:\Program Files (x86)\Green City 2
2013-07-22 03:49:05 -------- d-----w- C:\Program Files (x86)\Build-a-Lot - Mysteries
2013-07-21 22:23:00 -------- d-----w- C:\ProgramData\Melesta
2013-07-21 18:34:01 -------- d-----w- C:\Program Files (x86)\DefaultTab
2013-07-21 18:33:53 -------- d-----w- C:\Users\Pier\AppData\Roaming\DefaultTab
2013-07-21 18:33:13 -------- d-----w- C:\Program Files\WBC Engine
2013-07-21 18:32:39 -------- d-----w- C:\Program Files\CoolPic - Fun Social Pictures
2013-07-20 19:17:45 -------- d-----w- C:\Users\Pier\AppData\Local\DriverTuner
2013-07-20 19:17:30 -------- d-----w- C:\Program Files (x86)\DriverTuner
2013-07-13 16:45:41 -------- d-----w- C:\Program Files (x86)\Blinkx
2013-07-12 19:33:07 -------- d-----w- C:\Users\Pier\AppData\Roaming\RealNetworks
2013-07-12 19:32:03 -------- d-----w- C:\Program Files (x86)\RealNetworks
2013-07-12 19:31:59 -------- d-----w- C:\ProgramData\RealNetworks
2013-07-12 19:31:40 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2013-07-12 19:30:36 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll
2013-07-12 19:30:36 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2013-07-11 06:28:54 -------- d-----w- C:\Program Files (x86)\VIO Player
2013-07-11 06:23:07 -------- d-----w- C:\Program Files (x86)\FLV Media Player
2013-07-11 05:28:43 -------- d-----w- C:\ProgramData\StarApp
2013-07-11 05:17:41 -------- d-----w- C:\Users\Pier\AppData\Local\emaze
2013-07-11 04:32:10 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-11 04:32:10 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-11 04:32:10 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-11 04:32:10 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-11 04:32:09 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-11 04:32:09 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-11 04:32:08 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-11 04:32:05 624128 ----a-w- C:\windows\System32\qedit.dll
2013-07-11 04:32:04 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2013-07-11 04:32:02 1887744 ----a-w- C:\windows\System32\WMVDECOD.DLL
2013-07-11 04:32:02 1620480 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2013-07-11 04:27:15 3153920 ----a-w- C:\windows\System32\win32k.sys
2013-07-11 04:26:52 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-11 04:26:52 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-11 04:26:52 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-11 04:26:52 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 04:26:51 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 04:24:03 1643520 ----a-w- C:\windows\System32\DWrite.dll
2013-07-11 04:24:02 1247744 ----a-w- C:\windows\SysWow64\DWrite.dll
2013-07-09 00:56:45 -------- d-----w- C:\Program Files (x86)\Green City
2013-07-09 00:03:14 -------- d-----w- C:\BigFishCache
2013-07-04 22:05:07 -------- d-----w- C:\Users\Pier\AppData\Roaming\Rainbow
2013-07-04 21:57:34 -------- d-----w- C:\Program Files (x86)\Rush for Gold - Alaska
.
==================== Find3M ====================
.
2013-07-22 15:34:55 867240 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-07-22 15:34:55 789416 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-07-17 14:55:44 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-17 14:55:44 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-05-27 19:47:12 60 ----a-w- C:\windows\wpd99.drv
2013-05-13 05:51:01 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-11-28 22:07:35 179344 ----a-w- C:\Program Files (x86)\4zres.dll
.
============= FINISH: 13:10:00.85 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/3/2012 3:28:15 PM
System Uptime: 8/1/2013 12:43:01 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 01HXXJ
Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz | CPU 1 | 2300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 446 GiB total, 111.55 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&0002000A_PID&0000\8&2E6960DD&0&04C06FBACC7A_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&0002000A_PID&0000\8&2E6960DD&0&04C06FBACC7A_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}_VID&0002000A_PID&0000\8&2E6960DD&0&04C06FBACC7A_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}_VID&0002000A_PID&0000\8&2E6960DD&0&04C06FBACC7A_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&0001000F_PID&0000\8&2E6960DD&0&00AA70A0AB8F_C00000001
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&0001000F_PID&0000\8&2E6960DD&0&00AA70A0AB8F_C00000001
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}_VID&0001000F_PID&0000\8&2E6960DD&0&00AA70A0AB8F_C00000001
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}_VID&0001000F_PID&0000\8&2E6960DD&0&00AA70A0AB8F_C00000001
Service:
.
==== System Restore Points ===================
.
RP106: 7/11/2013 3:00:25 AM - Windows Update
RP107: 7/19/2013 8:14:49 PM - before malwear cleaning
RP108: 7/21/2013 1:48:41 PM - Installed Microsoft Smooth Streaming Client 2.0
RP109: 8/1/2013 3:28:25 AM - Installed AVG 2013
.
==== Installed Programs ======================
.
100 Percent Hidden Objects
123 Free Solitaire v9.0
7-zip v9.20
9: The Dark Side Of Notre Dame Collector's Edition
A Gnome's Home: The Great Crystal Crusade
A Vampire Romance: Extended Edition (remove only)
Accidental Damage Services Agreement
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Photoshop CS6
Adobe Reader X MUI
Adobe Shockwave Player 11.6
Advanced Audio FX Engine
Age of Adventure: Playing the Hero
Alice Greenfingers
Amazon Cloud Drive
Amazon Kindle
Amazon MP3 Downloader 1.0.17
Amazon Music Importer
Amazon Send to Kindle
Amazon Unbox Video
Angelica Weaver: Catch Me When You Can Collector’s Edition
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Arcadesafari
Ashes of Immortality
Ask Toolbar
Audible Download Manager
AVG 2013
AVG PC TuneUp
AVG PC TuneUp Language Pack (en-US)
Aztec Tribe: New Land
Ballad of Solar
Banctec Service Agreement
Barn Yarn
Be a King 2
Be a King: Golden Empire
Be Rich!
Be Richer
Be Richest!
BeadTool 4.5.22
Big Bang West
Big City Adventures Paris
Big Fish: Game Manager
Bing Bar
Bing Desktop
blinkx beat
Blio
Bluetooth Win7 Suite (64)
Bonjour
Boutique Boulevard
BufferChm
Build-a-lot
Build-a-Lot: Mysteries
Build It - Miami Beach Resort
Burger Bustle: Ellie's Organics
Cake Mania
Cake Mania 2
Cake Mania® 2
Cake Mania® 3
Chimeras: Tune of Revenge Collector's Edition
Christmas Wonderland 3
Complete Care Business Service Agreement
Consumer In-Home Service Agreement
Cookbook
Cooking Academy
Cooking Academy 2: World Cuisine
Cooking Academy 3
Cooking Dash™
CoolPic - Fun Social Pictures 2.0.0.429
Coupon Printer for Windows
Create A Mall
Criminal Stories: Presumed Partners
Curse at Twilight
Curse at Twilight: Thief of Souls
Curse at Twilight: Thief of Souls Collector's Edition
Curse at Twilight: Thief of Souls Extended Edition
D1400
D1400_Help
D3DX10
Dark Mysteries - The Soul Keeper
Dark Mysteries: The Soul Keeper Collector's Edition
Dark Parables: The Red Riding Hood Sisters Collector's Edition
Dark Tales: Edgar Allan Poe's The Gold Bug
DefaultTab
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Delicious - Emily's Childhood Memories
Delicious - Emily's Tea Garden
Delicious - Emily's True Love
Delicious - Emily's Wonder Wedding
Delicious 2 Deluxe
Delicious Deluxe
Delicious: Emily's Holiday Season
Delicious: Emily's Taste of Fame
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Edoc Viewer
Dell Getting Started Guide
Dell Home Systems Service Agreement
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell Stage Remote
Dell Touchpad
Dell VideoStage
Dell Webcam Central
Dell WLAN and Bluetooth Client Installation
DeviceDiscovery
DirectX 9 Runtime
DivX Setup
dj_sf_ProductContext
dj_sf_software
dj_sf_software_req
Download and Sa
Dr. Jekyll and Mr. Hyde: The Strange Case - Extended Edition
Dracula: Love Kills
Dragon Crossroads
Dream Builder: Amusement Park
DriverTuner 3.1.0.1
Druid Kingdom
Express Zip
Eye for Design™
Farm 2
Farm Craft
Farm Fables
Farm Frenzy
Farm Frenzy 2
Farm Frenzy 3
Farm Frenzy 3 - Russian Roulette
Farm Frenzy 3: American Pie
Farm Frenzy 3: Ice Age
Farm Frenzy 3: Madagascar
Farm Frenzy 3: Russian Roulette
Farm Frenzy: Ancient Rome
Farm Frenzy: Pizza Party
Farm Mania
Farm Mania 2
Farm Mania: Hot Vacation
Farm Up
Farmer's Market (remove only)
Farmers Market
Farmington Tales
Fashion Forward
Fashion Solitaire
Fiesta Download Manager
Flip That House Cashflow Trainer 1.31
FLV Media Player version 1.3
Free MIDI to MP3 Converter 1.0
Free Ride Games Player
Free Video Player version 1.0
Gardens Inc. - From Rakes to Riches
Gardenscapes 2
Gardenscapes: Mansion Makeover
Gardenscapes: Mansion Makeover
Gardenscapes™
GIMP 2.6.6
Google Chrome
Google Drive
Google Talk Plugin
Google Update Helper
Gothic Fiction: Dark Saga
GPBaseService2
Graboid Video 3.58
Graboid Video 3.58 Setup
Gray Matter 1.0
Great Adventures - Lost in Mountains
Green City
Green City 2
Grim Tales: The Stone Queen
Grim Tales: The Wishes
Haunted Domains
Haunted Halls: Fears from Childhood Collector's Edition
Haunted Halls: Revenge of Doctor Blackmore Collector's Edition
Hero of the Kingdom
Hidden Magic (remove only)
Hidden Mysteries&reg;: Salem Secrets
Hidden World
High-Definition Video Playback
Hobby Farm
Home Sweet Home 2: Kitchens and Baths
Hospital Hustle
Hot Dish
Hot Farm Africa
Hotel Mogul
Hotel Mogul: Las Vegas
House of 1000 Doors: The Palm of Zoroaster
HP Customer Participation Program 13.0
HP Deskjet 2510 series Basic Device Software
HP Deskjet 2510 series Help
HP Deskjet 2510 series Product Improvement Study
HP Deskjet 2510 series Setup Guide
HP Deskjet Printer Driver Software 13.0 Rel. 1
HP Imaging Device Functions 13.0
HP Photo Creations
HP Photosmart Essential 3.5
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
iCloud
IDT Audio
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
iTunes
Jane's Hotel
Jane's Hotel Family Hero
Jane's Hotel Mania
Jane's Realty
Jane's Realty 2
Jane Croft: The Baker Street Murder
Java 7 Update 25
Java Auto Updater
JavaFX 2.1.1
Jigs@w Puzzle 2
Jigsaw Boom!
Jigsaw Puzzle Player
Jigsaw Puzzles - Parks of the World
Jigsaw World
Jigsaws Galore
Jojo's Fashion Show 2: Las Cruces
Jojo's Fashion Show World Tour
Jojo's Fashion Show™
Junk Mail filter update
Kingdom Chronicles Collector's Edition
Kingdom of Seven Seals
Life Quest™
Mahjong Mysteries - Ancient Athena
Mahjong Royal Towers
Malwarebytes Anti-Malware version 1.70.0.1100
Margrave: The Blacksmith's Daughter Collector's Edition
MarketResearch
Math Resource Studio
Math Resource Studio 5
Mesh Runtime
Microsoft .NET Compact Framework 2.0 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Midnight Mysteries: Haunted Houdini Deluxe
Minecraft version 1.4.6
Moai: Build Your Dream
MONOPOLY City (remove only)
Mr. Puzzle
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Dell
My Farm Life
My Farm Life 2
My Kingdom for the Princess
My Life Story: Adventures
Mystery Case Files&reg;: Shadow Lake Collector's Edition
Mystery Chronicles: Betrayals of Love
Mystery Heritage: Sign of the Spirit Collector`s Edition
Mystery P.I. - The Lottery Ticket
Mystery P.I.™ - Lost in Los Angeles
Mystery P.I.™ - Stolen in San Francisco
Mystery P.I.™ - The Curious Case of Counterfeit Cove
Mystery P.I.™ - The London Caper
Mystery P.I.™ - The Lottery Ticket
Mystery P.I.™ - The New York Fortune
Mystery P.I.™ - The Vegas Heist
Mystery Valley (remove only)
Nanny Mania
Nero 10 Movie ThemePack Basic
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
Netflix in Windows Media Center
New Yankee in King Arthur's Court
New Yankee in King Arthur's Court 2
Nitro Pro 8
Northern Tale
Norton Security Scan
Oceanis
OpenAL
Orchard
Outta This Kingdom
Paradise Beach
Paradise Beach 2: Around the World
Passport to Paradise
Path to Success
PDF Settings CS6
Pdf995
PDFCreator
PdfEdit995
PDFill PDF Editor with FREE Writer and FREE Tools
Petz Dogz 2
PhotoScape
PhotoShowExpress
Pioneer Lands
PlayReady PC Runtime x86
Pogo Games
Premium Service Agreement
QualxServ Service Agreement
Quickset64
QuickTime
Ranch Rush® 2 - Sara's Island Experiment
Ranch Rush™
Razer Game Booster
RBVirtualFolder64Inst
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Rhapsody
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Royal Detective: The Lord of Statues Collector's Edition
Royal Envoy 2
Royal Envoy 2 Collector's Edition
Royal Envoy Campaign for the Crown Collector's Edition
Rush for Gold: Alaska
Satisfashion™
Secret of the Past The Mother's Diary
Secrets of the Vatican: The Holy Lance - Extended Edition
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 64-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 64-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition
Shadow Wolf Mysteries: Curse of the Full Moon Collector's Edition
Shadow Wolf Mysteries: Cursed Wedding
Sherlock Holmes and the Hound of the Baskervilles
Shop for HP Supplies
Shopping Blocks
Signature995
Ski Resort Mogul
SmartWebPrinting
Smile Desktop version 1.0.12.332
SmoothDraw 3.2.11
Snow Globe: Farm World
SolutionCenter
Sonic CinePlayer Decoder Pack
Spa Mania 2
Spirit Walkers: Curse of the Cypress Witch
Spirits of Mystery: Song of the Phoenix
Spooky Mall
Spotify
Stamps.com
Stamps.com Application Support for Microsoft Word 2000-2010
Stamps.com support for Microsoft Word 2000-2010
Status
Stone Age Cafe
Strongvault Online Backup
Summer Resort Mogul
Super Ranch
Super Text Twist®
Supermarket Mania
Sweet Kingdom: Enchanted Princess
swMSM
SyncUP
System Requirements Lab for Intel
The Beast of Lycan Isle Collector's Edition
The Curse of the Werewolves
The Extractor
The Golden Years: Way Out West
The Great Unknown: Houdini's Castle Collector's Edition
The Holy Bible KJV Ver.8
The Lake House: Children of Silence
The Lost Cases of Sherlock Holmes
The Lost Cases of Sherlock Holmes 2 (remove only)
The Promised Land
The Three Musketeers: D'Artagnan and the 12 Jewels - Extended Edition
The Weather Channel App
Toolbox
Tory's Shop 'n' Rush
TrayApp
Turbo Fiesta
TV Farm
TV Farm 2
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
Update Installer for WildTangent Games App
uRex Free DVD Ripper
Vacation Mogul
Vampire Legends: The True Story of Kisilova Collector's Edition
Vampire Saga - Welcome To Hell Lock
VC80CRTRedist - 8.0.50727.6195
VideoPad Video Editor
Viking Brothers
Viking Saga
VIO Player version 1.0.1
Virtual City
Virtual City 2: Paradise Resort
Virtual Families
Virtual Families 2
Virtual Families 2: Our Dream House
Virtual Farm
Virtual Farm 2
Visual Studio 2010 x64 Redistributables
VLC media player 1.0.1
Vogue Tales
Wajam
WavePad Sound Editor
WBC Engine 2.0.0.429
Weather Lord
WebReg
Whispered Secrets: The Story of Tideville Collector's Edition
WildTangent Games
WildTangent Games App
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Windows Mobile Device Updater Component
Witch Hunters: Stolen Beauty Collector`s Edition
Witches' Legacy: The Charleston Curse
World's Greatest Temples Mahjong
Xvid Video Codec
Yahoo! Toolbar
Youda Sushi Chef
Zinio Reader 4
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== Event Viewer Messages From Past Week ========
.
8/1/2013 2:41:57 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Amazon Unbox Video Service service to connect.
8/1/2013 12:52:51 PM, Error: Service Control Manager [7023] - The HP Network Devices Support service terminated with the following error: The specified module could not be found.
8/1/2013 12:48:31 PM, Error: Service Control Manager [7000] - The CleanMyPC Watcher service failed to start due to the following error: The system cannot find the file specified.
8/1/2013 12:46:31 PM, Error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s).
8/1/2013 12:45:31 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
8/1/2013 12:44:12 PM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
8/1/2013 11:30:19 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVG PC TuneUp Service service to connect.
8/1/2013 11:30:19 AM, Error: Service Control Manager [7000] - The AVG PC TuneUp Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/28/2013 9:30:41 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
7/25/2013 10:50:30 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147014847
.
==== End Of File ===========================
pieronly
Active Member
 
Posts: 12
Joined: July 19th, 2013, 4:38 pm
Advertisement
Register to Remove

Re: SAME MALWARE, DIFFERENT DAY!

