Mixi DJ Toolbar...i want to hurt the creator

[ihatethis]

OTL logfile created on: 4/25/2013 10:32:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 50.40% Memory free
7.61 Gb Paging File | 5.45 Gb Available in Paging File | 71.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.13 Gb Total Space | 397.66 Gb Free Space | 89.14% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Chris\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe ()
PRC - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Users\Chris\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Chris\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Chris\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Users\Chris\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()
MOD - C:\Users\Chris\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll ()
MOD - C:\Users\Chris\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e1854a100d5ad4dff34d1427b5a9604c\System.WorkflowServices.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\e818fbdb44667fdf48e69d032ed038a9\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\276a4a9226efbd4e3bfe1cff92acdb51\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\76a90419ce76ba450473d241821dcf3d\System.ServiceModel.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\d16cfafdd80b12e110946ea875e118a1\System.Xml.Linq.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\5efc2df0b6cdb09d0c740a59be0dcd5b\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\226dff32c2cfce890288ebe71841c0f1\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\87effb0f186b515416c12a57bdab3cd3\System.ServiceModel.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\fde22ad3592f537464b769ae693152aa\System.Runtime.Serialization.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\5069816177c0505eb4ffdf8598771110\System.IdentityModel.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\948357f38c25edf82e53149599660d98\SMDiagnostics.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e95c75bede9a6ba6654d3a5e56da7e86\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\91c62efba9d18a59a8aef37729cb5c6d\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8f045547dc39be38a6c3348b524b5d96\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e397d6058a96fc5b768e330256867567\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\49100533f4f9d3bf97a57c5424b51c2b\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\39cb017c2a46136cf3ca8a877d4fa741\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\35a8c4dd1bd18d6100a4974aa272761c\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\f3bcf05501f25211734e003e40c1fc4d\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\DataService.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (DellDigitalDelivery) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (FlyUsb) -- C:\Windows\SysNative\drivers\FlyUsb.sys (LeapFrog)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9A9B790B-B423-4AC7-AFDA-5982F78305A0}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {9A9B790B-B423-4AC7-AFDA-5982F78305A0}
IE - HKCU\..\SearchScopes\{9A9B790B-B423-4AC7-AFDA-5982F78305A0}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3287822&CUI=UN40651667892415411&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Chris\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/12/02 22:54:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe File not found
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{159A6695-A27C-45DB-BD38-1F1B4A82202C}: DhcpNameServer = 198.224.188.236 198.224.189.236
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62BFE676-297F-41EE-A82D-85543B0EAA53}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{854C1888-56A1-4FDD-B564-EFF327E08F06}: DhcpNameServer = 172.1.1.171
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/25 21:20:07 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Programs
[2013/04/25 21:15:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\ElevatedDiagnostics
[2013/04/25 18:06:56 | 000,000,000 | ---D | C] -- C:\components
[2013/04/25 17:54:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/04/25 17:54:24 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Conduit
[2013/04/25 17:53:24 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\CRE
[2013/04/20 17:37:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Tomato Signs 2013
[2013/04/11 03:02:03 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/04/11 03:02:03 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/04/11 03:02:01 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/04/11 03:02:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/04/11 03:02:01 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/04/11 03:02:00 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/04/11 03:02:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/04/11 03:02:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/04/11 03:01:59 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/04/11 03:01:59 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/04/11 03:01:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/04/11 03:01:59 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/04/11 03:01:57 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/04/11 03:01:56 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/04/11 03:01:56 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/04/10 16:53:58 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll
[2013/04/10 16:53:58 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll
[2013/04/10 16:53:57 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\aaclient.dll
[2013/04/10 16:53:56 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aaclient.dll
[2013/04/10 16:53:56 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tsgqec.dll
[2013/04/10 16:53:56 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tsgqec.dll
[2013/04/10 16:53:08 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/04/10 16:53:07 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2013/04/10 16:53:06 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2013/04/10 16:53:06 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\smss.exe
[2013/04/10 16:53:06 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll
[2013/04/10 16:53:04 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\apisetschema.dll