Unread postby pieronly » August 1st, 2013, 1:27 pm

Here is the ckscanner.txt

CKScanner 2.3 - Additional Security Risks - These are not necessarily bad
c:\games\pogo\royal detective the lord of statues collector's edition\assets\levels\level\rm_gh\p_crack_light_1.xml
c:\games\pogo\royal detective the lord of statues collector's edition\assets\levels\level\rm_gh\p_crack_light_2.xml
c:\games\pogo\royal detective the lord of statues collector's edition\assets\levels\level\rm_gh\p_crack_light_3.xml
c:\games\pogo\spirit walkers curse of the cypress witch\data\sounds\10_jetty_window_crack.ogg
c:\games\pogo\spirit walkers curse of the cypress witch\data\sounds\15_deck_plank_cracked.ogg
c:\program files\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
c:\program files (x86)\chimeras - tune of revenge collector's edition\assets\levels\level1\rm_narrow_street\zz_roadway_crack\anim\vid_stilet.ogg
c:\program files (x86)\chimeras - tune of revenge collector's edition\assets\levels\level1\rm_narrow_street\zz_roadway_crack\audio\ad_use_stylet.ogg
c:\program files (x86)\dark tales - edgar allan poe's the gold bug\data\sound\scenes\24_captains_cabin\24_open_crackerbox.ogg
c:\program files (x86)\grim tales - the stone queen\assets\levels\level1\rm_topalace\anims\pfx\pfx_palace_crack_rm.xml
c:\program files (x86)\grim tales - the stone queen\assets\levels\level1\rm_topalace\zz_palacecrack\aud_use_goblin.ogg
c:\program files (x86)\grim tales - the stone queen\assets\levels\level1\rm_topalace\zz_palacecrack\anims\anm_goblin.xml
c:\program files (x86)\grim tales - the stone queen\assets\levels\level1\rm_topalace\zz_palacecrack\anims\anm_goblin_t.xml
c:\program files (x86)\grim tales - the stone queen\assets\levels\level1\rm_topalace\zz_palacecrack\anims\pfx\pfx_palace_crack_zz.xml
c:\program files (x86)\grim tales - the stone queen\assets\levels\level1\rm_topalace\zz_palacecrack\anims\stone\anm_stone.xml
c:\program files (x86)\grim tales - the wishes\assets\levels\level1\rm_kitchen\zz_crackfloor\ad_usemagnet_sfx.ogg
c:\program files (x86)\grim tales - the wishes\assets\levels\level1\rm_kitchen\zz_crackfloor\anims\vd_magnet.ogg
c:\program files (x86)\grim tales - the wishes\assets\levels\level1\rm_kitchen\zz_crackfloor\anims\vd_magnet.zalpha
c:\program files (x86)\hero of the kingdom\ordinary\k3browncrack01.tpx
c:\program files (x86)\hero of the kingdom\ordinary\k3browncrack02.tpx
c:\program files (x86)\hero of the kingdom\ordinary\k3browncrack03.tpx
c:\program files (x86)\hero of the kingdom\ordinary\k3browncrack04.tpx
c:\program files (x86)\hero of the kingdom\ordinary\k3browncrack05.tpx
c:\program files (x86)\mystery case files - shadow lake collector's edition\assets\location\motelroom1\doorcrackvignette.swf
c:\program files (x86)\mystery case files - shadow lake collector's edition\assets\location\safecrackingpuzzle\safecrackingpuzzle.swf
c:\program files (x86)\mystery heritage - sign of the spirit collector's edition\load\sounds\loc_06_zoom2\woodcrack1.ogg
c:\program files (x86)\mystery heritage - sign of the spirit collector's edition\load\sounds\loc_06_zoom2\woodcrack2.ogg
c:\program files (x86)\mystery heritage - sign of the spirit collector's edition\load\sounds\loc_06_zoom2\woodcrack3.ogg
c:\program files (x86)\rush for gold - alaska\data\buildings\ice_crack\building_place\back.xml
c:\program files (x86)\rush for gold - alaska\data\buildings\ice_crack\building_process\back.xml
c:\program files (x86)\rush for gold - alaska\data\buildings\ice_crack\stay\back.xml
c:\program files (x86)\rush for gold - alaska\particles\action_cracking_1.emt
c:\program files (x86)\rush for gold - alaska\particles\action_cracking_2.emt
c:\program files (x86)\shockwave.com\delicious - emily's childhood memories\product\sound\fireworks\small_crack.ogg
c:\program files (x86)\shockwave.com\northern tale\product\data\snd\misc\icecrack.ogg
c:\program files (x86)\spirits of mystery - song of the phoenix\data\sound\scenes\23_throne_room\23_crackingglass.ogg
c:\program files (x86)\the great unknown - houdini's castle collector's edition\sounds\ambients\fire_crackling.ogg
c:\users\pier\documents\recipes\cracked black pepper salmon.docx
scanner sequence 3.ZZ.11.SGAPLG
----- EOF -----


I don't know what that program was supposed to do, so I don't know it there is any difference yet.
pieronly
Active Member
 
Posts: 12
Joined: July 19th, 2013, 4:38 pm

Re: SAME MALWARE, DIFFERENT DAY!

Unread postby Gary R » August 1st, 2013, 4:33 pm

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: SAME MALWARE, DIFFERENT DAY!

Unread postby Gary R » August 1st, 2013, 4:40 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi pieronly

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows 7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please post the contents of JRT.txt into your next reply.

Next

Please download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Delete.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.

Next

If you haven't already done so reboot your computer.

Next

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Next

Please download SystemLook from the link below and save it to your Desktop.

For 64 bit Systems

  • Double-click SystemLook.exe to run it.
  • Copy and paste the contents of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    *conduit*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    *conduit*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    babylon
    conduit
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt



Summary of the logs I need from you in your next post:
  • JRT.txt
  • AdwCleaner[s1].txt
  • OTL.txt
  • Extras.txt
  • SystemLook.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: SAME MALWARE, DIFFERENT DAY!

Unread postby pieronly » August 2nd, 2013, 2:43 pm

Hi Gary,

I'm doing what you said about backing up now. I will get back with you when I'm done.
pieronly
Active Member
 
Posts: 12
Joined: July 19th, 2013, 4:38 pm

Re: SAME MALWARE, DIFFERENT DAY!

Unread postby pieronly » August 2nd, 2013, 3:54 pm

Okay Here we go!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.0 (08.02.2013:1)
OS: Windows 7 Home Premium x64
Ran by Pier on Fri 08/02/2013 at 14:54:33.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] defaulttabsearch
Successfully deleted: [Service] defaulttabsearch
Successfully stopped: [Service] defaulttabupdate
Successfully deleted: [Service] defaulttabupdate
Successfully stopped: [Service] wajamupdater
Successfully deleted: [Service] wajamupdater
Successfully stopped: [Service] APNMCP
Successfully deleted: [Service] APNMCP



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\defaulttabbho.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\extension.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\nctaudiocdgrabber2.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\priam_bho.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\propertysync.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry] HKEY_CURRENT_USER\Software\babylontoolbar
Successfully deleted: [Registry] HKEY_CURRENT_USER\Software\cr_installer
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry] HKEY_CURRENT_USER\Software\default tab
Successfully deleted: [Registry] HKEY_CURRENT_USER\Software\defaulttab
Successfully deleted: [Registry] HKEY_CURRENT_USER\Software\filescout
Successfully deleted: [Registry] HKEY_CURRENT_USER\Software\ilivid
Successfully deleted: [Registry] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry] HKEY_CURRENT_USER\Software\pc optimizer pro
Successfully deleted: [Registry] HKEY_CURRENT_USER\Software\performersoft llc
Successfully deleted: [Registry] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry] HKEY_CURRENT_USER\Software\torch
Successfully deleted: [Registry] HKEY_CURRENT_USER\Software\visualbee
Successfully deleted: [Registry] HKEY_CURRENT_USER\Software\wajam
Successfully deleted: [Registry] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\defaulttab
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Successfully deleted: [Registry Key] "HKEY_CURRENT_USER\Software\Microsoft\internet explorer\internetregistry\registry\user\S-1-5-21-347407021-1085999394-1517728521-1001\software\web assistant"
Successfully deleted: [Registry] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry] HKEY_LOCAL_MACHINE\Software\conduit
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Successfully deleted: [Registry] HKEY_LOCAL_MACHINE\Software\default tab
Successfully deleted: [Registry] HKEY_LOCAL_MACHINE\Software\defaulttab
Successfully deleted: [Registry] HKEY_LOCAL_MACHINE\Software\torch
Successfully deleted: [Registry] HKEY_LOCAL_MACHINE\Software\visualbee
Successfully deleted: [Registry] HKEY_LOCAL_MACHINE\Software\wajam
Successfully deleted: [Registry] HKEY_LOCAL_MACHINE\Software\web assistant
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetup.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\defaulttabbho.defaulttabbrowser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\defaulttabbho.defaulttabbrowser.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\defaulttabbho.defaulttabbrowseractivex
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\defaulttabbho.defaulttabbrowseractivex.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\extension.extensionhelperobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\extension.extensionhelperobject.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajambho
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajambho.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajamdownloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajamdownloader.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\ilividsrtb
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0003491.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0003491.Sandbox.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220022342291}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660066346691}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220022342291}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660066346691}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0003491.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0003491.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3272810
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660066346691}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660066346691}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A8DA0221-E6D9-4811-9E7C-30F2BB7D5841}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BE5F4320-65E8-4566-B384-466A72ADFDCE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_current_user\software\askpartnernetwork"
Successfully deleted: [Registry Key] "hkey_local_machine\software\askpartnernetwork"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"



~~~ Files

Successfully deleted: [File] C:\Program Files (x86)\4zres.dll
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
Successfully deleted: [File] "C:\windows\syswow64\authuitu.dll"
Successfully deleted: [File] "C:\windows\couponprinter.ocx"
Successfully deleted: [File] C:\windows\prefetch\APNSTUB.EXE-AA813B47.pf



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\download and sa"
Successfully deleted: [Folder] "C:\ProgramData\pc optimizer pro"
Successfully deleted: [Folder] "C:\ProgramData\premium"
Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Pier\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Pier\AppData\Roaming\big fish games"
Successfully deleted: [Folder] "C:\Users\Pier\AppData\Roaming\defaulttab"
Successfully deleted: [Folder] "C:\Users\Pier\AppData\Roaming\iwin"
Successfully deleted: [Folder] "C:\Users\Pier\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Pier\AppData\Roaming\strongvault"
Successfully deleted: [Folder] "C:\Users\Pier\appdata\local\apn"
Successfully deleted: [Folder] "C:\Users\Pier\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Pier\appdata\local\downtango"
Successfully deleted: [Folder] "C:\Users\Pier\appdata\local\shopping sidekick plugin"
Successfully deleted: [Folder] "C:\Users\Pier\appdata\local\stronghold_llc"
Successfully deleted: [Folder] "C:\Users\Pier\appdata\local\strongvault online backup"
Successfully deleted: [Folder] "C:\Users\Pier\appdata\local\swvupdater"
Successfully deleted: [Folder] "C:\Users\Pier\appdata\local\tempdir"
Successfully deleted: [Folder] "C:\Users\Pier\appdata\local\torch"
Successfully deleted: [Folder] "C:\Users\Pier\appdata\local\vid-saver"
Successfully deleted: [Folder] "C:\Users\Pier\appdata\local\wajam"
Successfully deleted: [Folder] "C:\Users\Pier\appdata\local\wondershare"
Successfully deleted: [Folder] "C:\Users\Pier\appdata\locallow\babylontoolbar"
Successfully deleted: [Folder] "C:\Users\Pier\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Pier\appdata\locallow\claro ltd"
Successfully deleted: [Folder] "C:\Users\Pier\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Pier\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\Pier\appdata\locallow\delta"
Successfully deleted: [Folder] "C:\Users\Pier\appdata\locallow\download and sa"
Successfully deleted: [Folder] "C:\Users\Pier\appdata\locallow\searchresultstb"
Successfully deleted: [Folder] "C:\Users\Pier\appdata\locallow\tuvaro"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\defaulttab"
Successfully deleted: [Folder] "C:\Program Files (x86)\file scout"
Successfully deleted: [Folder] "C:\Program Files (x86)\free offers from freeze.com"
Successfully deleted: [Folder] "C:\Program Files (x86)\perion"
Successfully deleted: [Folder] "C:\Program Files (x86)\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\vid-saver"
Successfully deleted: [Folder] "C:\Program Files (x86)\wajam"
Successfully deleted: [Folder] "C:\Program Files (x86)\wondershare"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\wondershare"
Successfully deleted: [Folder] "C:\Users\Pier\AppData\Roaming\microsoft\windows\start menu\programs\wajam"
Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin"
Successfully deleted: [Folder] "C:\windows\buzzsocialpointschecker"
Successfully deleted: [Empty Folder] C:\Users\Pier\appdata\local\{0A56C1DC-02D3-419D-B7F0-22717F07A144}
Successfully deleted: [Empty Folder] C:\Users\Pier\appdata\local\{19F3BC50-4E48-4AA1-9D9F-A8AEF1D9FA72}
Successfully deleted: [Empty Folder] C:\Users\Pier\appdata\local\{1C8B3B16-B0D8-4CDC-BB5D-3B30FF43B323}
Successfully deleted: [Empty Folder] C:\Users\Pier\appdata\local\{1ECE3715-A452-454E-B32B-4D97B6062CD2}
Successfully deleted: [Empty Folder] C:\Users\Pier\appdata\local\{256210D8-EC33-45AA-B2D5-A770B19DC9F7}
Successfully deleted: [Empty Folder] C:\Users\Pier\appdata\local\{2C34A011-83C6-4444-8551-ECB88B45B696}
Successfully deleted: [Empty Folder] C:\Users\Pier\appdata\local\{5CCBDAE8-E818-4069-BB8B-7FFFAE20FD26}
Successfully deleted: [Empty Folder] C:\Users\Pier\appdata\local\{7108F797-3C3E-48F5-8572-F53F98BCC52E}
Successfully deleted: [Empty Folder] C:\Users\Pier\appdata\local\{BE2D55E4-D428-484E-A21A-FC03E66CAD3C}
Successfully deleted: [Empty Folder] C:\Users\Pier\appdata\local\{CFEA4C6A-0A8D-438A-A233-F5B2265FA72B}
Successfully deleted: [Folder] "C:\Program Files (x86)\askpartnernetwork"



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]
Successfully deleted: [Folder] C:\Users\Pier\appdata\local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Successfully deleted: [Folder] C:\Users\Pier\appdata\local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Successfully deleted: [Folder] C:\Users\Pier\appdata\local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 08/02/2013 at 15:00:49.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
pieronly
Active Member
 
Posts: 12
Joined: July 19th, 2013, 4:38 pm

Re: SAME MALWARE, DIFFERENT DAY!

Unread postby pieronly » August 2nd, 2013, 3:54 pm

# AdwCleaner v2.306 - Logfile created 08/02/2013 at 15:07:27
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Pier - CASEY
# Boot Mode : Normal
# Running from : C:\Users\Pier\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Browser Manager
Deleted on reboot : C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Extensions\eghepdicbhhbhegihkllkmgjggcjpkma
Deleted on reboot : C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn
File Deleted : C:\user.js
File Deleted : C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Deleted : C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Red Sky
Folder Deleted : C:\Program Files (x86)\TornTV.com
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download and Sa
Folder Deleted : C:\Users\Pier\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\Pier\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Extensions\eghepdicbhhbhegihkllkmgjggcjpkma
Folder Deleted : C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn
Folder Deleted : C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Pier\AppData\Local\PackageAware
Folder Deleted : C:\Users\Pier\AppData\Local\Temp\APN
Folder Deleted : C:\Users\Pier\AppData\Local\Zoom_Downloader
Folder Deleted : C:\Users\Pier\AppData\LocalLow\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Vid-Saver
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Google\Chrome\Extensions\eghepdicbhhbhegihkllkmgjggcjpkma
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gclijllifhfpomppedeljakfegbcpojn
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\5c55da8cbc3ab845
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\DownTango
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\5c55da8cbc3ab845
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eghepdicbhhbhegihkllkmgjggcjpkma
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gclijllifhfpomppedeljakfegbcpojn
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{20E7BC40-33F6-4A81-9D52-B58349326206}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.95

File : C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [13459 octets] - [02/08/2013 15:07:27]

########## EOF - C:\AdwCleaner[S1].txt - [13520 octets] ##########
pieronly
Active Member
 
Posts: 12
Joined: July 19th, 2013, 4:38 pm

Re: SAME MALWARE, DIFFERENT DAY!

Unread postby pieronly » August 2nd, 2013, 3:55 pm

OTL logfile created on: 8/2/2013 3:18:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pier\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 3.55 Gb Available Physical Memory | 60.06% Memory free
11.82 Gb Paging File | 9.49 Gb Available in Paging File | 80.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.13 Gb Total Space | 110.93 Gb Free Space | 24.86% Space Free | Partition Type: NTFS
Drive D: | 6.75 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: CASEY | User Name: Pier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/02 15:03:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pier\Desktop\OTL.exe
PRC - [2013/07/24 20:49:49 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/07/09 15:11:08 | 000,185,856 | ---- | M] () -- C:\Program Files\CoolPic - Fun Social Pictures\ExtensionUpdaterService.exe
PRC - [2013/06/27 12:15:06 | 000,173,192 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2013/04/30 08:50:46 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2013/04/28 15:00:56 | 000,185,856 | ---- | M] () -- C:\Program Files\WBC Engine\ExtensionUpdaterService.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/04/13 14:26:25 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Pier\AppData\Local\Apps\2.0\45Z2HCQN.VB1\Q1T6Q6KP.P15\amaz..tion_f2fa081ea2183235_0002.0000_52f6f5477bfc400b\LocalServiceJre\bin\AmazonCloudDriveW.exe
PRC - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 17:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/29 17:07:12 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Pier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/11/06 20:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/11/06 20:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/31 16:33:50 | 000,519,920 | ---- | M] (iWin Inc.) -- C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
PRC - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/06/11 17:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
PRC - [2011/11/23 22:21:24 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/02 15:15:59 | 000,046,080 | ---- | M] () -- C:\Users\Pier\AppData\Local\Apps\2.0\45Z2HCQN.VB1\Q1T6Q6KP.P15\amaz..tion_f2fa081ea2183235_0002.0000_52f6f5477bfc400b\NativeOperations.dll
MOD - [2013/06/10 05:35:10 | 000,541,696 | ---- | M] () -- C:\Users\Pier\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll


========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\CoolPic -- (CoolPic - Fun Social Pictures Updater)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\CleanMyPC\CleanMyPCService.exe -- (CleanMyPCService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/30 08:50:36 | 000,230,408 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8)
SRV:64bit: - [2013/04/28 15:00:56 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\WBC Engine\ExtensionUpdaterService.exe -- (WBC Engine Updater)
SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2011/05/27 15:06:16 | 000,301,568 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/07/17 10:55:45 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/27 12:15:06 | 000,173,192 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013/04/30 08:50:46 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/06 20:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/31 16:33:50 | 000,519,920 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files (x86)\Pogo Games\PGMTrusted.exe -- (PGMTrusted)
SRV - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/08/23 12:31:24 | 002,148,216 | ---- | M] (AVG) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/06/11 17:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 17:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/02/16 13:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) [Disabled | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/11/23 22:21:24 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2011/05/20 12:16:10 | 000,146,592 | ---- | M] (Atheros) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011/05/20 12:15:20 | 000,080,032 | ---- | M] (Atheros Commnucations) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/02/01 14:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 14:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/01/12 19:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/11/25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/25 21:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/29 18:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/01/29 18:15:04 | 000,029,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2013/01/22 09:52:08 | 000,075,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/12/14 17:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/08 09:53:14 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/10/22 14:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 04:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/05 04:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/02 04:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 04:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 04:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 04:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/09 17:27:34 | 000,352,144 | ---- | M] (EldoS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cbfs3.sys -- (cbfs3)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/27 15:06:16 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/05/20 12:15:34 | 000,282,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/05/20 12:15:34 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/05/20 12:15:34 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/05/20 12:15:34 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/05/20 12:15:34 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/05/20 12:15:34 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/05/20 12:15:32 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/04/21 21:17:10 | 002,727,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/03/31 23:35:12 | 000,355,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/03/25 22:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/20 12:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011/01/12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/29 20:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 05:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 05:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/11/13 22:53:00 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2012/07/04 16:26:12 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-347407021-1085999394-1517728521-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-347407021-1085999394-1517728521-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-347407021-1085999394-1517728521-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-347407021-1085999394-1517728521-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-347407021-1085999394-1517728521-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-347407021-1085999394-1517728521-1001\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKU\S-1-5-21-347407021-1085999394-1517728521-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-347407021-1085999394-1517728521-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-347407021-1085999394-1517728521-1001\..\SearchScopes\{2FDD3CE9-86BF-4F7C-A0A4-8C3A07D458AD}: "URL" = http://www.bing.com/search?FORM=DLCBDF&PC=MDDC&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-347407021-1085999394-1517728521-1001\..\SearchScopes\{5E2BD81F-DDAC-4DFF-B3C7-3A9C1BAE1BFA}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20130105,16646,0,6,0
IE - HKU\S-1-5-21-347407021-1085999394-1517728521-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-347407021-1085999394-1517728521-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\12\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Pier\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Pier\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Pier\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Pier\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Pier\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101772.dll (Amazon.com, Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FEFE89E5-A43F-4f4b-8211-B11D91D02135}: C:\PROGRAM FILES\COOLPIC - FUN SOCIAL PICTURES\FIREFOX [2013/07/21 14:32:41 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{14DD0E04-D4F6-45d2-A958-F361FBD4F64F}: C:\PROGRAM FILES\WBC ENGINE\FIREFOX [2013/07/21 14:33:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/09/13 23:59:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/11/28 16:11:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/12 15:32:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FEFE89E5-A43F-4f4b-8211-B11D91D02135}: C:\Program Files\CoolPic - Fun Social Pictures\Firefox [2013/07/21 14:32:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/07/12 15:32:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{14DD0E04-D4F6-45d2-A958-F361FBD4F64F}: C:\Program Files\WBC Engine\Firefox [2013/07/21 14:33:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/09/13 23:59:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\addlyrics@addlyrics.net: C:\Users\Pier\AppData\Local\AddLyrics\FF\