========== Files - Modified Within 30 Days ==========

[2013/04/25 21:39:05 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2912090835-1634431508-2850167325-1000UA.job
[2013/04/25 21:20:38 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/25 21:09:10 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/25 21:09:10 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/25 21:06:04 | 000,779,788 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/04/25 21:06:04 | 000,660,770 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/04/25 21:06:04 | 000,121,408 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/04/25 21:01:37 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/04/25 21:01:32 | 3062,902,784 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/25 21:00:41 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2912090835-1634431508-2850167325-1000Core.job
[2013/04/25 17:54:52 | 000,000,009 | ---- | M] () -- C:\END
[2013/04/25 17:01:34 | 000,000,422 | ---- | M] () -- C:\windows\tasks\SystemToolsDailyTest.job
[2013/04/25 14:34:57 | 003,093,180 | ---- | M] () -- C:\Users\Chris\Documents\feed mill.JPG
[2013/04/24 07:29:17 | 002,313,809 | ---- | M] () -- C:\Users\Chris\Documents\4 wks.JPG
[2013/04/20 17:52:05 | 002,010,017 | ---- | M] () -- C:\Users\Chris\Documents\heirloom tom 2013.zip
[2013/04/20 17:45:46 | 003,108,039 | ---- | M] () -- C:\Users\Chris\Documents\Tomato Signs 2013.zip
[2013/04/12 12:42:13 | 000,539,648 | ---- | M] () -- C:\Users\Chris\Documents\Rutgers and Yellow Pear 2013.pub
[2013/04/12 12:39:17 | 000,501,760 | ---- | M] () -- C:\Users\Chris\Documents\Orange Oxheart and Orange Wellington 2013.pub
[2013/04/12 12:35:24 | 000,498,688 | ---- | M] () -- C:\Users\Chris\Documents\Mr.Stripey and Old German 2013.pub
[2013/04/12 12:31:25 | 000,412,160 | ---- | M] () -- C:\Users\Chris\Documents\Green Zebra and Mortgage Lifter.pub
[2013/04/12 12:25:42 | 000,393,728 | ---- | M] () -- C:\Users\Chris\Documents\Elberta Peach and German Johnson 2013.pub
[2013/04/12 12:22:50 | 000,228,352 | ---- | M] () -- C:\Users\Chris\Documents\Brandywine and Cherokee Purple 2013.pub
[2013/04/12 12:18:33 | 000,220,160 | ---- | M] () -- C:\Users\Chris\Documents\Box Car Willie and Brandy Boy 2013.pub
[2013/04/12 12:14:49 | 000,518,144 | ---- | M] () -- C:\Users\Chris\Documents\Black Cherry and Black Krim 2013.pub
[2013/04/12 12:10:39 | 000,286,720 | ---- | M] () -- C:\Users\Chris\Documents\Whopper and Yaqui 2013.pub
[2013/04/12 12:10:39 | 000,286,720 | ---- | M] () -- C:\Users\Chris\Documents\Whopper and Yaqui 2013 - Copy.pub
[2013/04/12 12:07:26 | 000,297,472 | ---- | M] () -- C:\Users\Chris\Documents\Tomatoberry and Viva Italia 2013.pub
[2013/04/12 12:07:26 | 000,297,472 | ---- | M] () -- C:\Users\Chris\Documents\Tomatoberry and Viva Italia 2013 - Copy.pub
[2013/04/12 12:04:03 | 000,326,144 | ---- | M] () -- C:\Users\Chris\Documents\Sweet Olive and Sweet Seedless 2013.pub
[2013/04/12 11:59:01 | 000,266,240 | ---- | M] () -- C:\Users\Chris\Documents\Super Tasty and Sweet 100 2013.pub
[2013/04/12 11:53:47 | 000,148,992 | ---- | M] () -- C:\Users\Chris\Documents\Sungold and Super Marzano 2013.pub