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\module@com.arcadesafari.firefox: C:\Users\Pier\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox [2013/05/19 22:55:18 | 000,000,000 | ---D | M]

[2013/05/03 16:40:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pier\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\extensions
[2013/01/22 20:30:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Pier\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Pier\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Pier\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Pier\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101772.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Exent\u00AE AOD Gecko Plugin (Enabled) = C:\Program Files (x86)\Free Ride Games\npExentCtl.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Nitro PDF plugin for Firefox and Chrome (Enabled) = C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\12\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RocketLife Secure Plug-In Layer (Enabled) = C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Ask Toolbar = C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaalgdemdkjjdmocimpleaenjebbbgl\15.40906_0\
CHR - Extension: Sudoku = C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdhembpgcpfegeigidembjopfhghnpj\1.0.1.0_0\
CHR - Extension: Google Docs = C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: TV = C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.12_0\
CHR - Extension: Satellite Finder = C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgbokbdbcdfnjhifdlincngoohncfada\1.6_0\
CHR - Extension: Pop Up Block Pro = C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjmjkdknjeokcmgjmdpkccpmahfmiib\3.12_0\
CHR - Extension: YouTube = C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: VUDU Movies = C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Extensions\daomabnenlgkenegngdblacoobnncgib\2.0.0.2_0\
CHR - Extension: Rush Team = C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecdnoeebfjlplfkljdedokbcmebojbpb\1.0_0\
CHR - Extension: Solitaire Games = C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Extensions\eljmkmbmhmgmpmmbkagbobpmpocacdbo\1.0.0.3_0\
CHR - Extension: EasyBib Tools = C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmffdimoneaieldiddcmajhbjijmnggi\0.5.0_0\
CHR - Extension: Cloud Reader = C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.4.0_0\
CHR - Extension: Color Piano! = C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmigmmflfcbhdpdgbkkeojchjhhphnh\2.1.1.40_0\
CHR - Extension: Pocket Website = C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijgclgmgjipgefcnnnibgllfonlfdap\1.0.2_0\
CHR - Extension: TV for Google Chrome\u2122 = C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\2.1.1_0\
CHR - Extension: Poppit = C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: USA Live TV = C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmmeaepdaebmaapbobonajamkacmecif\2.3_0\
CHR - Extension: CanIStream.It = C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nefjaladmbgpekhpikihnnchgbdfojpk\4_0\
CHR - Extension: Mahjong Solitaire = C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc\1.0.0.2_0\
CHR - Extension: My Chrome Theme = C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0\
CHR - Extension: Viewster - Watch Free Movies Online = C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfiekkcjcnhbjofcjcfblhcccjkpkheh\1.8_0\
CHR - Extension: Outlook.com = C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge\1.0.2_0\
CHR - Extension: Free Online TV = C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Extensions\picldhpkcgmgfnmombladhakcganoghd\1.0.1_0\
CHR - Extension: Gmail = C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (WBC Engine) - {14DD0E04-D4F6-45d2-A958-F361FBD4F64F} - C:\Program Files\WBC Engine\Extension64.dll ()
O2:64bit: - BHO: (CoolPic - Fun Social Pictures) - {FEFE89E5-A43F-4f4b-8211-B11D91D02135} - C:\Program Files\CoolPic - Fun Social Pictures\Extension64.dll ()
O2 - BHO: (Download and Sa Class) - {00489C73-11E8-592F-2BE0-26F3B295EDC0} - C:\ProgramData\Download and Sa\50b682c1d7158.ocx File not found
O2 - BHO: (WBC Engine) - {14DD0E04-D4F6-45d2-A958-F361FBD4F64F} - C:\Program Files\WBC Engine\Extension32.dll ()
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Ask Toolbar) - {4153492D-4700-A76A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ASI-G\Passport.dll" File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (CoolPic - Fun Social Pictures) - {FEFE89E5-A43F-4f4b-8211-B11D91D02135} - C:\Program Files\CoolPic - Fun Social Pictures\Extension32.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {4153492D-4700-A76A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ASI-G\Passport.dll" File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-347407021-1085999394-1517728521-1001\..\Toolbar\WebBrowser: (no name) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No CLSID value found.
O3 - HKU\S-1-5-21-347407021-1085999394-1517728521-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {4153492D-4700-A76A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ASI-G\Passport.dll" File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [SMessaging] C:\Users\Pier\AppData\Local\Strongvault Online Backup\SMessaging.exe File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found
O4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-347407021-1085999394-1517728521-1001..\Run: [086A4DCF811AE88EC0C344BC2F81B98B33AD05BD._service_run] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-347407021-1085999394-1517728521-1001..\Run: [Spotify Web Helper] C:\Users\Pier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-347407021-1085999394-1517728521-1001..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Pier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk = C:\Users\Pier\AppData\Local\Apps\2.0\45Z2HCQN.VB1\Q1T6Q6KP.P15\amaz..tion_f2fa081ea2183235_0002.0000_52f6f5477bfc400b\AmazonCloudDrive.exe (Amazon Digital Services, LLC.)
O4 - Startup: C:\Users\Pier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-347407021-1085999394-1517728521-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-347407021-1085999394-1517728521-1001\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-347407021-1085999394-1517728521-1001\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.co ... 5.11.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{355EFCA5-C4FC-4EA1-A1B8-961679752C83}: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{704A8E1D-32E8-43FD-B8FD-ECF54BB46EDA}: DhcpNameServer = 192.168.15.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (autocheck turegopt /AM)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/02 15:15:41 | 000,000,000 | ---D | C] -- C:\Users\Pier\Desktop\clean folder
[2013/08/02 15:03:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Pier\Desktop\OTL.exe
[2013/08/02 14:54:22 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/08/02 14:48:20 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/08/02 14:47:56 | 000,000,000 | ---D | C] -- C:\Users\Pier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/08/02 14:47:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013/08/01 15:29:07 | 000,000,000 | ---D | C] -- C:\Users\Pier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Farm Frenzy 4
[2013/08/01 15:29:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farm Frenzy 4
[2013/08/01 15:29:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Farm Frenzy 4
[2013/07/28 15:42:51 | 000,193,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mci32.ocx
[2013/07/28 15:42:50 | 000,212,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\richtx32.ocx
[2013/07/28 15:42:50 | 000,209,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tabctl32.ocx
[2013/07/28 15:42:50 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\windows\SysWow64\THREED32.OCX
[2013/07/28 15:42:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Holy Bible
[2013/07/28 15:40:53 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\VB5StKit.dll
[2013/07/28 15:40:52 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\ST5UNST.EXE
[2013/07/28 15:40:50 | 001,355,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSVBVM50.dll
[2013/07/28 15:37:08 | 000,000,000 | ---D | C] -- C:\Users\Pier\Desktop\Bible study
[2013/07/28 15:36:59 | 000,000,000 | ---D | C] -- C:\Users\Pier\New folder
[2013/07/25 18:11:16 | 000,000,000 | ---D | C] -- C:\Users\Pier\Documents\Blio
[2013/07/25 18:11:13 | 000,000,000 | ---D | C] -- C:\Users\Pier\AppData\Roaming\Blio
[2013/07/25 16:11:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2013/07/22 11:35:20 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013/07/22 11:35:07 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013/07/22 11:35:07 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013/07/22 11:35:07 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013/07/22 02:28:15 | 000,000,000 | ---D | C] -- C:\Users\Pier\AppData\Roaming\WeatherLord
[2013/07/22 02:28:15 | 000,000,000 | ---D | C] -- C:\ProgramData\WeatherLord
[2013/07/21 23:54:06 | 000,000,000 | ---D | C] -- C:\Users\Pier\AppData\Roaming\HipSoft
[2013/07/21 23:50:34 | 000,000,000 | ---D | C] -- C:\Users\Pier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Green City 2
[2013/07/21 23:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Green City 2
[2013/07/21 23:50:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Green City 2
[2013/07/21 23:49:05 | 000,000,000 | ---D | C] -- C:\Users\Pier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Build-a-Lot - Mysteries
[2013/07/21 23:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Build-a-Lot - Mysteries
[2013/07/21 23:49:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Build-a-Lot - Mysteries
[2013/07/21 18:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Melesta
[2013/07/21 14:33:13 | 000,000,000 | ---D | C] -- C:\Program Files\WBC Engine
[2013/07/21 14:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\CoolPic - Fun Social Pictures
[2013/07/20 15:17:45 | 000,000,000 | ---D | C] -- C:\Users\Pier\AppData\Local\DriverTuner
[2013/07/20 15:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner
[2013/07/20 15:17:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverTuner
[2013/07/20 14:21:46 | 000,000,000 | R--D | C] -- C:\Users\Pier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013/07/19 16:46:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013/07/19 16:45:13 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Pier\Desktop\dds.com
[2013/07/13 12:45:41 | 000,000,000 | ---D | C] -- C:\Users\Pier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\blinkx beat
[2013/07/13 12:45:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Blinkx
[2013/07/12 15:33:07 | 000,000,000 | ---D | C] -- C:\Users\Pier\AppData\Roaming\RealNetworks
[2013/07/12 15:32:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2013/07/12 15:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/07/12 15:31:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2013/07/12 15:31:18 | 000,201,872 | ---- | C] (RealNetworks, Inc.) -- C:\windows\SysWow64\rmoc3260.dll
[2013/07/12 15:30:52 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\windows\SysWow64\pndx5032.dll
[2013/07/12 15:30:51 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\windows\SysWow64\pndx5016.dll
[2013/07/12 15:30:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/07/12 15:30:49 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll
[2013/07/11 03:18:55 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/07/11 03:18:55 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/07/11 03:18:54 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/07/11 03:18:54 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/07/11 03:18:54 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/07/11 03:18:54 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/07/11 03:18:54 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/07/11 03:18:53 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/07/11 03:18:53 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/07/11 03:18:53 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/07/11 03:18:53 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/11 03:18:52 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/07/11 03:18:51 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/07/11 03:18:51 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/07/11 03:18:50 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/07/11 02:29:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIO Player
[2013/07/11 02:28:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIO Player
[2013/07/11 02:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Media Player
[2013/07/11 02:23:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLV Media Player
[2013/07/11 02:22:31 | 004,953,944 | ---- | C] (FLVMPlayer ) -- C:\Users\Pier\Desktop\FLVMPlayer.exe
[2013/07/11 01:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp
[2013/07/11 01:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/07/11 01:17:41 | 000,000,000 | ---D | C] -- C:\Users\Pier\AppData\Local\emaze
[2013/07/11 00:32:05 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll
[2013/07/11 00:32:04 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll
[2013/07/11 00:32:02 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL
[2013/07/11 00:32:02 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL
[2013/07/11 00:24:03 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2013/07/08 21:34:10 | 000,000,000 | ---D | C] -- C:\Users\Pier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Green City
[2013/07/08 21:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Green City
[2013/07/08 20:56:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Green City
[2013/07/08 20:03:14 | 000,000,000 | ---D | C] -- C:\BigFishCache
[2013/07/08 13:54:14 | 000,000,000 | ---D | C] -- C:\Users\Pier\Desktop\Recieved Fax
[2013/07/04 18:05:07 | 000,000,000 | ---D | C] -- C:\Users\Pier\AppData\Roaming\Rainbow
[2013/07/04 17:57:34 | 000,000,000 | ---D | C] -- C:\Users\Pier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rush for Gold - Alaska
[2013/07/04 17:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rush for Gold - Alaska
[2013/07/04 17:57:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rush for Gold - Alaska
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/02 15:21:45 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/02 15:21:45 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/02 15:15:07 | 000,003,069 | ---- | M] () -- C:\Users\Pier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk
[2013/08/02 15:10:20 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/02 15:10:15 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/08/02 15:09:45 | 464,732,159 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/02 15:08:08 | 000,000,336 | ---- | M] () -- C:\windows\DeleteOnReboot.bat
[2013/08/02 15:05:04 | 000,139,264 | ---- | M] () -- C:\Users\Pier\Desktop\SystemLook.exe
[2013/08/02 15:03:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pier\Desktop\OTL.exe
[2013/08/02 15:03:35 | 000,666,633 | ---- | M] () -- C:\Users\Pier\Desktop\adwcleaner.exe
[2013/08/02 14:57:03 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/08/02 14:53:47 | 000,000,458 | ---- | M] () -- C:\windows\tasks\Arcadesafari.job
[2013/08/02 14:50:00 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/02 14:49:10 | 000,000,207 | ---- | M] () -- C:\windows\tweaking.com-regbackup-CASEY-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/08/02 14:47:56 | 000,002,237 | ---- | M] () -- C:\Users\Pier\Desktop\Tweaking.com - Registry Backup.lnk
[2013/08/02 14:41:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-347407021-1085999394-1517728521-1001UA.job
[2013/08/02 14:35:00 | 000,000,336 | ---- | M] () -- C:\windows\tasks\HP Photo Creations Communicator.job
[2013/08/02 14:14:14 | 129,175,507 | ---- | M] () -- C:\Users\Pier\My Pictures.zip
[2013/08/02 02:11:00 | 000,000,400 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for Pier.job
[2013/08/01 22:41:00 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-347407021-1085999394-1517728521-1001Core.job
[2013/08/01 16:47:55 | 000,778,834 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/08/01 16:47:55 | 000,660,318 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/08/01 16:47:55 | 000,121,214 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/08/01 15:30:16 | 000,001,948 | ---- | M] () -- C:\Users\Public\Desktop\Play Farm Frenzy 4.lnk
[2013/08/01 15:30:16 | 000,001,256 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2013/08/01 13:07:27 | 000,459,264 | ---- | M] () -- C:\Users\Pier\Desktop\CKScanner.exe
[2013/07/31 21:08:51 | 000,035,915 | ---- | M] () -- C:\Users\Pier\Documents\grove.jpg
[2013/07/31 17:30:55 | 000,003,421 | ---- | M] () -- C:\Users\Pier\.recently-used.xbel
[2013/07/31 15:26:06 | 000,002,281 | ---- | M] () -- C:\Users\Pier\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/31 15:26:05 | 000,002,257 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/28 21:34:05 | 000,001,264 | ---- | M] () -- C:\Users\Pier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/07/28 15:43:54 | 000,001,081 | ---- | M] () -- C:\Users\Pier\Desktop\The Holy Bible.LNK
[2013/07/26 16:41:24 | 000,001,074 | ---- | M] () -- C:\Users\Pier\Desktop\easybeadpatterns - Shortcut.lnk
[2013/07/24 18:51:55 | 000,062,704 | ---- | M] () -- C:\Users\Pier\Documents\swirly.ptnx
[2013/07/22 12:07:31 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2013/07/22 11:34:59 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013/07/22 11:34:56 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013/07/22 11:34:56 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013/07/22 11:34:56 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013/07/22 11:34:55 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll
[2013/07/22 11:34:55 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[2013/07/21 23:51:12 | 000,001,937 | ---- | M] () -- C:\Users\Public\Desktop\Play Green City 2.lnk
[2013/07/21 14:33:58 | 000,000,258 | RHS- | M] () -- C:\Users\Pier\ntuser.pol
[2013/07/20 15:17:33 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\DriverTuner.lnk
[2013/07/19 16:45:14 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Pier\Desktop\dds.com
[2013/07/19 14:51:04 | 000,007,602 | ---- | M] () -- C:\Users\Pier\AppData\Local\Resmon.ResmonCfg
[2013/07/17 10:55:44 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/07/17 10:55:44 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/07/13 12:45:41 | 000,001,564 | ---- | M] () -- C:\Users\Pier\Desktop\blinkx beat.lnk
[2013/07/12 15:32:15 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/07/12 15:31:18 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\windows\SysWow64\rmoc3260.dll
[2013/07/12 15:30:52 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\windows\SysWow64\pndx5032.dll
[2013/07/12 15:30:51 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\windows\SysWow64\pndx5016.dll
[2013/07/12 15:30:49 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll
[2013/07/11 04:07:54 | 000,002,257 | ---- | M] () -- C:\Users\Pier\Desktop\Google Chrome.lnk
[2013/07/11 04:06:02 | 005,018,848 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/07/11 02:29:07 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\VIO Player.lnk
[2013/07/11 02:23:09 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\FLV Media Player.lnk
[2013/07/11 02:22:38 | 004,953,944 | ---- | M] (FLVMPlayer ) -- C:\Users\Pier\Desktop\FLVMPlayer.exe
[2013/07/11 01:53:57 | 000,181,831 | ---- | M] () -- C:\Users\Pier\Documents\Helprx.pdf
[2013/07/11 01:17:41 | 000,001,220 | ---- | M] () -- C:\Users\Pier\Desktop\Create Amazing Presentations.lnk
[2013/07/08 01:02:28 | 000,000,064 | ---- | M] () -- C:\windows\GPlrLanc.dat
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/02 15:07:41 | 000,000,336 | ---- | C] () -- C:\windows\DeleteOnReboot.bat
[2013/08/02 15:05:03 | 000,139,264 | ---- | C] () -- C:\Users\Pier\Desktop\SystemLook.exe
[2013/08/02 15:03:35 | 000,666,633 | ---- | C] () -- C:\Users\Pier\Desktop\adwcleaner.exe
[2013/08/02 14:49:10 | 000,000,207 | ---- | C] () -- C:\windows\tweaking.com-regbackup-CASEY-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/08/02 14:47:56 | 000,002,237 | ---- | C] () -- C:\Users\Pier\Desktop\Tweaking.com - Registry Backup.lnk
[2013/08/02 14:14:11 | 129,175,507 | ---- | C] () -- C:\Users\Pier\My Pictures.zip
[2013/08/01 15:30:16 | 000,001,948 | ---- | C] () -- C:\Users\Public\Desktop\Play Farm Frenzy 4.lnk
[2013/08/01 15:30:16 | 000,001,256 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2013/08/01 13:07:27 | 000,459,264 | ---- | C] () -- C:\Users\Pier\Desktop\CKScanner.exe
[2013/07/31 21:08:51 | 000,035,915 | ---- | C] () -- C:\Users\Pier\Documents\grove.jpg
[2013/07/31 17:30:55 | 000,003,421 | ---- | C] () -- C:\Users\Pier\.recently-used.xbel
[2013/07/28 15:43:54 | 000,001,081 | ---- | C] () -- C:\Users\Pier\Desktop\The Holy Bible.LNK
[2013/07/28 15:43:15 | 000,001,081 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Holy Bible.LNK
[2013/07/26 16:41:24 | 000,001,074 | ---- | C] () -- C:\Users\Pier\Desktop\easybeadpatterns - Shortcut.lnk
[2013/07/24 16:50:01 | 000,062,704 | ---- | C] () -- C:\Users\Pier\Documents\swirly.ptnx
[2013/07/21 23:51:12 | 000,001,937 | ---- | C] () -- C:\Users\Public\Desktop\Play Green City 2.lnk
[2013/07/21 14:33:58 | 000,000,258 | RHS- | C] () -- C:\Users\Pier\ntuser.pol
[2013/07/20 15:17:33 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\DriverTuner.lnk
[2013/07/19 14:51:04 | 000,007,602 | ---- | C] () -- C:\Users\Pier\AppData\Local\Resmon.ResmonCfg
[2013/07/13 12:45:41 | 000,001,564 | ---- | C] () -- C:\Users\Pier\Desktop\blinkx beat.lnk
[2013/07/12 15:32:15 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/07/11 02:29:07 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\VIO Player.lnk
[2013/07/11 02:23:09 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\FLV Media Player.lnk
[2013/07/11 01:53:57 | 000,181,831 | ---- | C] () -- C:\Users\Pier\Documents\Helprx.pdf
[2013/07/11 01:23:50 | 000,002,281 | ---- | C] () -- C:\Users\Pier\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/11 01:23:50 | 000,002,257 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/11 01:17:41 | 000,001,220 | ---- | C] () -- C:\Users\Pier\Desktop\Create Amazing Presentations.lnk
[2013/07/11 01:17:41 | 000,001,220 | ---- | C] () -- C:\Users\Pier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
[2013/05/16 10:42:26 | 000,000,036 | ---- | C] () -- C:\Users\Pier\.gtk-bookmarks
[2013/05/12 15:41:01 | 000,000,064 | ---- | C] () -- C:\windows\GPlrLanc.dat
[2013/05/11 14:45:37 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/04/23 14:09:19 | 000,000,060 | ---- | C] () -- C:\windows\wpd99.drv
[2013/04/23 14:09:18 | 000,040,448 | ---- | C] () -- C:\windows\SysWow64\pdf995mon64.dll
[2013/04/20 08:11:08 | 000,010,313 | ---- | C] () -- C:\ProgramData\regid.2002-03.com.schoolhousetech_D0224F9C-EA21-4DFC-BF88-2799ED2826DB.swidtag
[2012/12/09 19:57:20 | 000,165,376 | ---- | C] () -- C:\windows\UNWISE.EXE
[2012/12/09 19:41:48 | 000,004,402 | ---- | C] () -- C:\Users\Pier\AppData\Roaming\KnittingWizardPrefs
[2012/12/04 06:18:54 | 000,645,632 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2012/12/04 06:18:54 | 000,240,640 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2012/12/01 18:09:46 | 000,870,128 | ---- | C] () -- C:\Users\Pier\AppData\Roaming\mcs.rma
[2012/12/01 18:09:46 | 000,000,004 | ---- | C] () -- C:\Users\Pier\AppData\Roaming\9F1459
[2012/11/30 15:27:38 | 000,179,344 | ---- | C] () -- C:\Program Files (x86)\4zres.dll
[2012/11/28 20:02:15 | 000,000,034 | -H-- | C] () -- C:\windows\SysWow64\Converter_sysquict.dat
[2012/11/28 17:24:35 | 000,010,240 | ---- | C] () -- C:\Users\Pier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/19 12:03:01 | 095,023,320 | ---- | C] () -- C:\ProgramData\0.pad
[2012/09/13 23:56:17 | 000,163,283 | ---- | C] () -- C:\windows\hphins15.dat
[2012/09/13 23:56:17 | 000,002,011 | ---- | C] () -- C:\windows\hphmdl15.dat
[2012/08/20 07:53:05 | 000,000,036 | -H-- | C] () -- C:\windows\SysWow64\f9t.dat
[2012/08/15 23:09:10 | 000,000,104 | -HS- | C] () -- C:\windows\WSYS049.SYS
[2012/06/07 16:20:39 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012/06/07 16:20:39 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012/06/07 16:20:39 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2012/06/07 13:58:01 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll
[2012/02/26 08:02:17 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
[2012/02/26 08:02:12 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini
[2012/02/26 08:02:12 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
[2012/02/26 08:02:12 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2012/02/26 08:02:12 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
[2012/02/26 08:02:12 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2012/02/26 08:02:12 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2012/02/26 08:02:12 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2012/02/26 06:54:12 | 000,773,050 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/12/09 13:59:50 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/12/09 13:59:50 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013/05/23 20:21:32 | 000,000,000 | -HSD | M] -- C:\Users\Pier\AppData\Roaming\.#
[2013/01/22 14:49:51 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\.minecraft
[2013/05/01 19:27:27 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\A2 Entertainment
[2013/04/09 00:49:39 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\adelantado_2_shockwave_en
[2013/05/16 08:47:05 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Alawar
[2013/08/01 19:28:42 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\AlawarEntertainment
[2013/04/06 01:00:22 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\aliasworlds
[2012/11/10 07:15:54 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Amaranth Games
[2013/01/09 22:24:46 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Amazon
[2012/10/01 23:12:37 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Artifex Mundi
[2012/12/07 07:56:07 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Ashes of Immortality
[2013/04/27 10:42:59 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Atomv1001
[2012/11/30 00:54:45 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\AudioConverterPackages
[2012/12/03 18:19:49 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\AVG
[2012/11/27 13:15:55 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\AVG2013
[2013/07/03 22:15:53 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Be a King 2
[2013/07/22 19:54:55 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\BeadTool
[2013/01/15 22:06:57 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\BlamGames
[2013/05/01 19:37:26 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\blg
[2013/07/25 18:11:36 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Blio
[2012/09/24 23:46:42 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Blue Tea Games
[2013/04/12 15:36:17 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Boolat Games
[2013/02/06 07:51:48 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Boomzap
[2013/07/01 15:54:40 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Cache
[2012/12/31 03:39:57 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\casualArts
[2012/09/13 09:42:29 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\CasualForge
[2013/06/15 22:46:34 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\cerasus.media
[2012/08/08 22:17:39 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\cerasus.media GmbH
[2012/09/30 16:55:33 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\CleanMyPC
[2013/05/29 16:26:45 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/08/16 13:41:12 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\com.amazon.music.uploader
[2012/10/24 11:45:14 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Dekovir
[2012/11/28 15:46:48 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Digiarty
[2012/09/10 09:17:25 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\DivoGames
[2013/05/27 16:36:24 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Downloaded Installations
[2012/08/18 23:41:00 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\EleFun Games
[2013/02/16 17:58:27 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Elephant Games
[2013/04/02 20:14:59 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\ERS Game Studios
[2013/04/26 20:04:50 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Farm 2
[2012/09/19 17:34:07 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Farm Mania
[2013/01/02 15:11:39 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Farm Mania 2
[2013/01/06 00:11:05 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Farm Mania 2.1
[2013/03/30 10:50:19 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\FarmFables
[2013/05/27 16:38:40 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\FileOpen
[2012/08/03 15:35:07 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Fingertapps
[2013/05/04 17:50:20 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\FirstColony
[2013/02/02 20:32:33 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\freshgames
[2012/09/07 22:10:44 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Friday's games
[2012/10/17 20:46:04 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Frogwares
[2012/11/28 23:34:39 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Full
[2013/05/04 10:34:39 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Game
[2012/09/19 09:19:52 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\GameInvest
[2013/06/01 01:12:21 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Gamelab
[2012/10/21 22:48:17 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\GameMill Entertainment
[2012/11/28 23:18:47 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\GetRightToGo
[2013/07/31 17:30:55 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\gtk-2.0
[2012/10/03 07:14:25 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Happy Artist Studio
[2012/10/19 23:36:33 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Happy Chef
[2013/05/05 18:25:38 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Happyville__
[2012/10/23 00:49:32 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\HdO Adventure
[2013/04/02 21:52:47 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Hidden Objects 3Musketeers
[2012/08/11 21:24:19 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Hidden Objects Expert
[2013/03/27 14:56:07 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Hidden Objects JekyllAndHyde
[2012/08/10 00:29:54 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Hidden Objects Vatican
[2013/07/21 23:54:06 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\HipSoft
[2012/08/28 15:39:24 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Home Sweet Home 2
[2013/01/23 23:35:39 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\HoolappForAndroid
[2013/02/04 19:12:24 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Hot Farm Africa
[2012/08/22 16:52:30 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\IDT
[2012/09/26 01:34:47 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Inertia Game Studios
[2012/09/14 18:03:46 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\InImages
[2013/01/14 18:45:03 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Islands
[2012/09/15 13:41:17 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Jane s Hotel
[2012/09/13 08:00:42 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Jane s Hotel 3
[2012/10/09 00:11:24 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Jigsaws Galore
[2012/12/26 18:48:37 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Jumb-O-Fun Games
[2012/08/16 03:14:49 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\kingdom
[2012/08/03 15:34:53 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Leadertech
[2012/11/28 23:20:08 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Leawo
[2012/10/22 05:29:29 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\LegacyInteractive
[2013/04/24 07:23:20 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Liam games
[2013/04/26 20:06:43 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Lonely Troops
[2013/02/14 00:06:54 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Melesta
[2013/05/13 18:17:13 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\MemoryClinic
[2013/07/08 20:27:24 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Meridian93
[2012/10/14 16:17:59 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\MumboJumbo
[2013/06/25 21:36:36 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\NevoSoft
[2013/03/20 19:21:08 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Nitreal Games
[2013/06/25 18:18:10 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Nitro
[2013/08/02 15:14:41 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Nitro PDF
[2013/01/14 10:23:37 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\northerntale_shockwave_en
[2013/03/07 08:28:41 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Oberon Games
[2012/10/17 23:48:06 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\PathToSuccess
[2012/08/04 13:02:18 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\PCDr
[2012/12/09 21:18:01 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\PCStitch 10
[2013/05/29 18:06:40 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\PDAppFlex
[2013/04/24 12:33:42 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\pdf995
[2013/01/14 08:11:58 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Peace Craft
[2013/02/27 16:22:13 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\PhotoScape
[2013/05/13 15:27:48 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\PlayFirst
[2013/01/05 03:37:11 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\playmink
[2013/03/07 20:43:20 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Playrix Entertainment
[2012/10/11 19:02:20 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Pogo
[2012/11/30 01:47:42 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Power Sound Editor Free
[2013/07/04 18:05:07 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Rainbow
[2013/04/26 19:40:14 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Royal Settlement 1450
[2013/04/12 15:33:33 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Rumbic Studio
[2013/05/27 15:13:09 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Schoolhouse Technologies
[2013/05/22 19:04:46 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Shockwave
[2012/08/28 14:14:24 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Shockwave Janes Realty2
[2012/08/28 14:29:06 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\ShockWave_JanesRealty
[2013/04/01 10:25:43 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Silverback Games
[2012/08/16 21:07:38 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\SoftGrid Client
[2012/12/07 20:50:13 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Spotify
[2013/06/25 14:25:36 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/08/20 08:27:37 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Stamps.com Internet Postage
[2012/10/03 00:28:47 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\SulusGames
[2013/04/22 20:00:47 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\T1 Games
[2012/11/27 00:24:21 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\TestApp
[2013/01/05 19:42:37 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\The Curse of the Werewolves
[2012/10/23 00:26:32 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Tibo Software
[2012/11/28 23:21:05 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\tiger-k
[2012/08/21 00:00:57 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Top Evidence
[2012/08/16 20:35:12 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\TP
[2013/05/05 02:13:22 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\TreeCardGames
[2012/11/27 13:14:35 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\TuneUp Software
[2012/08/12 22:50:58 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\URSE Games
[2013/08/01 13:00:44 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\uTorrent
[2012/09/19 16:13:38 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Valusoft
[2012/08/31 23:37:37 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\VC 2 Paradise Resort
[2013/06/08 21:35:25 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\viking_saga_shockwave_en
[2012/08/07 19:52:33 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Virtual City
[2013/05/22 16:16:26 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\Visan
[2013/07/22 02:28:15 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\WeatherLord
[2012/08/04 03:04:36 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\WildTangent
[2013/04/19 20:50:51 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\YoudaGames
[2012/11/17 14:52:17 | 000,000,000 | ---D | M] -- C:\Users\Pier\AppData\Roaming\ZinioReader4

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:F7F6E6CB
@Alternate Data Stream - 259 bytes -> C:\ProgramData\Temp:3E8A3E87
@Alternate Data Stream - 256 bytes -> C:\ProgramData\Temp:11590865
@Alternate Data Stream - 247 bytes -> C:\ProgramData\Temp:6ECE93A8
@Alternate Data Stream - 246 bytes -> C:\ProgramData\Temp:997DA6D7
@Alternate Data Stream - 245 bytes -> C:\ProgramData\Temp:B5FD4AA1
@Alternate Data Stream - 245 bytes -> C:\ProgramData\Temp:8B3C3098
@Alternate Data Stream - 243 bytes -> C:\ProgramData\Temp:640DDEFF
@Alternate Data Stream - 238 bytes -> C:\ProgramData\Temp:EFECABA9
@Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:E0848D16
@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:96838F8A
@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:D621CFB8
@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:09629F6E
@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:A6F30843
@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:A26AFC00
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:F72306CC
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:19C541B5
@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:31C9BA96
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:6DDFD746
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:54531C7D
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:08DB8D99
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:90C320E1
@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:2F8138B7
@Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:9547F1DB
@Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:10D45FC3
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:A4E7D25F
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:5335CE76
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:217A2A36
@Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:554C6431
@Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:2B9555D8
@Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:097FF903
@Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:4DDE401B
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 181 bytes -> C:\ProgramData\Temp:CB959782
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:AD5E6155
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:C82CA1C0
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:395F6776
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:F7F4DC88
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:744022A1
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:B2D32F1D
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:ED6B6C83