[2013/04/12 11:49:58 | 000,344,576 | ---- | M] () -- C:\Users\Chris\Documents\Steak Sandwich and Sugary 2013.pub
[2013/04/12 11:46:16 | 000,167,936 | ---- | M] () -- C:\Users\Chris\Documents\Roma Plum and San Marzano 2013.pub
[2013/04/12 10:53:51 | 000,207,360 | ---- | M] () -- C:\Users\Chris\Documents\Mountain Magic and Mountain Spring 2013.pub
[2013/04/12 10:53:32 | 000,158,208 | ---- | M] () -- C:\Users\Chris\Documents\Pink Girl and Poseidon 2013.pub
[2013/04/12 10:27:17 | 000,227,840 | ---- | M] () -- C:\Users\Chris\Documents\Napa Grape and Patio 2013.pub
[2013/04/11 20:40:30 | 000,002,372 | ---- | M] () -- C:\Users\Chris\Desktop\Google Chrome.lnk
[2013/04/11 03:22:14 | 000,416,904 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/04/03 14:49:23 | 000,230,400 | ---- | M] () -- C:\Users\Chris\Documents\Jetstar and Jubilee 2013.pub
[2013/04/03 12:56:15 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2013/04/02 21:34:53 | 000,247,296 | ---- | M] () -- C:\Users\Chris\Documents\Nasturtium and Parsley 2013.pub
[2013/04/02 21:17:13 | 000,312,832 | ---- | M] () -- C:\Users\Chris\Documents\Horehound and Hyssop 2013.pub
[2013/04/02 21:08:59 | 000,202,752 | ---- | M] () -- C:\Users\Chris\Documents\Fennel and Germander 2013.pub
[2013/04/02 20:56:30 | 000,181,760 | ---- | M] () -- C:\Users\Chris\Documents\Epazote and Eucalyptus 2013.pub
[2013/04/02 20:34:21 | 000,260,608 | ---- | M] () -- C:\Users\Chris\Documents\Curry-Dill 2013.pub
[2013/04/02 20:26:22 | 000,211,456 | ---- | M] () -- C:\Users\Chris\Documents\Chives-Cilantro 2013.pub
[2013/04/02 20:12:35 | 000,223,744 | ---- | M] () -- C:\Users\Chris\Documents\Celery Leaf-Chervil 2013.pub
[2013/04/02 14:31:31 | 000,238,592 | ---- | M] () -- C:\Users\Chris\Documents\Catnip and Chamomile 2013.pub
[2013/04/02 14:19:32 | 000,217,600 | ---- | M] () -- C:\Users\Chris\Documents\Borage and Cat Grass 2013.pub
[2013/04/02 14:05:36 | 000,163,840 | ---- | M] () -- C:\Users\Chris\Documents\Oregano Golden-Variegated 2013.pub
[2013/04/02 13:49:28 | 000,129,536 | ---- | M] () -- C:\Users\Chris\Documents\Sage Purple-Tricolor 2013.pub
[2013/04/02 13:01:44 | 000,131,072 | ---- | M] () -- C:\Users\Chris\Documents\Sage Berggarten-Pineapple 2013.pub
[2013/04/02 12:46:01 | 000,146,944 | ---- | M] () -- C:\Users\Chris\Documents\Mint Mojito-Spearmint 2013.pub
[2013/04/02 12:33:22 | 000,147,456 | ---- | M] () -- C:\Users\Chris\Documents\Mint Basil-Julep 2013.pub
[2013/04/02 12:16:13 | 000,423,936 | ---- | M] () -- C:\Users\Chris\Documents\Thyme Doone Nutmeg-Wedgewood 2013.pub
[2013/04/02 12:11:34 | 000,425,472 | ---- | M] () -- C:\Users\Chris\Documents\Thyme Doone Valley-Lime 2013.pub
[2013/04/02 11:59:38 | 000,252,928 | ---- | M] () -- C:\Users\Chris\Documents\Rosemary Santa Barbara-Tuscan Blue 2013.pub
[2013/04/02 10:15:48 | 000,254,464 | ---- | M] () -- C:\Users\Chris\Documents\Rosemary Barbeque-Salem 2013.pub
[2013/04/02 09:53:03 | 000,816,640 | ---- | M] () -- C:\Users\Chris\Documents\Lavender French-Provence 2013.pub
[2013/04/02 09:27:16 | 000,217,088 | ---- | M] () -- C:\Users\Chris\Documents\Basil Minette-Thai Siam Queen 2013.pub
[2013/04/02 09:14:00 | 000,217,600 | ---- | M] () -- C:\Users\Chris\Documents\Basil African Blue-Lemon 2013.pub

========== Files Created - No Company Name ==========

[2013/04/25 21:20:38 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/25 17:52:45 | 000,000,009 | ---- | C] () -- C:\END
[2013/04/25 14:35:23 | 003,093,180 | ---- | C] () -- C:\Users\Chris\Documents\feed mill.JPG
[2013/04/24 07:29:53 | 002,313,809 | ---- | C] () -- C:\Users\Chris\Documents\4 wks.JPG
[2013/04/20 17:49:06 | 002,010,017 | ---- | C] () -- C:\Users\Chris\Documents\heirloom tom 2013.zip
[2013/04/20 17:45:46 | 003,108,039 | ---- | C] () -- C:\Users\Chris\Documents\Tomato Signs 2013.zip
[2013/04/20 17:43:34 | 000,297,472 | ---- | C] () -- C:\Users\Chris\Documents\Tomatoberry and Viva Italia 2013 - Copy.pub
[2013/04/20 17:43:34 | 000,286,720 | ---- | C] () -- C:\Users\Chris\Documents\Whopper and Yaqui 2013 - Copy.pub
[2013/04/20 17:38:26 | 000,355,328 | ---- | C] () -- C:\Users\Chris\Documents\Amish paste-Beefy boy 2013.pub
[2013/04/12 12:42:13 | 000,539,648 | ---- | C] () -- C:\Users\Chris\Documents\Rutgers and Yellow Pear 2013.pub
[2013/04/12 12:39:06 | 000,501,760 | ---- | C] () -- C:\Users\Chris\Documents\Orange Oxheart and Orange Wellington 2013.pub
[2013/04/12 12:35:23 | 000,498,688 | ---- | C] () -- C:\Users\Chris\Documents\Mr.Stripey and Old German 2013.pub
[2013/04/12 12:31:25 | 000,412,160 | ---- | C] () -- C:\Users\Chris\Documents\Green Zebra and Mortgage Lifter.pub
[2013/04/12 12:25:42 | 000,393,728 | ---- | C] () -- C:\Users\Chris\Documents\Elberta Peach and German Johnson 2013.pub
[2013/04/12 12:22:49 | 000,228,352 | ---- | C] () -- C:\Users\Chris\Documents\Brandywine and Cherokee Purple 2013.pub
[2013/04/12 12:18:32 | 000,220,160 | ---- | C] () -- C:\Users\Chris\Documents\Box Car Willie and Brandy Boy 2013.pub
[2013/04/12 12:14:49 | 000,518,144 | ---- | C] () -- C:\Users\Chris\Documents\Black Cherry and Black Krim 2013.pub
[2013/04/12 12:10:39 | 000,286,720 | ---- | C] () -- C:\Users\Chris\Documents\Whopper and Yaqui 2013.pub
[2013/04/12 12:07:25 | 000,297,472 | ---- | C] () -- C:\Users\Chris\Documents\Tomatoberry and Viva Italia 2013.pub
[2013/04/12 12:04:02 | 000,326,144 | ---- | C] () -- C:\Users\Chris\Documents\Sweet Olive and Sweet Seedless 2013.pub
[2013/04/12 11:59:01 | 000,266,240 | ---- | C] () -- C:\Users\Chris\Documents\Super Tasty and Sweet 100 2013.pub
[2013/04/12 11:53:47 | 000,148,992 | ---- | C] () -- C:\Users\Chris\Documents\Sungold and Super Marzano 2013.pub
[2013/04/12 11:49:58 | 000,344,576 | ---- | C] () -- C:\Users\Chris\Documents\Steak Sandwich and Sugary 2013.pub
[2013/04/12 11:46:15 | 000,167,936 | ---- | C] () -- C:\Users\Chris\Documents\Roma Plum and San Marzano 2013.pub
[2013/04/12 10:53:32 | 000,158,208 | ---- | C] () -- C:\Users\Chris\Documents\Pink Girl and Poseidon 2013.pub
[2013/04/12 10:27:17 | 000,227,840 | ---- | C] () -- C:\Users\Chris\Documents\Napa Grape and Patio 2013.pub
[2013/04/12 09:28:54 | 000,207,360 | ---- | C] () -- C:\Users\Chris\Documents\Mountain Magic and Mountain Spring 2013.pub
[2013/04/03 14:49:23 | 000,230,400 | ---- | C] () -- C:\Users\Chris\Documents\Jetstar and Jubilee 2013.pub
[2013/04/03 12:56:15 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2013/04/02 21:34:53 | 000,247,296 | ---- | C] () -- C:\Users\Chris\Documents\Nasturtium and Parsley 2013.pub
[2013/04/02 21:17:13 | 000,312,832 | ---- | C] () -- C:\Users\Chris\Documents\Horehound and Hyssop 2013.pub
[2013/04/02 21:02:33 | 000,202,752 | ---- | C] () -- C:\Users\Chris\Documents\Fennel and Germander 2013.pub
[2013/04/02 20:56:30 | 000,181,760 | ---- | C] () -- C:\Users\Chris\Documents\Epazote and Eucalyptus 2013.pub
[2013/04/02 20:34:20 | 000,260,608 | ---- | C] () -- C:\Users\Chris\Documents\Curry-Dill 2013.pub