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:EAEE7554
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:928DF32E
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:B392E17F
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:F3A185AE
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:AD179392
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:43F5FA9D
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:32289BE8
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:1E288DA3
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:14B2E0BD
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:EF258AD5
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:B5810C71
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:AC9F291E
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:57173DB4
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:9D03192E
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:2CB9631F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:8318A814
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:FA09FC72
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:C3AD9507
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:99AC3203
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:8DA5A13A
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:49EB69E2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E346F5B1
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:432EC713
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:A4F0E644
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:12A012A1
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A900C3A3
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:07D9FF25
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:04BC9A2C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:EECF83D1
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:48862C37
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:1B9E79B3
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:EF0D9BBA
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:07C99568
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:F7370879
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:6BF0805F

< End of report >
pieronly
Active Member
 
Posts: 12
Joined: July 19th, 2013, 4:38 pm

Re: SAME MALWARE, DIFFERENT DAY!

Unread postby pieronly » August 2nd, 2013, 3:56 pm

OTL Extras logfile created on: 8/2/2013 3:18:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pier\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 3.55 Gb Available Physical Memory | 60.06% Memory free
11.82 Gb Paging File | 9.49 Gb Available in Paging File | 80.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.13 Gb Total Space | 110.93 Gb Free Space | 24.86% Space Free | Partition Type: NTFS
Drive D: | 6.75 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: CASEY | User Name: Pier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-347407021-1085999394-1517728521-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08BFCD07-1372-464E-A0C2-7E31471C8F31}" = lport=445 | protocol=6 | dir=in | app=system |
"{0CBC7333-1776-4CC0-8455-AE09DA895AC0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0F8FC1A3-1EC2-4F3E-9DC0-85353E42ED00}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 |
"{199B1763-8F3B-4C4F-B6C9-CD77E3AD6607}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{19B97EE8-B6EF-4151-98D7-10E5BA6D07F2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{22C4CE2E-EC81-40FF-9B48-F32CEFF7DD0C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{25D84A8A-5710-4180-BEB9-0E4B75C49B98}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{29E12A20-14B1-4DC4-8922-AEC366E19BE4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2BD13E27-6890-4099-8937-5FA4539833FE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2E71D248-BDE5-4F43-80AC-005147628BF8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{302B1E82-8FC5-4D62-A64A-41B4F3B7C694}" = rport=445 | protocol=6 | dir=out | app=system |
"{362C3455-02E9-4BAB-8FEC-3444FEA60244}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3C5438A9-EF99-4913-BF95-1123ADAF50E6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3C59BF4E-26F1-4726-B3E3-6D81DEC2E91F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{42D4F457-FDC8-4CFE-9E25-9DCFB55B94A5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{483B83C0-5A71-461B-B547-0C69D8ABE506}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 |
"{536E984A-54CC-4BEB-BE81-ADDB51DB8156}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{57352A98-E8A5-487E-ABDE-C7CB5133522C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{649F6D61-E4E8-4894-9A84-15DAFD913155}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{668F4B67-CB33-4D50-93DF-70F334AF05F6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6A823400-FC6E-4D6D-99F2-02CE4EBE611A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6B89F81D-7EF0-4A93-8834-A2160BC2D87B}" = lport=137 | protocol=17 | dir=in | app=system |
"{70D1F52E-66FC-45B0-AAEF-1881462747FB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{739231E4-C5E3-4DBE-84AF-AB427ADFED73}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{841B10E8-39EA-447D-AD27-69C9EA857FF4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{89C70B2A-9F5B-4048-AFBC-A55E91DB6EE0}" = rport=138 | protocol=17 | dir=out | app=system |
"{8AF1DC0B-FBED-44ED-B342-545E6C3A3CBE}" = lport=138 | protocol=17 | dir=in | app=system |
"{8CB9EC6F-1AFC-4A59-ACF0-B13D845641CF}" = rport=137 | protocol=17 | dir=out | app=system |
"{985F31E9-A2F8-4C11-8A47-FD2B3B784CB4}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 |
"{A9ECA9DE-EC4F-472F-971C-57A15176B54C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AF68539B-FF15-4D90-A0A3-F0B57B674163}" = rport=139 | protocol=6 | dir=out | app=system |
"{B06A6D3A-33E0-4096-9376-98480E75A902}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C7B39947-4028-44E5-8BA5-DDDDB1B15F57}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C8662D77-7B77-4969-9938-FD17C8FBA879}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D913B710-7CF0-471B-A585-A44A975052D8}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 |
"{D9CAA0CD-2C02-4428-8BAB-80E7E17FE7E5}" = lport=139 | protocol=6 | dir=in | app=system |
"{F95EA625-D232-47BD-8633-99B88FE5F511}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004C8570-8A59-4C32-AE7B-9AC979D1A7EA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{00BC5A6E-70E9-4E61-A9E9-405A998982BA}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{09E053F0-89C2-423B-A5F7-7F14D5806B4C}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
"{0CEAE0E8-1E54-4410-8270-8137DC85A753}" = protocol=6 | dir=out | app=system |
"{0E640B05-89D2-4958-B9A4-F0BEDA805B49}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
"{0E81E862-9AE5-4E56-BEB2-2DE9C096ADC1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{12D263BF-A37E-439A-9581-E72590F092A9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1420007A-BB27-4EC3-994D-9EDE42FDDED9}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe |
"{1BB9EB7A-7BAD-410E-816B-CF5F0F566562}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1BFFCF7C-49F2-481B-B040-7848E1016DE7}" = protocol=17 | dir=in | app=c:\users\pier\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{1D0DD7D9-CCB6-461B-B1AB-C2A0E53809B9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{22EC472A-4F4E-4577-99CA-D25AFA008BB5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2929ABE2-0AF0-4C61-8475-09E71A24DB62}" = protocol=17 | dir=in | app=c:\program files (x86)\pogo games\webupdater.exe |
"{2B17EFDF-EA48-4E57-BB74-DFEEE0115712}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{2BC9655A-18F0-435A-9178-BD7BEEDFEDF8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{2C647004-F8AD-4BEC-BF38-F5082C63B18C}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |
"{2EEDAB43-6906-4962-A84E-2FC8B8E9556D}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
"{350979B9-D83B-41CB-9734-8F2ED7625C6F}" = protocol=6 | dir=in | app=c:\users\pier\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{3801CE67-B83A-4FFE-854D-F6AEB57DFE63}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3C7A96ED-A50F-4CB7-93EB-A649615268E7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{4168DBAB-5071-4DC0-91E3-9448E88DBECD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{43A2411B-8D40-44BD-A7E6-0B9BE52A7528}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{45A41397-54E6-4A8A-8B78-640C16471C0F}" = dir=in | app=c:\program files\hp\hp deskjet 2510 series\bin\usbsetup.exe |
"{4929E39A-305F-4D8E-BA8B-FB2E16FE6355}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{549E94AC-0491-4B1A-915F-50B4E411AA61}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{55058FB3-D7C8-42D2-A8AF-DA267AA29799}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6504C24C-12BE-4D2B-B03C-DA4980130500}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
"{711941C9-0550-4285-8E25-ED268EEAF7A5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7615F563-059E-40AA-B201-8D016FC406A0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{7A128EEA-6723-4056-A9CD-209E41A8D5C2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{87378ACA-FD0E-41B2-BA6E-B90835A1DA69}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8BC22A4F-9CA4-407D-8506-2D0231495143}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe |
"{8C202E43-9E47-4EED-AA1F-917CF9E17986}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{8F0E218A-DDC7-47CF-8093-DA423050C653}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{930461F4-7A62-4818-91E8-D5DB3B3402C5}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe |
"{934158ED-B0F6-4487-A686-C8AD5CBABE85}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{9387160C-E8A9-43F9-AEFE-2E75AE9A8309}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
"{9494262F-3FCD-4EBF-92F7-9FA0B4304851}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{985F71A5-14C3-4A77-BBC5-3D490265E334}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
"{9C39E19A-F4A5-4862-A6FA-8769FEFF4EA8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9F671973-C6BB-45CC-867F-166F03D23DF4}" = protocol=6 | dir=in | app=c:\program files (x86)\pogo games\webupdater.exe |
"{A8F0E6D4-6202-4F0F-B526-DF73C3AFAF10}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{AA893BE1-6AEF-4D48-A815-8FDF960E5AF9}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{AB834D1E-3C40-4FB3-82C6-8423F86ED6FE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{AD704A84-6B99-43F6-B2EA-4E2EA09DC3BE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B1504041-050C-4731-918B-C809E298C20F}" = protocol=17 | dir=in | app=c:\program files (x86)\pogo games\pogodgc.exe |
"{B17F51F4-3541-455F-8BA2-BDFD4E3CB5A2}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{B5771807-391D-4B7E-A9CC-810E29108EE5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B63C0E32-4276-4348-888E-17955B50B03E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B81C47E8-63B8-4E59-9A9B-E10E151C83E5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{BDA881D2-3F6D-4DA5-A7E6-78484A73CB37}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
"{BE4E2499-8F42-45FA-BED1-8CFAC25E43B9}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{C1D36C03-5534-46D9-B625-CD30B2A62D25}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C91701AE-F6CF-4122-8375-EE55C43CC8DC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CF32A0F1-63F5-4C2F-891A-E1F8D28C9CD6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D1D2581D-6144-4BD2-AA95-E4C10DA3A14D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D396EF6A-73C0-4598-8FE5-0C156318ACF0}" = protocol=6 | dir=in | app=c:\program files (x86)\pogo games\pogodgc.exe |
"{D71EF129-CE4C-4D43-91B0-E163D53DD99F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D939235D-13AD-4BB8-8973-857DBF31F1E8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D9CC5B40-DFC7-4738-A979-45BA1BC7E37F}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |
"{D9CD2807-67D6-4945-981E-8F034D08EBA9}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{DBC50E75-9104-4528-B8E7-01D3B4D63299}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E7373B68-DDFF-42A3-ABC1-4FA9D8BA82AF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{E92F302A-68A3-4F74-AFC6-5A04A3518B0A}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
"{F55CFDA3-686D-4C49-8E78-4227EA47E70B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F5CEC72A-858C-4AD8-8E62-4D3B56A68E55}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F725AE2B-4B4E-4C51-86FB-B045214E685D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"TCP Query User{4D373512-F9AB-433B-81FC-6ABE1A80166B}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe |
"TCP Query User{B5731412-1CF2-4649-BB91-69BEA9EEEA25}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe |
"UDP Query User{3246BB48-5EBE-42EB-BAA4-A98D8E2C6696}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe |
"UDP Query User{C40A9ECA-2E82-461E-B142-B15CF0DA2297}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{14DD0E04-D4F6-45d2-A958-F361FBD4F64F}_is1" = WBC Engine 2.0.0.429
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1FE32237-FC1F-4E8B-A385-5A748C8E6FDA}" = Nitro Pro 8
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{24F93B56-61F5-415F-85B9-AA444DA34AFC}" = Microsoft Mouse and Keyboard Center
"{293CC68A-32BA-4BA4-84BD-0DCF6583566F}" = HP Deskjet 2510 series Basic Device Software
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{3CDDD063-7FC2-43A7-9EC0-B3F1E38C7649}" = HP Deskjet Printer Driver Software 13.0 Rel. 1
"{4B3264AA-951A-4A6B-B837-125224261F12}" = HP Deskjet 2510 series Product Improvement Study
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57B82DB4-8A01-4F7B-987C-9A46CEC4303A}" = AVG 2013
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.SingleImage_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.SingleImage_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.SingleImage_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.SingleImage_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.SingleImage_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B305FB9-297D-4F86-BC8B-740E7A1EF200}" = AVG 2013
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B9D80BD8-C6F4-467C-9717-0ABA9684DA29}" = AVG 2013
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FEFE89E5-A43F-4f4b-8211-B11D91D02135}_is1" = CoolPic - Fun Social Pictures 2.0.0.429
"AVG" = AVG 2013
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PC-Doctor for Windows" = My Dell
"Shop for HP Supplies" = Shop for HP Supplies
"WinGimp-2.0_is1" = GIMP 2.6.6
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0181AC3F-9B88-940C-2016-C17D2185E413}" = Amazon Music Importer
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{0E08BAC8-845B-4327-8CDB-4B0F8C9857A5}_is1" = FLV Media Player version 1.3
"{0ECFCB07-9BFE-4970-ACA1-D568D982760B}" = Complete Care Business Service Agreement
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1264A9B3-10D3-45B1-A896-9D036F503894}" = Math Resource Studio
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{14F94B3D-3136-469F-BB40-B0A65B2C86F2}" = D1400
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{181E1175-1FF8-4EA5-BC08-A7CA39B85502}_is1" = Free MIDI to MP3 Converter 1.0
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{216C7F38-4BBC-4E9A-8392-C9FA21B54386}" = HP Deskjet 2510 series Setup Guide
"{2299EEBD-0A83-4B26-AA4A-057AE9E5BAE8}" = Dell Stage Remote
"{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}" = HP Deskjet 2510 series Help
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{32900D49-F43B-40D1-9461-0213923934AC}" = Cookbook
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3BD7DD08-991B-4A2F-A165-614ED14EAADD}" = Dell MusicStage
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{400182B4-CA55-46A9-9D88-F8413DCFB36D}" = Blio
"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
"{4153492D-4700-A76A-76A7-A758B70B0A00}" = Ask Toolbar
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{520C1D80-935C-42B9-9340-E883849D804F}_is1" = DriverTuner 3.1.0.1
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{5E33D30D-D896-4D92-B033-5F45819B2937}" = Strongvault Online Backup
"{5E8E67B8-CEF8-445D-BFDF-620077C2584E}_is1" = Free Video Player version 1.0
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0 SP1
"{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}" = System Requirements Lab for Intel
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D2A900D-EB39-3386-8D9F-3B8F069C57A5}" = Google Talk Plugin
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{70E4E07C-4C81-4B19-9D49-37AEB65E3A6B}_is1" = Smile Desktop version 1.0.12.332
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{88F0F4FF-B514-4E32-9C17-CAF96D60EAFC}" = Razer Game Booster
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualxServ Service Agreement
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{946E9741-5FAE-4011-9019-BC1FAF3FE99D}" = Math Resource Studio 5
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{989FB5FD-9B00-4B32-8663-849CB1370DD1}" = Google Drive
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A3FBF944-11B9-4DA6-AA48-65F2DD548EE9}" = dj_sf_ProductContext
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF4D3C63-009B-4A17-B02E-D395065DD3F0}" = Dell Stage Remote
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{bcb1ff51-51a4-4048-b534-3a9b3aa4acce}" = Graboid Video 3.58 Setup
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}" = Premium Service Agreement
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8A17598-7F89-41EA-9876-0F89DA0B24F1}_is1" = VIO Player version 1.0.1
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}" = AVG PC TuneUp
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
"{DAD4DE93-9438-4823-AE5E-93A1BE846FE0}" = Stamps.com Application Support for Microsoft Word 2000-2010
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E68B0A8D-5FD5-4689-A5B6-155C01026BAC}" = dj_sf_software_req
"{E9618350-E3C0-450b-828A-33EB3F5A941A}" = Jigs@w Puzzle 2
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC0AEEE8-3D70-4792-B4D1-1BFBC7D8BEEB}" = dj_sf_software
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{EFE673F6-688A-42ed-9C6C-9DD8CF5A9B89}" = D1400_Help
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FB03A941-815E-42F2-B604-FCE5636DB90B}" = AVG PC TuneUp Language Pack (en-US)
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE182796-F6BA-486A-8590-89B7E8D1D60F}" = Dell Stage
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"100 Percent Hidden Objects" = 100 Percent Hidden Objects
"123 Free Solitaire_is1" = 123 Free Solitaire v9.0
"7-zip" = 7-zip v9.20
"A Gnome's Home: The Great Crystal Crusade" = A Gnome's Home: The Great Crystal Crusade
"A Vampire Romance: Extended Edition" = A Vampire Romance: Extended Edition (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"Ashes of Immortality" = Ashes of Immortality
"AudibleDownloadManager" = Audible Download Manager
"AVG PC TuneUp" = AVG PC TuneUp
"Aztec Tribe: New Land" = Aztec Tribe: New Land
"Barn Yarn" = Barn Yarn
"Be Rich!" = Be Rich!
"BeadTool 4_is1" = BeadTool 4.5.22
"BFG-9 - The Dark Side Of Notre Dame Collector's Edition" = 9: The Dark Side Of Notre Dame Collector's Edition
"BFG-Age of Adventure - Playing the Hero" = Age of Adventure: Playing the Hero
"BFG-Alice Greenfingers" = Alice Greenfingers
"BFG-Angelica Weaver - Catch Me When You Can Collector’s Edition" = Angelica Weaver: Catch Me When You Can Collector’s Edition
"BFG-Be Richer" = Be Richer
"BFG-Be Richest!" = Be Richest!
"BFG-Big Bang West" = Big Bang West
"BFG-Boutique Boulevard" = Boutique Boulevard
"BFG-Build-a-Lot - Mysteries" = Build-a-Lot: Mysteries
"BFGC" = Big Fish: Game Manager
"BFG-Cake Mania 2" = Cake Mania 2
"BFG-Chimeras - Tune of Revenge Collector's Edition" = Chimeras: Tune of Revenge Collector's Edition
"BFG-Curse at Twilight - Thief of Souls" = Curse at Twilight: Thief of Souls
"BFG-Curse at Twilight - Thief of Souls Collector's Edition" = Curse at Twilight: Thief of Souls Collector's Edition
"BFG-Dark Parables - The Red Riding Hood Sisters Collector's Edition" = Dark Parables: The Red Riding Hood Sisters Collector's Edition