[2013/04/02 20:26:21 | 000,211,456 | ---- | C] () -- C:\Users\Chris\Documents\Chives-Cilantro 2013.pub
[2013/04/02 20:12:35 | 000,223,744 | ---- | C] () -- C:\Users\Chris\Documents\Celery Leaf-Chervil 2013.pub
[2013/04/02 14:31:30 | 000,238,592 | ---- | C] () -- C:\Users\Chris\Documents\Catnip and Chamomile 2013.pub
[2013/04/02 14:19:32 | 000,217,600 | ---- | C] () -- C:\Users\Chris\Documents\Borage and Cat Grass 2013.pub
[2013/04/02 14:05:36 | 000,163,840 | ---- | C] () -- C:\Users\Chris\Documents\Oregano Golden-Variegated 2013.pub
[2013/04/02 13:49:28 | 000,129,536 | ---- | C] () -- C:\Users\Chris\Documents\Sage Purple-Tricolor 2013.pub
[2013/04/02 13:01:44 | 000,131,072 | ---- | C] () -- C:\Users\Chris\Documents\Sage Berggarten-Pineapple 2013.pub
[2013/04/02 12:46:01 | 000,146,944 | ---- | C] () -- C:\Users\Chris\Documents\Mint Mojito-Spearmint 2013.pub
[2013/04/02 12:33:22 | 000,147,456 | ---- | C] () -- C:\Users\Chris\Documents\Mint Basil-Julep 2013.pub
[2013/04/02 12:16:13 | 000,423,936 | ---- | C] () -- C:\Users\Chris\Documents\Thyme Doone Nutmeg-Wedgewood 2013.pub
[2013/04/02 12:11:34 | 000,425,472 | ---- | C] () -- C:\Users\Chris\Documents\Thyme Doone Valley-Lime 2013.pub
[2013/04/02 11:59:38 | 000,252,928 | ---- | C] () -- C:\Users\Chris\Documents\Rosemary Santa Barbara-Tuscan Blue 2013.pub
[2013/04/02 10:15:48 | 000,254,464 | ---- | C] () -- C:\Users\Chris\Documents\Rosemary Barbeque-Salem 2013.pub
[2013/04/02 09:53:02 | 000,816,640 | ---- | C] () -- C:\Users\Chris\Documents\Lavender French-Provence 2013.pub
[2013/04/02 09:27:16 | 000,217,088 | ---- | C] () -- C:\Users\Chris\Documents\Basil Minette-Thai Siam Queen 2013.pub
[2013/04/02 09:14:00 | 000,217,600 | ---- | C] () -- C:\Users\Chris\Documents\Basil African Blue-Lemon 2013.pub
[2013/03/18 08:53:25 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2012/12/02 22:49:44 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/12/02 22:49:44 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/12/02 22:49:44 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/12/02 22:49:44 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/12/02 22:49:44 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/07/05 20:39:41 | 000,867,020 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2012/07/05 20:39:41 | 000,105,428 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2012/07/05 20:39:40 | 000,128,204 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2012/07/05 18:12:58 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll
[2012/06/08 06:59:19 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
[2012/06/08 06:59:17 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini
[2012/06/08 06:59:17 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
[2012/06/08 06:59:17 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2012/06/08 06:59:17 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
[2012/06/08 06:59:17 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2012/06/08 06:59:17 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2012/06/08 06:59:17 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2012/06/08 04:48:16 | 000,774,004 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/08/20 20:07:47 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Fingertapps
[2012/08/21 20:05:41 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Namco
[2012/09/09 12:58:35 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Rovio
[2012/08/21 22:02:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\SoftGrid Client
[2012/08/21 19:57:07 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TP
[2012/08/21 20:09:08 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\WildTangent

========== Purity Check ==========




< End of report >




OTL Extras logfile created on: 4/25/2013 10:32:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 50.40% Memory free
7.61 Gb Paging File | 5.45 Gb Available in Paging File | 71.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.13 Gb Total Space | 397.66 Gb Free Space | 89.14% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0220D0CF-0316-485B-89A6-A09FED655775}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0930CB6D-EF27-443B-9E08-6B6E71657D84}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{10297126-E3BA-4A28-8D1A-A9CFFBFA07CC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{105A9C53-805F-4498-B120-2DE9654FE01E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{14D5215D-4821-40CD-820D-E8B81E52CAE2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{15614251-623B-465A-ACEA-D7F908B180E0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1B07AD7A-8065-42B6-9BC9-B0847A8DBB2D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2BA76660-AE16-4440-863C-B76E282B19B5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{34E021C7-0C95-472E-8736-288CD6E87BD7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{55644D78-21C6-4EFF-90B5-C9961BE76792}" = rport=138 | protocol=17 | dir=out | app=system |
"{5884ED65-B9A9-4A67-8A16-584FB3F3C4BE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{78DA7A20-8953-4814-A2E2-D3086474F405}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{94C4A61E-CAA3-45E5-A549-CAFAB066B38C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A3E720B2-AF08-4E4B-93DD-9A68448C930F}" = rport=139 | protocol=6 | dir=out | app=system |
"{B616597B-7CC6-41A5-9036-6863DB554356}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C1522727-2D19-4EF6-ACEF-C00EAC5BDC0B}" = rport=137 | protocol=17 | dir=out | app=system |
"{C2ECAE36-5162-4355-9753-2ED9A9991D1F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C3A929DA-1500-4BD0-B670-2611FA01A843}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D2A4BC68-2A0E-48B0-A8D5-4B7849625CD7}" = lport=138 | protocol=17 | dir=in | app=system |
"{D3FFFAD8-5776-4054-8544-2E357B631811}" = lport=445 | protocol=6 | dir=in | app=system |
"{DC86354C-8626-4A27-B1C1-FD94D4D6E661}" = lport=139 | protocol=6 | dir=in | app=system |
"{DDD44FA6-2385-4F78-932B-18AF5CA76369}" = lport=137 | protocol=17 | dir=in | app=system |
"{EC9774D5-30EC-4140-B38B-469B542677D4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F0892DC4-ECF3-4D06-B4E4-48DBB5AEF524}" = rport=445 | protocol=6 | dir=out | app=system |
"{F784695D-7F1A-4724-BB91-025B42C76904}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{040F087C-BE99-448C-A7B8-E7380A9A0834}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{074F64C6-8BFD-4714-8325-BCEEAB771A76}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{092283DF-003A-430F-9B79-9AC31707C3A1}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe |
"{137DA3FB-38CA-44E0-A4FF-64011191759F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1608771E-B0A3-495B-8530-E8C826DBF743}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{16CBF7FB-ECE7-4257-84F3-34F240FA75BF}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{1B3A970A-5795-4EFA-B100-F56C74C7C25A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{23ABDA7B-7299-47E6-892E-833F9519ACE4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{25226192-0914-4376-919F-A3A4604C9F20}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{270133A0-7AA2-46E6-91FF-825F12494040}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |
"{28CF071C-C33F-4691-854F-5B032CBCCDC3}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