"BFG-Dark Tales - Edgar Allan Poe's The Gold Bug" = Dark Tales: Edgar Allan Poe's The Gold Bug
"BFG-Dracula - Love Kills" = Dracula: Love Kills
"BFG-Druid Kingdom" = Druid Kingdom
"BFG-Farm 2" = Farm 2
"BFG-Farm Fables" = Farm Fables
"BFG-Farm Frenzy 4" = Farm Frenzy 4
"BFG-Farm Mania - Hot Vacation" = Farm Mania: Hot Vacation
"BFG-Farmington Tales" = Farmington Tales
"BFG-Gothic Fiction - Dark Saga" = Gothic Fiction: Dark Saga
"BFG-Green City" = Green City
"BFG-Green City 2" = Green City 2
"BFG-Grim Tales - The Stone Queen" = Grim Tales: The Stone Queen
"BFG-Grim Tales - The Wishes" = Grim Tales: The Wishes
"BFG-Haunted Domains" = Haunted Domains
"BFG-Haunted Halls - Fears from Childhood Collector's Edition" = Haunted Halls: Fears from Childhood Collector's Edition
"BFG-Haunted Halls - Revenge of Doctor Blackmore Collector's Edition" = Haunted Halls: Revenge of Doctor Blackmore Collector's Edition
"BFG-Hero of the Kingdom" = Hero of the Kingdom
"BFG-Hidden Mysteries - Salem Secrets" = Hidden Mysteries&reg;: Salem Secrets
"BFG-Jigsaws Galore" = Jigsaws Galore
"BFG-Kingdom Chronicles Collector's Edition" = Kingdom Chronicles Collector's Edition
"BFG-Margrave - The Blacksmith's Daughter Collector's Edition" = Margrave: The Blacksmith's Daughter Collector's Edition
"BFG-Midnight Mysteries - Haunted Houdini Deluxe" = Midnight Mysteries: Haunted Houdini Deluxe
"BFG-Moai - Build Your Dream" = Moai: Build Your Dream
"BFG-Mystery Case Files - Shadow Lake Collector's Edition" = Mystery Case Files&reg;: Shadow Lake Collector's Edition
"BFG-Mystery Chronicles - Betrayals of Love" = Mystery Chronicles: Betrayals of Love
"BFG-Mystery Heritage - Sign of the Spirit Collector's Edition" = Mystery Heritage: Sign of the Spirit Collector`s Edition
"BFG-Orchard" = Orchard
"BFG-Rush for Gold - Alaska" = Rush for Gold: Alaska
"BFG-Shadow Wolf Mysteries - Curse of the Full Moon Collector's Edition" = Shadow Wolf Mysteries: Curse of the Full Moon Collector's Edition
"BFG-Shadow Wolf Mysteries - Cursed Wedding" = Shadow Wolf Mysteries: Cursed Wedding
"BFG-Spa Mania 2" = Spa Mania 2
"BFG-Spirits of Mystery - Song of the Phoenix" = Spirits of Mystery: Song of the Phoenix
"BFG-The Great Unknown - Houdini's Castle Collector's Edition" = The Great Unknown: Houdini's Castle Collector's Edition
"BFG-TV Farm 2" = TV Farm 2
"BFG-Vampire Legends - The True Story of Kisilova Collectors Edition" = Vampire Legends: The True Story of Kisilova Collector's Edition
"BFG-Vampire Saga - Welcome To Hell Lock" = Vampire Saga - Welcome To Hell Lock
"BFG-Viking Brothers" = Viking Brothers
"BFG-Virtual Families 2 - Our Dream House" = Virtual Families 2: Our Dream House
"BFG-Whispered Secrets - The Story of Tideville Collector's Edition" = Whispered Secrets: The Story of Tideville Collector's Edition
"BFG-Witch Hunters - Stolen Beauty Collector's Edition" = Witch Hunters: Stolen Beauty Collector`s Edition
"BFG-Witches' Legacy - The Charleston Curse" = Witches' Legacy: The Charleston Curse
"Build-a-lot" = Build-a-lot
"Burger Bustle: Ellie's Organics" = Burger Bustle: Ellie's Organics
"Cake Mania" = Cake Mania
"Cake Mania® 2" = Cake Mania® 2
"Cake Mania® 3" = Cake Mania® 3
"Christmas Wonderland 3" = Christmas Wonderland 3
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.amazon.music.uploader" = Amazon Music Importer
"Cooking Academy" = Cooking Academy
"Cooking Academy 2: World Cuisine" = Cooking Academy 2: World Cuisine
"Cooking Academy 3" = Cooking Academy 3
"Cooking Dash™" = Cooking Dash™
"Coupon Printer for Windows5.0.0.3" = Coupon Printer for Windows
"Create A Mall" = Create A Mall
"Criminal Stories: Presumed Partners" = Criminal Stories: Presumed Partners
"Curse at Twilight: Thief of Souls Extended Edition" = Curse at Twilight: Thief of Souls Extended Edition
"Dark Mysteries - The Soul Keeper" = Dark Mysteries - The Soul Keeper
"Delicious - Emily's Childhood Memories" = Delicious - Emily's Childhood Memories
"Delicious - Emily's Tea Garden" = Delicious - Emily's Tea Garden
"Delicious - Emily's True Love" = Delicious - Emily's True Love
"Delicious - Emily's Wonder Wedding" = Delicious - Emily's Wonder Wedding
"Delicious 2 Deluxe" = Delicious 2 Deluxe
"Delicious: Emily's Holiday Season" = Delicious: Emily's Holiday Season
"Delicious: Emily's Taste of Fame" = Delicious: Emily's Taste of Fame
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup" = DivX Setup
"Dr. Jekyll and Mr. Hyde: The Strange Case - Extended Edition" = Dr. Jekyll and Mr. Hyde: The Strange Case - Extended Edition
"Dragon Crossroads" = Dragon Crossroads
"Dream Builder: Amusement Park" = Dream Builder: Amusement Park
"exent_614150" = The Lost Cases of Sherlock Holmes
"ExpressZip" = Express Zip
"Eye for Design™" = Eye for Design™
"Farm Craft" = Farm Craft
"Farm Fables" = Farm Fables
"Farm Frenzy" = Farm Frenzy
"Farm Frenzy 2" = Farm Frenzy 2
"Farm Frenzy 3" = Farm Frenzy 3
"Farm Frenzy 3: American Pie" = Farm Frenzy 3: American Pie
"Farm Frenzy 3: Ice Age" = Farm Frenzy 3: Ice Age
"Farm Frenzy 3: Madagascar" = Farm Frenzy 3: Madagascar
"Farm Frenzy 3: Russian Roulette" = Farm Frenzy 3: Russian Roulette
"Farm Frenzy: Ancient Rome" = Farm Frenzy: Ancient Rome
"Farm Frenzy: Pizza Party" = Farm Frenzy: Pizza Party
"Farm Mania" = Farm Mania
"Farm Mania 2" = Farm Mania 2
"Farmers Market" = Farmers Market
"Farmer's Market" = Farmer's Market (remove only)
"Fashion Forward" = Fashion Forward
"Fashion Solitaire" = Fashion Solitaire
"Flip That House Cashflow Trainer" = Flip That House Cashflow Trainer 1.31
"F-Manager" = Fiesta Download Manager
"Gardens Inc. - From Rakes to Riches" = Gardens Inc. - From Rakes to Riches
"Gardenscapes 2" = Gardenscapes 2
"Gardenscapes: Mansion Makeover" = Gardenscapes: Mansion Makeover
"Gardenscapes: Mansion Makeover" = Gardenscapes: Mansion Makeover
"Gardenscapes™" = Gardenscapes™
"Google Chrome" = Google Chrome
"Graboid Video" = Graboid Video 3.58
"Gray Matter" = Gray Matter 1.0
"Hidden Magic" = Hidden Magic (remove only)
"Home Sweet Home 2: Kitchens and Baths" = Home Sweet Home 2: Kitchens and Baths
"Hospital Hustle" = Hospital Hustle
"Hot Dish" = Hot Dish
"Hotel Mogul" = Hotel Mogul
"Hotel Mogul: Las Vegas" = Hotel Mogul: Las Vegas
"House of 1000 Doors: The Palm of Zoroaster" = House of 1000 Doors: The Palm of Zoroaster
"HP Photo Creations" = HP Photo Creations
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Jane's Hotel" = Jane's Hotel
"Jane's Hotel Family Hero" = Jane's Hotel Family Hero
"Jane's Hotel Mania" = Jane's Hotel Mania
"Jane's Realty" = Jane's Realty
"Jane's Realty 2" = Jane's Realty 2
"Jigsaw Boom!" = Jigsaw Boom!
"Jigsaw Puzzle Player" = Jigsaw Puzzle Player
"Jigsaw Puzzles - Parks of the World" = Jigsaw Puzzles - Parks of the World
"Jojo's Fashion Show 2: Las Cruces" = Jojo's Fashion Show 2: Las Cruces
"Jojo's Fashion Show World Tour" = Jojo's Fashion Show World Tour
"Jojo's Fashion Show™" = Jojo's Fashion Show™
"Life Quest™" = Life Quest™
"Mahjong Mysteries - Ancient Athena" = Mahjong Mysteries - Ancient Athena
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Minecraft_is1" = Minecraft version 1.4.6
"MONOPOLY City" = MONOPOLY City (remove only)
"Mr. Puzzle" = Mr. Puzzle
"My Farm Life" = My Farm Life
"My Farm Life 2" = My Farm Life 2
"My Kingdom for the Princess" = My Kingdom for the Princess
"My Life Story: Adventures" = My Life Story: Adventures
"Mystery P.I.™ - Lost in Los Angeles" = Mystery P.I.™ - Lost in Los Angeles
"Mystery P.I.™ - Stolen in San Francisco" = Mystery P.I.™ - Stolen in San Francisco
"Mystery P.I.™ - The Curious Case of Counterfeit Cove" = Mystery P.I.™ - The Curious Case of Counterfeit Cove
"Mystery P.I.™ - The London Caper" = Mystery P.I.™ - The London Caper
"Mystery P.I.™ - The Lottery Ticket" = Mystery P.I.™ - The Lottery Ticket
"Mystery P.I.™ - The New York Fortune" = Mystery P.I.™ - The New York Fortune
"Mystery P.I.™ - The Vegas Heist" = Mystery P.I.™ - The Vegas Heist
"Mystery Valley" = Mystery Valley (remove only)
"Nanny Mania" = Nanny Mania
"New Yankee in King Arthur's Court" = New Yankee in King Arthur's Court
"New Yankee in King Arthur's Court 2" = New Yankee in King Arthur's Court 2
"Northern Tale" = Northern Tale
"NSS" = Norton Security Scan
"OpenAL" = OpenAL
"Paradise Beach" = Paradise Beach
"Paradise Beach 2: Around the World" = Paradise Beach 2: Around the World
"Passport to Paradise" = Passport to Paradise
"Path to Success" = Path to Success
"Pdf995" = Pdf995
"PdfEdit995" = PdfEdit995
"PhotoScape" = PhotoScape
"Pioneer Lands" = Pioneer Lands
"PogoDGC" = Pogo Games
"Ranch Rush® 2 - Sara's Island Experiment" = Ranch Rush® 2 - Sara's Island Experiment
"Ranch Rush™" = Ranch Rush™
"RealPlayer 16.0" = RealPlayer
"Rhapsody" = Rhapsody
"Royal Detective: The Lord of Statues Collector's Edition" = Royal Detective: The Lord of Statues Collector's Edition
"Royal Envoy 2" = Royal Envoy 2
"Royal Envoy Campaign for the Crown Collector's Edition_is1" = Royal Envoy Campaign for the Crown Collector's Edition
"Satisfashion™" = Satisfashion™
"Secrets of the Vatican: The Holy Lance - Extended Edition" = Secrets of the Vatican: The Holy Lance - Extended Edition
"SendToKindle" = Amazon Send to Kindle
"Sherlock Holmes and the Hound of the Baskervilles" = Sherlock Holmes and the Hound of the Baskervilles
"Shopping Blocks" = Shopping Blocks
"Signature995" = Signature995
"Ski Resort Mogul" = Ski Resort Mogul
"SmoothDraw_is1" = SmoothDraw 3.2.11
"Spirit Walkers: Curse of the Cypress Witch" = Spirit Walkers: Curse of the Cypress Witch
"Spooky Mall" = Spooky Mall
"ST5UNST #1" = The Holy Bible KJV Ver.8
"Stamps.com" = Stamps.com
"Stamps.com support for Microsoft Word 2000-2010" = Stamps.com support for Microsoft Word 2000-2010
"Stone Age Cafe" = Stone Age Cafe
"Summer Resort Mogul" = Summer Resort Mogul
"Super Ranch" = Super Ranch
"Super Text Twist®" = Super Text Twist®
"Supermarket Mania" = Supermarket Mania
"Sweet Kingdom: Enchanted Princess" = Sweet Kingdom: Enchanted Princess
"The Beast of Lycan Isle Collector's Edition" = The Beast of Lycan Isle Collector's Edition
"The Extractor1.4.3.2" = The Extractor
"The Lost Cases of Sherlock Holmes 2" = The Lost Cases of Sherlock Holmes 2 (remove only)
"The Promised Land" = The Promised Land
"The Three Musketeers: D'Artagnan and the 12 Jewels - Extended Edition" = The Three Musketeers: D'Artagnan and the 12 Jewels - Extended Edition
"The Weather Channel App" = The Weather Channel App
"Tory's Shop 'n' Rush" = Tory's Shop 'n' Rush
"Turbo Fiesta" = Turbo Fiesta
"TV Farm" = TV Farm
"Tweaking.com - Registry Backup" = Tweaking.com - Registry Backup
"Vacation Mogul" = Vacation Mogul
"VideoPad" = VideoPad Video Editor
"Viking Brothers" = Viking Brothers
"Viking Saga" = Viking Saga
"Virtual City" = Virtual City
"Virtual City 2: Paradise Resort" = Virtual City 2: Paradise Resort
"Virtual Families 2: Our Dream House" = Virtual Families 2: Our Dream House
"Virtual Farm" = Virtual Farm
"Virtual Farm 2" = Virtual Farm 2
"VLC media player" = VLC media player 1.0.1
"Vogue Tales" = Vogue Tales
"WavePad" = WavePad Sound Editor
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"World's Greatest Temples Mahjong" = World's Greatest Temples Mahjong
"WTA-01a9bc71-cb67-4326-be0b-b8637e66f964" = The Golden Years: Way Out West
"WTA-1ac228d9-3735-4deb-8e13-b3da50a6cd18" = Virtual Families 2
"WTA-1fce6d6f-353e-4030-901a-930c487016ae" = Farm Frenzy 3 - Russian Roulette
"WTA-28043073-cfed-41af-be42-e1945589073e" = Age of Adventure: Playing the Hero
"WTA-304b7563-ec4c-4789-bca4-7d834b50cc94" = Royal Envoy 2 Collector's Edition
"WTA-3449e524-36af-492e-a596-abcb16b6d4b4" = Oceanis
"WTA-34c54e22-16ed-48eb-880d-648a0d1c03b4" = Delicious Deluxe
"WTA-36dfbe41-e05c-4cf4-9a5c-80fdec5cef72" = Big City Adventures Paris
"WTA-3a369e63-a37a-425a-af31-b080dc2932e5" = Jigsaw World
"WTA-3e72a6fd-ec06-478c-9d19-de738cfc2af7" = Ballad of Solar
"WTA-3f1e6ca0-e9a1-44c9-95fd-05fe12b01867" = Build It - Miami Beach Resort
"WTA-4b72adc4-394f-4b8a-9453-fb555e0ccf01" = Great Adventures - Lost in Mountains
"WTA-56dd22a2-64c7-4ec0-8d15-e870fb338786" = Kingdom of Seven Seals
"WTA-57e38682-0a96-4212-9e94-2ebe11f63f02" = Petz Dogz 2
"WTA-5b19ea0a-cd6a-433d-b65f-6701a82821ff" = Outta This Kingdom
"WTA-6eb69e9d-dbd0-40b5-9db7-6507ad57b88b" = Be a King 2
"WTA-6f5b1dca-6c62-4261-91a2-c4a74bdd466c" = Jane Croft: The Baker Street Murder
"WTA-7e182cdb-1161-4076-b526-19419e753398" = Hobby Farm
"WTA-822d4004-6f84-4369-9827-508555c51f7a" = Vacation Mogul
"WTA-8bae4e0d-2047-4f3f-9904-1b69748f9dc4" = Dark Mysteries: The Soul Keeper Collector's Edition
"WTA-91e09f37-b8ef-43eb-8997-af7e85a582e9" = The Lake House: Children of Silence
"WTA-965416df-6c3a-422e-b378-df59a938fa5a" = Youda Sushi Chef
"WTA-968309b5-ba38-43bc-86c1-1d2212afd8d3" = Hot Farm Africa
"WTA-97c4500d-a030-419e-9192-d8a6fe8e02e4" = Be a King: Golden Empire
"WTA-97d0d994-6e6e-4b89-807e-4d426f76c9af" = Virtual Families
"WTA-a7c38001-a879-490e-85a2-e58baffa80d3" = The Curse of the Werewolves
"WTA-ad9514df-5b59-4f6c-aaf8-e45a240dd570" = Sherlock Holmes and the Hound of the Baskervilles
"WTA-b0954f6c-93af-4a52-9ee6-1bbcca86d942" = Mystery P.I. - The Lottery Ticket
"WTA-b3799785-8875-4816-a7e3-4047d62395bf" = Snow Globe: Farm World
"WTA-cedd4155-4c18-4eef-9943-d29139c7beeb" = Curse at Twilight
"WTA-cf4ad903-d06d-4945-bac6-c677ec94290a" = Secret of the Past The Mother's Diary
"WTA-dc8cf1b9-1c99-4cbc-a544-3fa6b86b2bf7" = Mahjong Royal Towers
"WTA-e26afdcb-286f-4d37-b68d-023c4f5abb60" = Hidden World
"WTA-e399aec7-e708-4a76-af48-6a88fffe4f5d" = Green City 2
"WTA-f371b85a-41fa-4a55-ae79-c4fbc7f948c2" = Path to Success
"WTA-f5ac6572-e67c-4340-a5c1-871e2f7b15b2" = Weather Lord
"Xvid Video Codec 1.3.1" = Xvid Video Codec
"Yahoo! Companion" = Yahoo! Toolbar
"ZinioReader4" = Zinio Reader 4

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-347407021-1085999394-1517728521-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"23ab716f18849b6f" = Amazon Cloud Drive
"Amazon Kindle" = Amazon Kindle
"Arcadesafari" = Arcadesafari
"blinkx beat" = blinkx beat
"Spotify" = Spotify
"uRexFreeDVDRipper" = uRex Free DVD Ripper

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/2/2013 3:11:29 PM | Computer Name = Casey | Source = WinMgmt | ID = 10
Description =

Error - 8/2/2013 3:18:38 PM | Computer Name = Casey | Source = ESENT | ID = 623
Description = wuaueng.dll (1136) SUS20ClientDataStore: The version store for this
instance (0) has reached its maximum size of 32Mb. It is likely that a long-running
transaction is preventing cleanup of the version store and causing it to build
up in size. Updates will be rejected until the long-running transaction has been
completely committed or rolled back. Possible long-running transaction: SessionId:
0x00000000014F04A0 Session-context: 0x00000000 Session-context ThreadId: 0x0000000000000DF0

Cleanup:
1

[ System Events ]
Error - 8/2/2013 3:08:59 PM | Computer Name = Casey | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 8/2/2013 3:10:22 PM | Computer Name = Casey | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 8/2/2013 3:10:25 PM | Computer Name = Casey | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 8/2/2013 3:11:01 PM | Computer Name = Casey | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 8/2/2013 3:11:51 PM | Computer Name = Casey | Source = Service Control Manager | ID = 7023
Description = The HP Network Devices Support service terminated with the following
error: %%126

Error - 8/2/2013 3:12:22 PM | Computer Name = Casey | Source = DCOM | ID = 10010
Description =

Error - 8/2/2013 3:12:23 PM | Computer Name = Casey | Source = Service Control Manager | ID = 7023
Description = The HP Network Devices Support service terminated with the following
error: %%126

Error - 8/2/2013 3:13:51 PM | Computer Name = Casey | Source = Service Control Manager | ID = 7000
Description = The CleanMyPC Watcher service failed to start due to the following
error: %%2

Error - 8/2/2013 3:14:02 PM | Computer Name = Casey | Source = Service Control Manager | ID = 7023
Description = The HP Network Devices Support service terminated with the following
error: %%126

Error - 8/2/2013 3:27:35 PM | Computer Name = Casey | Source = Service Control Manager | ID = 7023
Description = The HP Network Devices Support service terminated with the following
error: %%126


< End of report >
pieronly
Active Member
 
Posts: 12
Joined: July 19th, 2013, 4:38 pm

Re: SAME MALWARE, DIFFERENT DAY!

Unread postby pieronly » August 2nd, 2013, 3:58 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 15:42 on 02/08/2013 by Pier
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

No Context: Code: Select all

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
C:\Users\Pier\Desktop\Downloaded software\iLividSetup.exe --a---- 1302424 bytes [22:13 28/11/2012] [22:13 28/11/2012] D4D2FFFDB2D1CDF173E15CEE6C2D6413
C:\Users\Pier\Downloads\iLividSetup.exe --a---- 1304960 bytes [19:05 22/01/2013] [19:05 22/01/2013] 6C79382B9D1DB37074C70F072482479D

Searching for "*whitesmoke*"
C:\Users\Pier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DM4H1Z2J\WhiteSmoke_US_New_E1[1].exe --a---- 2166264 bytes [20:30 22/01/2013] [20:30 22/01/2013] 0D139282083DD351D0A0A89C47BAAFC7

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*babylon*"
C:\Users\Pier\AppData\Local\Temp\MybabylonTB.exe --a---- 11 bytes [21:44 22/01/2013] [21:44 22/01/2013] (Unable to calculate MD5)

Searching for "*conduit*"
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1207392 bytes [16:43 06/12/2012] [16:43 06/12/2012] C963B2DECF0872C4A79D4E5E97062E8C
C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_twitter.conduitapps.com_0.localstorage --a---- 3072 bytes [20:44 16/01/2013] [03:40 17/01/2013] C0AE84500FA71B72B8C046C6A8EB70E8
C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_twitter.conduitapps.com_0.localstorage-journal --a---- 3608 bytes [20:44 16/01/2013] [03:40 17/01/2013] D1BE55323C2AD183CCF0ABCE0F79C020
C:\Users\Pier\AppData\Local\Microsoft\Internet Explorer\DOMStore\VEQYD458\storage.conduit[1].xml --a---- 13 bytes [16:46 24/04/2013] [16:46 24/04/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Pier\AppData\Local\Microsoft\Internet Explorer\DOMStore\WSCM1NRN\twitter.conduitapps[1].xml --a---- 13 bytes [16:46 24/04/2013] [16:46 24/04/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Pier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9P71YS8V\contextmenu_toolbar_conduit-services_com[1].xml --a---- 6581 bytes [00:27 23/01/2013] [00:27 23/01/2013] 93DBA7DBB3A402F930076666BD7C539C
C:\Users\Pier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9P71YS8V\contextmenu_toolbar_conduit-services_com[2].xml --a---- 5515 bytes [00:27 23/01/2013] [00:27 23/01/2013] 99F43BD1FBE50F6CEE0714818FCAD0A8
C:\Users\Pier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9TPHZ252\contextmenu_toolbar_conduit-services_com[1].xml --a---- 5514 bytes [00:27 23/01/2013] [00:27 23/01/2013] 16A75DAC853B7B226069A2F21C379531
C:\Users\Pier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C0RV8P7R\contextmenu_toolbar_conduit-services_com[1].xml --a---- 7037 bytes [00:27 23/01/2013] [00:27 23/01/2013] 0B96497BA80BF342415B90AE2F2FB092
C:\Users\Pier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DM4H1Z2J\appsmetadata_toolbar_conduit-services_com[2].txt --a---- 1861 bytes [00:27 23/01/2013] [00:27 23/01/2013] 01B8F97BCFA2A85628B64F2C86760490
C:\Users\Pier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ENWFTCV1\search_conduit_com[1].htm ------- 0 bytes [03:35 17/01/2013] [03:35 17/01/2013] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Pier\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\T1NFQO1P\storage.conduit[1].xml --a---- 13 bytes [20:02 02/02/2013] [20:02 02/02/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Pier\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\T1NFQO1P\twitter.conduitapps[1].xml --a---- 13 bytes [05:48 17/01/2013] [05:48 17/01/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Pier\AppData\Roaming\NCH Software\Components\NCHToolbars\conduit\ConduitInstaller.exe --a---- 86080 bytes [20:01 16/01/2013] [20:01 16/01/2013] 602AE45EEB85FCE002C2BD541F5E3F89

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*babylon*"
No folders found.

Searching for "*conduit*"
C:\Users\Pier\AppData\Roaming\NCH Software\Components\NCHToolbars\conduit d------ [20:01 16/01/2013]