"{2E043D85-0176-4F2E-BD4E-C62AE3043545}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{2FB7A0C0-6F64-466E-81B5-9D03E4F93B01}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{31BF4010-ADD5-492E-AB67-8365F3567BD4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{355C7975-0973-4799-BC27-FB7F4600F13D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3AE26650-4965-4AC5-B72C-97D7B69B42E8}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{45B484D7-A548-432A-AA4A-16E71BB77CFE}" = protocol=6 | dir=out | app=system |
"{49FFC1FE-E600-439D-81D7-1696D136B1A0}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
"{4D96B02A-D89C-4BEB-8362-3C34CEEA2014}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{504657A5-D0FE-421E-A546-B164F253C84E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53E910EC-4179-49A6-9B27-E9352D6226E4}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe |
"{55C1B083-B3AF-4B3A-B0AA-49713A07F0FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5FF8430D-25A8-4941-8D04-FA89060F5D38}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{62FB3939-7EEE-4599-883F-6FDBFC617496}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{66B5A027-E014-4F3A-87F9-39B6E6771C4D}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe |
"{7F48E368-11A3-4282-A0DD-C424DA0A80F6}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
"{832536EF-E819-4679-8091-103C46F04DA2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{84F20DEA-8905-4C1E-B50F-2421C4F7E590}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{856DEB29-9DC9-4CB1-AD58-4A84094DBE42}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
"{98ABFAEF-2934-44E0-9C6C-CFFA1090A429}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9E7A5A2C-4D47-42BF-A5E5-0860F18548C1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A5A3E34F-7FE1-4BA4-B18B-E9EE6ED1B432}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
"{B31E4B5A-E97D-4C02-8270-37CA875607D5}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{B8A31674-F70E-49F2-9289-7EAC1FBB8211}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B8ACC9B8-52F5-49DB-A699-83C891E1581D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BE063D25-9DD2-4BF5-9CA6-D24DF95E3696}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C524FC6B-1C1C-4F73-B986-AB583AE70B8D}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
"{CFFA84A0-CF9D-40C9-A2D2-743C9D40D72A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EDE372A0-5B8D-45DA-B3D0-F8B3073183C3}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
"{EDFBEFFC-3300-4795-97DE-39F3FD7AFDC7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EF829C61-E974-41D8-A535-36CC0CDCEAA2}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
"{F5DEE879-9A2D-428E-BDD6-0B7561F8E4B6}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{F6BB97CB-3BE4-4E16-AC86-92BA68EFD0CE}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |
"{F7B59EEA-D3F0-4098-8C19-1E072009C62E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FA37376A-4319-4E72-B1A3-FBAD82DD55BF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FF50A09F-FB86-4FDC-94F4-A794D0122B3F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{FF9A3783-EA37-4A73-A26D-DB62B9468833}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{C636BF30-E434-4596-8B7B-D872AC57219E}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{E2EDBDB8-6BE0-4374-9DA5-A77E85BB2F8A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"CCleaner" = CCleaner
"Dell Support Center" = Dell Support Center
"DW WLAN Card" = DW WLAN Card
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ECFCB07-9BFE-4970-ACA1-D568D982760B}" = Complete Care Business Service Agreement
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E0

 

[Fiery]

Hi ihatethis and welcome to MalwareTips!

I'm Fiery and I would gladly assist you in removing the malware on your computer.

Before we start:

• Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
• Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
• Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
• Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
• The absence of symptoms does not mean your PC is fully disinfected.
• If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
• Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>
I notice you have used Combofix, have you been infected before? Please post the combofix log in your next reply. It should be located in C:\combofix.txt

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
• Click delete
• Please post the content of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt

Please download Junkware Removal Tool to your desktop from here

• Turn off your antivirus software now to avoid potential conflicts
• Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
• The tool will open and start scanning your system
• Please be patient as this can take a while to complete depending on your system's specifications
• On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
• Post the contents of JRT.txt into your next reply

 

[Littlebits]

We have a complete removal guide here- http://malwaretips.com/blogs/mixi-dj-toolbar-virus/

That might help you.

Enjoy!!

 

[ihatethis]

Hi ihatethis and welcome to MalwareTips!

I'm Fiery and I would gladly assist you in removing the malware on your computer.

Before we start:

• Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
• Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
• Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
• Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
• The absence of symptoms does not mean your PC is fully disinfected.
• If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
• Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>
I notice you have used Combofix, have you been infected before? Please post the combofix log in your next reply. It should be located in C:\combofix.txt

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
• Click delete
• Please post the content of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt

Please download Junkware Removal Tool to your desktop from here

• Turn off your antivirus software now to avoid potential conflicts
• Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
• The tool will open and start scanning your system
• Please be patient as this can take a while to complete depending on your system's specifications
• On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
• Post the contents of JRT.txt into your next reply

Here is the JRT LOG. The Combo and ADWcleaner are attached.
Yes i had a problem last year and combofix was one of the many things i was instructed to download. That previous problem is unrelated to the current one i am having.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.9 (04.22.2013:1)
OS: Windows 7 Home Premium x64
Ran by Chris on Fri 04/26/2013 at 6:33:24.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9A9B790B-B423-4AC7-AFDA-5982F78305A0}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 04/26/2013 at 6:36:30.88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[ihatethis]

Wow, im not seeing my reply to the above message from you. I got the 3 logs you asked for. not sure what happened

 

[ihatethis]

Hi ihatethis and welcome to MalwareTips!

I'm Fiery and I would gladly assist you in removing the malware on your computer.

Before we start:

• Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
• Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
• Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
• Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
• The absence of symptoms does not mean your PC is fully disinfected.
• If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
• Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>
I notice you have used Combofix, have you been infected before? Please post the combofix log in your next reply. It should be located in C:\combofix.txt

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
• Click delete
• Please post the content of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt

Please download Junkware Removal Tool to your desktop from here

• Turn off your antivirus software now to avoid potential conflicts
• Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
• The tool will open and start scanning your system
• Please be patient as this can take a while to complete depending on your system's specifications
• On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
• Post the contents of JRT.txt into your next reply

Logs attached

 

[Fiery]

Did the removal guide worked?

If not..

Download & SAVE to your Desktop RogueKiller or from here

• Quit all programs that you may have started.
• Please disconnect any USB or external drives from the computer before you run this scan!
• For Vista or Windows 7, right-click and select Run as Administrator to start
• Wait until Prescan has finished, then click on "Scan" button
• Wait until the Status box shows "Scan Finished"
• Click delete and wait until it saids deleting finished
• Click on "Report" and copy/paste the content of the Notepad into your next reply.
• The log should be found in RKreport[1].txt on your Desktop
  Exit/Close RogueKiller+

 

[ihatethis]

Did the removal guide worked?

If not..

Download & SAVE to your Desktop RogueKiller or from here

• Quit all programs that you may have started.
• Please disconnect any USB or external drives from the computer before you run this scan!
• For Vista or Windows 7, right-click and select Run as Administrator to start
• Wait until Prescan has finished, then click on "Scan" button
• Wait until the Status box shows "Scan Finished"
• Click delete and wait until it saids deleting finished
• Click on "Report" and copy/paste the content of the Notepad into your next reply.
• The log should be found in RKreport[1].txt on your Desktop
  Exit/Close RogueKiller+

I think the previous things worked. I dont get any pop ups and i dont see the toolbar add on when i open IE or Chrome.

 

[Fiery]

Ok.

Anything else you need help with?

 

[ihatethis]

Ok.

Anything else you need help with?

i think that is all. Thanks.