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Pier\AppData\Local\iLivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Pier\AppData\Local\iLivid]
[HKEY_USERS\S-1-5-21-347407021-1085999394-1517728521-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Pier\AppData\Local\iLivid]
[HKEY_USERS\S-1-5-21-347407021-1085999394-1517728521-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Pier\AppData\Local\iLivid]

Searching for "whitesmoke"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\whitesmoke_setup_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\whitesmoke_setup_RASMANCS]

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.1\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QSqlDriverFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QAccessibleFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:]
[HKEY_USERS\S-1-5-21-347407021-1085999394-1517728521-1001\Software\Trolltech]
[HKEY_USERS\S-1-5-21-347407021-1085999394-1517728521-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.1\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-347407021-1085999394-1517728521-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-347407021-1085999394-1517728521-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QSqlDriverFactoryInterface:]
[HKEY_USERS\S-1-5-21-347407021-1085999394-1517728521-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_USERS\S-1-5-21-347407021-1085999394-1517728521-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QAccessibleFactoryInterface:]
[HKEY_USERS\S-1-5-21-347407021-1085999394-1517728521-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-347407021-1085999394-1517728521-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-347407021-1085999394-1517728521-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:]

Searching for "babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

Searching for "conduit"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\BackStage.exe]
"Path"="C:\Users\Pier\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\BackStage.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-347407021-1085999394-1517728521-1001\Software\Wajam]
"supported_sites.youtubesearch.wajam_se_js"="try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';window['WAJAM_PATH'] = 'http://www.wajam.com/'; window['WAJAM_PATH_ADS'] = 'http://ads.wajam.com/'; window['WAJAM_PATH_NEW_ADS'] = 'http://social-ads.wajam.com'; window['WAJAM_CONTAINER_HEIGHT'] = '225px'; window['WAJAM_BROWSER'] = 'b'; window['WAJAM_BROWSER_VERSION'] = '1.21'; window['WAJAM_AFFILIATE'] = '3553';window['WAJAM_ENV'] = '0'; window['WAJAM_PLATFORM'] = navigator.platform;window['WAJAM_SEARCH_ENGINE'] = 'youtubesearch'; window['WAJAM_SERVER_VERSION'] = '1.00258.0'; window['WAJAM_SUPPORT_CRC32_MAPPING'] = '0'; window['WAJAM_SHOULD_SEE_ADS'] = true; window['WAJAM_ID_USER'] = '0'; window['WAJAM_LATITUDE'] = '39.343';window['WAJAM_LONGITUDE'] = '-76.6858';window['WAJAM_NEW_ADS_SERVERS'
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-347407021-1085999394-1517728521-1001\Software\Wajam]
"supported_sites.searchresultsdotcom.wajam_se_js"="try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';window['WAJAM_PATH'] = 'http://www.wajam.com/'; window['WAJAM_PATH_HTTPS'] = 'https://www.wajam.com/'; window['WAJAM_PATH_ADS'] = 'http://ads.wajam.com/'; window['WAJAM_PATH_HTTPS_ADS'] = 'https://ads.wajam.com/'; window['WAJAM_PATH_NEW_ADS'] = 'http://social-ads.wajam.com'; window['WAJAM_PATH_HTTPS_NEW_ADS'] = 'https://social-ads.wajam.com'; window['WAJAM_CONTAINER_HEIGHT'] = '225px'; window['WAJAM_BROWSER'] = 'b'; window['WAJAM_BROWSER_VERSION'] = '1.21'; window['WAJAM_AFFILIATE'] = '3553';window['WAJAM_ENV'] = '0'; window['WAJAM_PLATFORM'] = navigator.platform;window['WAJAM_SEARCH_ENGINE'] = 'searchresultsdotcom'; window['WAJAM_SERVER_VERSION'] = '1.00267.0'; window['WAJAM_SUPPORT_CRC
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-347407021-1085999394-1517728521-1001\Software\Wajam]
"supported_sites.google.wajam_google_se_js"="try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';window['WAJAM_PATH'] = 'http://www.wajam.com/'; window['WAJAM_PATH_HTTPS'] = 'https://www.wajam.com/'; window['WAJAM_PATH_ADS'] = 'http://ads.wajam.com/'; window['WAJAM_PATH_HTTPS_ADS'] = 'https://ads.wajam.com/'; window['WAJAM_PATH_NEW_ADS'] = 'http://social-ads.wajam.com'; window['WAJAM_PATH_HTTPS_NEW_ADS'] = 'https://social-ads.wajam.com'; window['WAJAM_CONTAINER_HEIGHT'] = '225px'; window['WAJAM_BROWSER'] = 'b'; window['WAJAM_BROWSER_VERSION'] = '1.21'; window['WAJAM_AFFILIATE'] = '3553';window['WAJAM_ENV'] = '0'; window['WAJAM_PLATFORM'] = navigator.platform;window['WAJAM_SEARCH_ENGINE'] = 'google'; window['WAJAM_SERVER_VERSION'] = '1.00274.0'; window['WAJAM_SUPPORT_CRC32_MAPPING'] = '0';
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-347407021-1085999394-1517728521-1001\Software\Wajam]
"supported_sites.encryptedgoogle.wajam_google_js"="try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';window['WAJAM_PATH'] = 'http://www.wajam.com/'; window['WAJAM_PATH_HTTPS'] = 'https://www.wajam.com/'; window['WAJAM_PATH_ADS'] = 'http://ads.wajam.com/'; window['WAJAM_PATH_HTTPS_ADS'] = 'https://ads.wajam.com/'; window['WAJAM_PATH_NEW_ADS'] = 'http://social-ads.wajam.com'; window['WAJAM_PATH_HTTPS_NEW_ADS'] = 'https://social-ads.wajam.com'; window['WAJAM_CONTAINER_HEIGHT'] = '225px'; window['WAJAM_BROWSER'] = 'b'; window['WAJAM_BROWSER_VERSION'] = '1.21'; window['WAJAM_AFFILIATE'] = '3553';window['WAJAM_ENV'] = '0'; window['WAJAM_PLATFORM'] = navigator.platform;window['WAJAM_SEARCH_ENGINE'] = 'google'; window['WAJAM_SERVER_VERSION'] = '1.00274.0'; window['WAJAM_SUPPORT_CRC32_MAPPING']
[HKEY_CURRENT_USER\Software\NCH Software\Components\conduit]
[HKEY_CURRENT_USER\Software\NCH Software\ExpressZip\Software]
"Toolbar"="conduit"
[HKEY_USERS\S-1-5-21-347407021-1085999394-1517728521-1001\Software\Microsoft\IntelliType Pro\AppSpecific\BackStage.exe]
"Path"="C:\Users\Pier\AppData\Local\Conduit\BackStage\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}\BackStage.exe"
[HKEY_USERS\S-1-5-21-347407021-1085999394-1517728521-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-347407021-1085999394-1517728521-1001\Software\Wajam]
"supported_sites.youtubesearch.wajam_se_js"="try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';window['WAJAM_PATH'] = 'http://www.wajam.com/'; window['WAJAM_PATH_ADS'] = 'http://ads.wajam.com/'; window['WAJAM_PATH_NEW_ADS'] = 'http://social-ads.wajam.com'; window['WAJAM_CONTAINER_HEIGHT'] = '225px'; window['WAJAM_BROWSER'] = 'b'; window['WAJAM_BROWSER_VERSION'] = '1.21'; window['WAJAM_AFFILIATE'] = '3553';window['WAJAM_ENV'] = '0'; window['WAJAM_PLATFORM'] = navigator.platform;window['WAJAM_SEARCH_ENGINE'] = 'youtubesearch'; window['WAJAM_SERVER_VERSION'] = '1.00258.0'; window['WAJAM_SUPPORT_CRC32_MAPPING'] = '0'; window['WAJAM_SHOULD_SEE_ADS'] = true; window['WAJAM_ID_USER'] = '0'; window['WAJAM_LATITUDE'] = '39.343';window['WAJAM_LONGITUDE'] = '-
[HKEY_USERS\S-1-5-21-347407021-1085999394-1517728521-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-347407021-1085999394-1517728521-1001\Software\Wajam]
"supported_sites.searchresultsdotcom.wajam_se_js"="try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';window['WAJAM_PATH'] = 'http://www.wajam.com/'; window['WAJAM_PATH_HTTPS'] = 'https://www.wajam.com/'; window['WAJAM_PATH_ADS'] = 'http://ads.wajam.com/'; window['WAJAM_PATH_HTTPS_ADS'] = 'https://ads.wajam.com/'; window['WAJAM_PATH_NEW_ADS'] = 'http://social-ads.wajam.com'; window['WAJAM_PATH_HTTPS_NEW_ADS'] = 'https://social-ads.wajam.com'; window['WAJAM_CONTAINER_HEIGHT'] = '225px'; window['WAJAM_BROWSER'] = 'b'; window['WAJAM_BROWSER_VERSION'] = '1.21'; window['WAJAM_AFFILIATE'] = '3553';window['WAJAM_ENV'] = '0'; window['WAJAM_PLATFORM'] = navigator.platform;window['WAJAM_SEARCH_ENGINE'] = 'searchresultsdotcom'; window['WAJAM_SERVER_VERSION'] =
[HKEY_USERS\S-1-5-21-347407021-1085999394-1517728521-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-347407021-1085999394-1517728521-1001\Software\Wajam]
"supported_sites.google.wajam_google_se_js"="try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';window['WAJAM_PATH'] = 'http://www.wajam.com/'; window['WAJAM_PATH_HTTPS'] = 'https://www.wajam.com/'; window['WAJAM_PATH_ADS'] = 'http://ads.wajam.com/'; window['WAJAM_PATH_HTTPS_ADS'] = 'https://ads.wajam.com/'; window['WAJAM_PATH_NEW_ADS'] = 'http://social-ads.wajam.com'; window['WAJAM_PATH_HTTPS_NEW_ADS'] = 'https://social-ads.wajam.com'; window['WAJAM_CONTAINER_HEIGHT'] = '225px'; window['WAJAM_BROWSER'] = 'b'; window['WAJAM_BROWSER_VERSION'] = '1.21'; window['WAJAM_AFFILIATE'] = '3553';window['WAJAM_ENV'] = '0'; window['WAJAM_PLATFORM'] = navigator.platform;window['WAJAM_SEARCH_ENGINE'] = 'google'; window['WAJAM_SERVER_VERSION'] = '1.00274.0'; windo
[HKEY_USERS\S-1-5-21-347407021-1085999394-1517728521-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-347407021-1085999394-1517728521-1001\Software\Wajam]
"supported_sites.encryptedgoogle.wajam_google_js"="try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';window['WAJAM_PATH'] = 'http://www.wajam.com/'; window['WAJAM_PATH_HTTPS'] = 'https://www.wajam.com/'; window['WAJAM_PATH_ADS'] = 'http://ads.wajam.com/'; window['WAJAM_PATH_HTTPS_ADS'] = 'https://ads.wajam.com/'; window['WAJAM_PATH_NEW_ADS'] = 'http://social-ads.wajam.com'; window['WAJAM_PATH_HTTPS_NEW_ADS'] = 'https://social-ads.wajam.com'; window['WAJAM_CONTAINER_HEIGHT'] = '225px'; window['WAJAM_BROWSER'] = 'b'; window['WAJAM_BROWSER_VERSION'] = '1.21'; window['WAJAM_AFFILIATE'] = '3553';window['WAJAM_ENV'] = '0'; window['WAJAM_PLATFORM'] = navigator.platform;window['WAJAM_SEARCH_ENGINE'] = 'google'; window['WAJAM_SERVER_VERSION'] = '1.00274.0';
[HKEY_USERS\S-1-5-21-347407021-1085999394-1517728521-1001\Software\NCH Software\Components\conduit]
[HKEY_USERS\S-1-5-21-347407021-1085999394-1517728521-1001\Software\NCH Software\ExpressZip\Software]
"Toolbar"="conduit"

-= EOF =-
pieronly
Active Member
 
Posts: 12
Joined: July 19th, 2013, 4:38 pm

Re: SAME MALWARE, DIFFERENT DAY!

Unread postby pieronly » August 2nd, 2013, 3:59 pm

I've done every thing you said. Now what?
pieronly
Active Member
 
Posts: 12
Joined: July 19th, 2013, 4:38 pm

Re: SAME MALWARE, DIFFERENT DAY!

Unread postby Gary R » August 2nd, 2013, 5:44 pm

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
SRV:64bit: - [2013/04/28 15:00:56 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\WBC Engine\ExtensionUpdaterService.exe -- (WBC Engine Updater)
SRV - [2012/10/31 16:33:50 | 000,519,920 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files (x86)\Pogo Games\PGMTrusted.exe -- (PGMTrusted)
IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKU\S-1-5-21-347407021-1085999394-1517728521-1001\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
O2:64bit: - BHO: (CoolPic - Fun Social Pictures) - {FEFE89E5-A43F-4f4b-8211-B11D91D02135} - C:\Program Files\CoolPic - Fun Social Pictures\Extension64.dll ()
O2 - BHO: (Download and Sa Class) - {00489C73-11E8-592F-2BE0-26F3B295EDC0} - C:\ProgramData\Download and Sa\50b682c1d7158.ocx File not found
O2 - BHO: (WBC Engine) - {14DD0E04-D4F6-45d2-A958-F361FBD4F64F} - C:\Program Files\WBC Engine\Extension32.dll ()
O2 - BHO: (Ask Toolbar) - {4153492D-4700-A76A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ASI-G\Passport.dll" File not found
O2 - BHO: (CoolPic - Fun Social Pictures) - {FEFE89E5-A43F-4f4b-8211-B11D91D02135} - C:\Program Files\CoolPic - Fun Social Pictures\Extension32.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {4153492D-4700-A76A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ASI-G\Passport.dll" File not found
O3 - HKU\S-1-5-21-347407021-1085999394-1517728521-1001\..\Toolbar\WebBrowser: (no name) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No CLSID value found.
O3 - HKU\S-1-5-21-347407021-1085999394-1517728521-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {4153492D-4700-A76A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ASI-G\Passport.dll" File not found
O4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O15 - HKU\S-1-5-21-347407021-1085999394-1517728521-1001\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-347407021-1085999394-1517728521-1001\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
@Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:F7F6E6CB
@Alternate Data Stream - 259 bytes -> C:\ProgramData\Temp:3E8A3E87
@Alternate Data Stream - 256 bytes -> C:\ProgramData\Temp:11590865
@Alternate Data Stream - 247 bytes -> C:\ProgramData\Temp:6ECE93A8
@Alternate Data Stream - 246 bytes -> C:\ProgramData\Temp:997DA6D7
@Alternate Data Stream - 245 bytes -> C:\ProgramData\Temp:B5FD4AA1
@Alternate Data Stream - 245 bytes -> C:\ProgramData\Temp:8B3C3098
@Alternate Data Stream - 243 bytes -> C:\ProgramData\Temp:640DDEFF
@Alternate Data Stream - 238 bytes -> C:\ProgramData\Temp:EFECABA9
@Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:E0848D16
@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:96838F8A
@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:D621CFB8
@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:09629F6E
@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:A6F30843
@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:A26AFC00
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:F72306CC
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:19C541B5
@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:31C9BA96
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:6DDFD746
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:54531C7D
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:08DB8D99
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:90C320E1
@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:2F8138B7
@Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:9547F1DB
@Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:10D45FC3
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:A4E7D25F
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:5335CE76
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:217A2A36
@Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:554C6431
@Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:2B9555D8
@Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:097FF903
@Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:4DDE401B
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 181 bytes -> C:\ProgramData\Temp:CB959782
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:AD5E6155
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:C82CA1C0
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:395F6776
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:F7F4DC88
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:744022A1
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:B2D32F1D
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:ED6B6C83
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:EAEE7554
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:928DF32E
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:B392E17F
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:F3A185AE
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:AD179392
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:43F5FA9D
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:32289BE8
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:1E288DA3
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:14B2E0BD
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:EF258AD5
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:B5810C71
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:AC9F291E
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:57173DB4
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:9D03192E
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:2CB9631F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:8318A814
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:FA09FC72
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:C3AD9507
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:99AC3203
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:8DA5A13A
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:49EB69E2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E346F5B1
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:432EC713
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:A4F0E644
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:12A012A1
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A900C3A3
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:07D9FF25
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:04BC9A2C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:EECF83D1
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:48862C37
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:1B9E79B3
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:EF0D9BBA
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:07C99568
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:F7370879
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:6BF0805F

:Files
C:\Users\Pier\Desktop\Downloaded software\iLividSetup.exe
C:\Users\Pier\Downloads\iLividSetup.exe
C:\Users\Pier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DM4H1Z2J\WhiteSmoke_US_New_E1[1].exe
C:\Users\Pier\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_twitter.conduitapps.com_0.localstorage
C:\Users\Pier\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_twitter.conduitapps.com_0.localstorage-journa
C:\Users\Pier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9P71YS8V\contextmenu_toolbar_conduit-services_com[1].xml
C:\Users\Pier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9P71YS8V\contextmenu_toolbar_conduit-services_com[2].xml
C:\Users\Pier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9TPHZ252\contextmenu_toolbar_conduit-services_com[1].xml
C:\Users\Pier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C0RV8P7R\contextmenu_toolbar_conduit-services_com[1].xml
C:\Users\Pier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DM4H1Z2J\appsmetadata_toolbar_conduit-services_com[2].txt
C:\Users\Pier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ENWFTCV1\search_conduit_com[1].htm
C:\Users\Pier\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\T1NFQO1P\twitter.conduitapps[1].xml 
C:\Users\Pier\AppData\Roaming\NCH Software\Components\NCHToolbars\conduit\ConduitInstaller.exe
C:\Users\Pier\AppData\Roaming\NCH Software\Components\NCHToolbars\conduit

:Reg
[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_USERS\S-1-5-21-347407021-1085999394-1517728521-1001\Software\Trolltech]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_CURRENT_USER\Software\NCH Software\Components\conduit]
[-HKEY_CURRENT_USER\Software\NCH Software\ExpressZip\Software]
[-HKEY_USERS\S-1-5-21-347407021-1085999394-1517728521-1001\Software\NCH Software\Components\conduit]
[-HKEY_USERS\S-1-5-21-347407021-1085999394-1517728521-1001\Software\NCH Software\ExpressZip\Software]

:Commands
[emptytemp]
[resethosts]
[createrestorepoint]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.

Summary of the logs I need from you in your next post:
  • OTL fix log
  • E-Set log
  • Let me know how your computer is behaving now please.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: SAME MALWARE, DIFFERENT DAY!

Unread postby pieronly » August 3rd, 2013, 4:54 pm

Gary,

I'm trying to run the e-set but it won't start. I press start and nothing happens
pieronly
Active Member
 
Posts: 12
Joined: July 19th, 2013, 4:38 pm

Re: SAME MALWARE, DIFFERENT DAY!

Unread postby Gary R » August 3rd, 2013, 5:24 pm

Which browser are you using ? It's easiest if you use Internet Explorer. If you're using Firefox you have to install esetsmartinstaller_enu.exe before you can run the scan.

If it's not a browser problem, then are you sure you've disabled your on board anti-virus, if not it may be blocking e-set from launching.

If it's neither of those things causing the problem, then just post me the OTL fix log, and let me know.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: SAME MALWARE, DIFFERENT DAY!

Unread postby Gary R » August 7th, 2013, 10:26 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 125 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware