iDayzKilla

i have Trojan.0Access and i can't get rid of it!

Recommended Posts

ComboFix 13-07-09.01 - josh 10/07/2013  16:48:32.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.61.1033.18.3325.1937 [GMT 10:00]

Running from: c:\users\josh\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\progra~1\FREEWO~1\FREEwo~1.dll

c:\users\josh\AppData\Local\Temp\Rar$EXa0.651\hw.exe

c:\users\josh\AppData\Roaming\Roaming

c:\users\josh\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst

c:\users\Williams\AppData\Roaming\DataSafeDotNet.exe

c:\users\Williams\Documents\~WRL0005.tmp

c:\users\Williams\Documents\~WRL2295.tmp

c:\windows\security\Database\tmp.edb

c:\windows\system32\frapsvid.dll

.

.

(((((((((((((((((((((((((   Files Created from 2013-06-10 to 2013-07-10  )))))))))))))))))))))))))))))))

.

.

2013-07-10 07:05 . 2013-07-10 07:09 -------- d-----w- c:\users\josh\AppData\Local\temp

2013-07-10 07:05 . 2013-07-10 07:05 -------- d-----w- c:\users\Williams\AppData\Local\temp

2013-07-10 07:05 . 2013-07-10 07:05 -------- d-----w- c:\users\Ken\AppData\Local\temp

2013-07-10 05:00 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9E888C58-2445-4BCE-9BCF-93F61A78F209}\mpengine.dll

2013-07-09 06:58 . 2013-07-09 06:58 -------- d-----w- c:\users\josh\AppData\Roaming\Quest3D

2013-07-09 06:56 . 2013-07-09 06:56 -------- d-----w- c:\program files\NVIDIA Corporation

2013-07-09 00:47 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-07-08 08:41 . 2013-07-08 08:41 -------- d-----w- c:\users\josh\AppData\Local\Unity

2013-07-07 01:18 . 2013-07-07 01:23 193 ----a-w- c:\windows\DeleteOnReboot.bat

2013-07-07 01:12 . 2013-07-07 01:12 -------- d-----w- c:\windows\ERUNT

2013-07-07 01:11 . 2013-07-07 01:11 -------- d-----w- C:\JRT

2013-07-06 23:28 . 2013-07-06 23:28 -------- d-----w- c:\users\josh\AppData\Roaming\Uniblue

2013-07-03 21:49 . 2013-07-03 21:49 -------- d-----w- c:\programdata\McAfee Security Scan

2013-07-03 21:47 . 2013-07-03 21:47 -------- d-----w- c:\program files\LogMeIn Hamachi

2013-07-03 07:44 . 2013-07-03 07:44 -------- d-----w- c:\users\josh\AppData\Roaming\HPAppData

2013-07-03 07:43 . 2013-07-03 07:43 -------- d-----w- c:\program files\AMD APP

2013-07-03 07:36 . 2013-07-03 07:36 -------- d-----w- c:\program files\ATI

2013-07-03 07:35 . 2013-07-03 07:35 -------- d-----w- C:\AMD

2013-07-03 06:50 . 2013-07-04 01:23 -------- d-----w- C:\@RestoreQuarantine

2013-07-03 03:20 . 2013-07-03 03:20 -------- d-----w- C:\BackSys

2013-07-02 22:59 . 2013-07-02 22:59 40208 ----a-w- c:\windows\system32\Partizan.exe

2013-07-02 22:59 . 2013-07-02 22:59 24416 ----a-w- c:\windows\system32\drivers\regguard.sys

2013-07-02 22:24 . 2013-07-10 07:09 -------- d-----w- c:\programdata\RegRun

2013-07-02 22:24 . 2013-07-02 22:24 32290 ----a-w- c:\windows\system32\drivers\Partizan.sys

2013-07-02 22:24 . 2013-07-02 22:24 2 --shatr- c:\windows\winstart.bat

2013-07-02 22:24 . 2013-06-04 02:23 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys

2013-07-02 22:24 . 2013-07-03 05:53 -------- d-----w- c:\program files\UnHackMe

2013-07-02 09:36 . 2013-07-02 09:40 -------- d-----w- c:\program files\BreakingNews

2013-07-02 09:34 . 2013-07-02 09:34 -------- d-----w- c:\users\josh\AppData\Local\TopArcadeHits

2013-07-01 15:35 . 2013-07-01 12:44 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{54B1D383-4166-46AA-8AAC-D9BC7625F866}\gapaengine.dll

2013-07-01 12:12 . 2013-07-01 12:12 -------- d-----w- C:\9a65bd9af90ba97ce36c19

2013-07-01 12:05 . 2013-07-01 12:07 -------- d-----w- c:\program files\Microsoft Security Client

2013-07-01 11:25 . 2013-07-01 11:25 -------- d-----w- c:\users\josh\AppData\Roaming\Malwarebytes

2013-07-01 06:44 . 2013-07-01 06:44 -------- d-----w- c:\users\Williams\AppData\Roaming\Malwarebytes

2013-07-01 06:43 . 2013-07-01 06:43 -------- d-----w- c:\programdata\Malwarebytes

2013-07-01 06:43 . 2013-07-01 06:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-07-01 06:43 . 2013-04-04 04:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-07-01 06:42 . 2013-07-01 06:42 -------- d-----w- c:\programdata\1E1A5

2013-07-01 00:49 . 2013-07-01 00:49 -------- d-----w- c:\users\josh\AppData\Local\Macromedia

2013-07-01 00:48 . 2013-07-01 00:48 -------- d-----w- c:\users\josh\AppData\Local\Mozilla

2013-06-29 05:26 . 2013-06-29 05:26 -------- d-----w- c:\users\josh\AppData\Roaming\MotioninJoy

2013-06-29 05:26 . 2009-11-24 05:29 61984 ----a-w- c:\windows\system32\drivers\xusb21.sys

2013-06-29 05:26 . 2009-09-11 02:47 255496 ----a-w- c:\windows\system32\MijFrc.dll

2013-06-29 05:26 . 2013-06-29 05:27 99400 ----a-w- c:\windows\system32\drivers\MijXfilt.sys

2013-06-28 23:40 . 2007-06-29 04:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys

2013-06-28 23:40 . 2013-06-28 23:40 -------- d-----w- c:\program files\AMD

2013-06-28 23:39 . 2013-07-09 06:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2013-06-25 06:31 . 2013-07-04 23:58 -------- d-----w- c:\program files\McAfee Security Scan

2013-06-25 06:28 . 2013-06-25 06:24 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-06-21 06:39 . 2013-06-21 06:39 -------- d-----w- c:\users\josh\AppData\Roaming\.StarMade

2013-06-18 11:43 . 2013-06-18 11:43 -------- d-----w- c:\users\josh\AppData\Roaming\3909 LLC

2013-06-17 12:00 . 2013-06-17 12:00 -------- d-----w- c:\users\josh\AppData\Local\IsolatedStorage

2013-06-15 09:10 . 2013-05-28 13:05 163328 ----a-w- c:\windows\system32\FlashPlayerUpdateService.exe

2013-06-11 21:13 . 2013-04-24 04:00 985600 ----a-w- c:\windows\system32\crypt32.dll

2013-06-11 21:13 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe

2013-06-11 21:13 . 2013-04-24 04:00 98304 ----a-w- c:\windows\system32\cryptnet.dll

2013-06-11 21:13 . 2013-04-24 04:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2013-06-11 21:13 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll

2013-06-11 21:13 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll

2013-06-11 21:13 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll

2013-06-11 21:13 . 2013-05-08 03:40 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-06-11 21:13 . 2013-05-08 01:58 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2013-06-11 21:12 . 2013-05-02 22:03 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-06-11 21:12 . 2013-05-02 22:03 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-06-11 21:12 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-25 06:24 . 2012-05-12 23:10 867240 ----a-w- c:\windows\system32\npdeployJava1.dll

2013-06-25 06:24 . 2011-11-05 20:14 789416 ----a-w- c:\windows\system32\deployJava1.dll

2013-06-13 07:39 . 2012-11-11 06:17 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-06-13 07:39 . 2012-11-11 06:17 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-06-12 01:43 . 2013-05-15 08:23 9089416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2013-05-28 07:58 . 2013-04-11 01:15 139424 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2013-05-28 07:58 . 2013-05-28 07:46 282104 ----a-w- c:\windows\system32\PnkBstrB.xtr

2013-05-28 07:58 . 2013-04-11 01:15 282104 ----a-w- c:\windows\system32\PnkBstrB.exe

2013-05-28 07:42 . 2013-04-11 01:15 138056 ----a-w- c:\users\josh\AppData\Roaming\PnkBstrK.sys

2013-05-28 07:41 . 2013-04-11 01:15 75136 ----a-w- c:\windows\system32\PnkBstrA.exe

2013-05-22 12:15 . 2013-05-22 12:16 18584 ----a-w- c:\windows\system32\drivers\evolve.sys

2013-05-13 10:53 . 2009-08-18 01:24 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-02 15:28 . 2009-10-31 05:22 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-04-15 14:20 . 2013-05-15 00:13 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-04-13 10:56 . 2013-05-15 00:13 37376 ----a-w- c:\windows\system32\cdd.dll

2012-07-31 23:29 . 2011-12-25 07:52 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{BA3E58F7-60C6-485E-A775-0C1FD9C0E55E}]

2013-06-03 08:17 373904 ----a-w- c:\program files\BreakingNews\ScriptHost.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"Steam"="c:\program files\Steam\steam2\steam.exe" [2013-07-10 1672616]

"Desura"="c:\program files\Desura\desura.exe" [2012-11-24 2529096]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"Dxtory Update Checker 2.0"="c:\program files\Dxtory Software\Dxtory2.0\UpdateChecker.exe" [2010-10-17 93696]

"EvolveClient"="c:\program files\Echobit\Evolve\EvolveClient.exe" [2013-07-04 2708440]

"BreakingNews"="c:\program files\BreakingNews\BreakingNews\DesktopContainer.exe" [2013-06-26 572048]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-20 19875432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-13 6609440]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-19 3810304]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 641704]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]

"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-04-09 1762032]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]

"NetWorx"="c:\program files\NetWorx\networx.exe" [2009-08-23 1890304]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]

"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184]

.

c:\users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

.

c:\users\josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-2-27 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2009-07-01 15:54 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ   autocheck autochk *\0Partizan

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-01-13 81920]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - Partizan

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache

HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-06-18 21:23 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2011-06-18 21:02 114176 ----a-w- c:\windows\System32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2013-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-11 13:05]

.

2013-07-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3287801049-2637330249-1735968051-1000Core.job

- c:\users\Williams\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-18 23:55]

.

2013-07-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3287801049-2637330249-1735968051-1000UA.job

- c:\users\Williams\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-18 23:55]

.

2013-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-30 01:05]

.

2013-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-30 01:05]

.

2013-07-09 c:\windows\Tasks\Norton Security Scan for Williams.job

- c:\progra~1\NORTON~2\Engine\301~1.8\Nss.exe [2011-01-14 16:30]

.

2013-07-10 c:\windows\Tasks\TopArcadeHits.job

- c:\users\josh\AppData\Local\TopArcadeHits\updater.exe [2013-07-02 09:34]

.

.

------- Supplementary Scan -------

.




IE: {{45d8438c-b51d-47a8-aeea-9061535f25f1} - {b52d0735-ec19-448a-abde-e01b5bd275d2} -

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

FF - ProfilePath - c:\users\josh\AppData\Roaming\mozilla\firefox\Profiles\lxx114p3.default\

FF - prefs.js: browser.startup.homepage - 

FF - ExtSQL: 2013-05-17 18:16; {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}

FF - ExtSQL: 2013-06-30 10:51; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn

FF - ExtSQL: 2013-07-01 08:23; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-Exetender - c:\program files\Free Ride Games\GPlayer.exe

HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe

HKU-Default-Run-Exetender - c:\program files\Free Ride Games\GPlayer.exe

SafeBoot-64454901.sys

SafeBoot-81080568.sys

SafeBoot-WudfPf

SafeBoot-WudfRd

SafeBoot-mcmscsvc

SafeBoot-MCODS

AddRemove-BattlEye for A2 - c:\program files\Steam\steam2\steamapps\common\Arma 2BattlEye\UnInstallBE.exe

AddRemove-FarmingSimulator2013DemoEN_is1 - c:\program files\Farming Simulator 2013 Demo\unins000.exe

AddRemove-Fraps - c:\fraps\uninstall.exe

AddRemove-Picasa 3 - c:\users\josh\Desktop\Picasa3\Uninstall.exe

AddRemove-Steam App 42690 - c:\program files\Steam\steam.exe

AddRemove-Steam App 42910 - c:\program files\Steam\steam.exe

AddRemove-Xfire - c:\users\josh\Desktop\Xfire\uninst.exe

AddRemove-Zoom Downloader - c:\program files\Zoom Downloader\uninstall.exe

AddRemove-{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1 - c:\program files\MotioninJoy\unins000.exe

AddRemove-{cb6d194b-149b-4e28-9b6b-fd0bdaa2aa7c}_is1 - c:\program files\DownTangoLauncherToolbar\unins001.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-07-10 17:09

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...  

.

scanning hidden autostart entries ... 

.

scanning hidden files ...  

.

.

c:\users\josh\AppData\Roaming\Microsoft\Windows\Cookies\1UK7P2IU.txt

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]

"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\windows\system32\atiesrxx.exe

c:\program files\Dell\DellDock\DockLogin.exe

c:\windows\system32\atieclxx.exe

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\windows\system32\WLANExt.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\FreeWordHelper\FreeWordHelperUpdt.exe

c:\program files\LogMeIn Hamachi\hamachi-2.exe

c:\windows\system32\PnkBstrB.exe

c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\System32\WUDFHost.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Microsoft Office\Office12\ONENOTEM.EXE

c:\windows\ehome\ehmsas.exe

c:\program files\Windows Media Player\wmpnscfg.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

c:\program files\Common Files\Steam\SteamService.exe

c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.exe

c:\program files\Windows Media Player\wmpnscfg.exe

c:\program files\Windows Media Player\wmpnscfg.exe

.

**************************************************************************

.

Completion time: 2013-07-10  17:18:22 - machine was rebooted

ComboFix-quarantined-files.txt  2013-07-10 07:18

.

Pre-Run: 74,509,103,104 bytes free

Post-Run: 75,847,147,520 bytes free

.

- - End Of File - - 9FD560F6DC658FD0EDA919125AD5FC45

5C616939100B85E558DA92B899A0FC36

Share this post


Link to post
Share on other sites

Please uninstall this application: TopArcadeHits and next:

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Share this post


Link to post
Share on other sites

i turned my pc on and a message came up saying "The recycle bin on C:\ is corrupted. Do you want to empty bin for this drive?" i clicked yes and one file couldn't be deleted called Antimalwere and i did a scan on it with malwerebytes and this is the log. im not sure how to get rid of it. Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org
 
Database version: v2013.07.10.03
 
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
josh :: WILLIAMS-PC [administrator]
 
Protection: Enabled
 
10/07/2013 7:48:36 PM
mbam-log-2013-07-10 (19-48-36).txt
 
Scan type: Custom scan (C:\Users\josh\Desktop\Recycle Bin - Shortcut.lnk|)
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
Objects scanned: 1
Time elapsed: 3 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)

Share this post


Link to post
Share on other sites

Please uninstall this application: BreakingNews , reboot and let me know.

Share this post


Link to post
Share on other sites
C:\found.001\dir0000.chk\wajam_adknowledge[1].exe Win32/Wajam.A application cleaned by deleting - quarantined

C:\Program Files\Cheat Engine 6.2\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application cleaned by deleting - quarantined

C:\Program Files\Cheat Engine 6.2\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF application cleaned by deleting - quarantined

C:\Program Files\~Web Assistant\Extension32.dll a variant of Win32/Toolbar.Perion.A application cleaned by deleting - quarantined

C:\Program Files\~Web Assistant\ExtensionUpdaterService.exe a variant of Win32/Toolbar.Perion.C application cleaned by deleting - quarantined

C:\Program Files\~Web Assistant\InstallerHelper.dll a variant of Win32/Toolbar.Perion.B application cleaned by deleting - quarantined

C:\Program Files\~Web Assistant\source.crx Win32/Toolbar.Perion.D application deleted - quarantined

C:\Program Files\~Web Assistant\Firefox\chrome\content\main.js Win32/Toolbar.Perion.D application cleaned by deleting - quarantined

C:\Users\josh\Desktop\cbsidlm-tr1_13-UnHackMe-ORG-68786.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined

C:\Users\josh\Desktop\Minecraft Launcher by AnjoCaido.exe a variant of Win32/4Shared.D application cleaned by deleting - quarantined

C:\Users\josh\Desktop\my stuff\stuff stuff stuff\MY STUFF\PROGRAMS\mp3rocket.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined

C:\Users\josh\Downloads\bs_ScreenFlow.exe Win32/OpenCandy application cleaned by deleting - quarantined

C:\Users\josh\Downloads\Download.exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined

C:\Users\josh\Downloads\Hack-Dayz (1).exe a variant of MSIL/PSW.Agent.NID trojan cleaned by deleting - quarantined

C:\Users\josh\Downloads\Hack-Dayz (2).exe a variant of MSIL/PSW.Agent.NID trojan cleaned by deleting - quarantined

C:\Users\josh\Downloads\Hack-Dayz.exe a variant of MSIL/PSW.Agent.NID trojan cleaned by deleting - quarantined

C:\Users\josh\Downloads\installer_gta-sanandreas_English.exe a variant of Win32/Vittalia.E application cleaned by deleting - quarantined

C:\Users\josh\Downloads\SoftonicDownloader_for_farming-simulator-2013.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined

C:\Users\josh\Downloads\TIMMUR-HAX-Updated 1.7.4.4 be 1.185.exe a variant of MSIL/PSW.Agent.NID trojan cleaned by deleting - quarantined

C:\Users\josh\Downloads\xfire_installer_46071.exe Win32/OpenCandy application cleaned by deleting - quarantined

C:\Users\josh\Downloads\Terraria\Terraria.v1.0.4.cracked-THETA.rar a variant of Win32/HackTool.Crack.B application deleted - quarantined

C:\Users\Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_1\background.html JS/Adware.Yontoo.A application cleaned by deleting - quarantined

C:\Users\Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_1\yl.js JS/Adware.Yontoo.A application cleaned by deleting - quarantined

C:\Users\Williams\Desktop\CheatEngine62.exe multiple threats cleaned by deleting - quarantined

C:\Users\Williams\Desktop\SoftonicDownloader_for_slender.exe a variant of Win32/SoftonicDownloader.D application cleaned by deleting - quarantined

C:\Users\Williams\Desktop\computer stuff\ezLookerSilent_DDD_FTT_BG_BD_BVD.exe multiple threats cleaned by deleting - quarantined

C:\Users\Williams\Desktop\minecraft server al3\softonic_ggl_1.6.4.3.exe Win32/Toolbar.Funmoods application cleaned by deleting - quarantined

C:\Users\Williams\Downloads\ac3filter_app_1200.exe a variant of Win32/InstallIQ.A application cleaned by deleting - quarantined

C:\Users\Williams\Downloads\BandooV5.exe a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined

C:\Users\Williams\Downloads\dexpot_161_r2121.exe Win32/OpenCandy application cleaned by deleting - quarantined

C:\Users\Williams\Downloads\DownloadSetup.exe Win32/InstallMate.A application cleaned by deleting - quarantined

C:\Users\Williams\Downloads\FastDownload.exe Win32/InstallMate.A application cleaned by deleting - quarantined

C:\Users\Williams\Downloads\iLividSetupV1(1).exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined

C:\Users\Williams\Downloads\installer_7-zip.exe multiple threats cleaned by deleting - quarantined

C:\Users\Williams\Downloads\Installer_Regwork.exe a variant of Win32/Adware.RegRevive application cleaned by deleting - quarantined

C:\Users\Williams\Downloads\jenkatarcade.exe a variant of Win32/InstallIQ.A application cleaned by deleting - quarantined

C:\Users\Williams\Downloads\PCHealthDoc_Unzip.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined

C:\Users\Williams\Downloads\SoftonicDownloader_for_call-of-duty-4.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined

C:\Users\Williams\Downloads\SoftonicDownloader_for_steam.exe Win32/SoftonicDownloader.D application cleaned by deleting - quarantined

C:\Users\Williams\Downloads\SweetImSetup (1).exe a variant of Win32/SweetIM.B application cleaned by deleting - quarantined

C:\Users\Williams\Downloads\SweetImSetup (2).exe a variant of Win32/SweetIM.C application cleaned by deleting - quarantined

C:\Users\Williams\Downloads\SweetImSetup.exe a variant of Win32/SweetIM.B application cleaned by deleting - quarantined

C:\Users\Williams\Downloads\winzip160.exe Win32/OpenCandy application deleted - quarantined

C:\Windows\Installer\512167a.msi a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined

C:\Windows\Installer\89ad046.msi a variant of Win32/Toolbar.Linkury.A application deleted - quarantined

Share this post


Link to post
Share on other sites

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Share this post


Link to post
Share on other sites
OTL logfile created on: 11/07/2013 8:22:18 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\josh\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

 

3.25 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 57.23% Memory free

6.72 Gb Paging File | 4.52 Gb Available in Paging File | 67.23% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 581.11 Gb Total Space | 76.94 Gb Free Space | 13.24% Space Free | Partition Type: NTFS

Drive D: | 15.00 Gb Total Space | 9.74 Gb Free Space | 64.91% Space Free | Partition Type: NTFS

 

Computer Name: WILLIAMS-PC | User Name: josh | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013/07/11 19:44:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\josh\Desktop\OTL.exe

PRC - [2013/07/10 11:56:22 | 000,559,016 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe

PRC - [2013/07/10 11:56:20 | 001,672,616 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam2\Steam.exe

PRC - [2013/06/28 14:02:06 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe

PRC - [2013/06/28 14:02:04 | 001,440,080 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

PRC - [2013/05/28 23:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe

PRC - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2013/03/05 17:47:14 | 007,330,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgmfapx.exe

PRC - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe

PRC - [2013/01/27 11:11:46 | 000,284,304 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe

PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe

PRC - [2012/11/17 06:45:20 | 000,453,632 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe

PRC - [2012/11/17 06:44:46 | 000,217,088 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe

PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe

PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe

PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe

PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe

PRC - [2012/10/22 13:04:06 | 000,329,848 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcfgex.exe

PRC - [2012/10/22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe

PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe

PRC - [2012/06/11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE

PRC - [2011/12/16 16:51:54 | 001,778,176 | ---- | M] () -- C:\Program Files\FreeWordHelper\FreeWordHelperUpdt.exe

PRC - [2010/09/03 16:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe

PRC - [2009/08/24 08:43:18 | 001,890,304 | ---- | M] (SoftPerfect Research) -- C:\Program Files\NetWorx\networx.exe

PRC - [2009/06/03 13:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe

PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/04/09 18:29:00 | 001,762,032 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe

PRC - [2009/01/30 02:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe

PRC - [2009/01/13 20:32:52 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe

PRC - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

PRC - [2008/03/18 02:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

PRC - [2008/01/21 12:24:43 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe

PRC - [2008/01/21 12:23:43 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/07/10 11:56:22 | 001,121,704 | ---- | M] () -- C:\Program Files\Steam\steam2\bin\chromehtml.dll

MOD - [2013/07/10 07:45:48 | 020,625,832 | ---- | M] () -- C:\Program Files\Steam\steam2\bin\libcef.dll

MOD - [2013/07/02 02:20:48 | 000,652,800 | ---- | M] () -- C:\Program Files\Steam\steam2\SDL2.dll

MOD - [2013/06/15 09:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files\Steam\steam2\bin\avcodec-53.dll

MOD - [2013/06/15 09:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files\Steam\steam2\bin\avformat-53.dll

MOD - [2013/06/15 09:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files\Steam\steam2\bin\avutil-51.dll

MOD - [2013/05/17 07:53:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3da65115bf9debbf564861f6b123a2e4\System.Configuration.ni.dll

MOD - [2013/05/17 07:49:42 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e9ea3e70247b4aa4a8b260426db3aa6b\System.Windows.Forms.ni.dll

MOD - [2013/05/17 07:49:21 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2673a8a481ae675588349b79b521cec1\PresentationFramework.ni.dll

MOD - [2013/05/17 07:49:03 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a3968930e9e2ae833447b0a280082073\PresentationCore.ni.dll

MOD - [2013/05/17 07:48:40 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fe2a238282c6fedc2a21b3dd25885437\WindowsBase.ni.dll

MOD - [2013/02/16 16:33:59 | 011,820,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll

MOD - [2013/02/16 16:33:49 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\d186bf251ae14af93b3a943d472ee9f5\System.Web.Services.ni.dll

MOD - [2013/01/11 02:39:53 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll

MOD - [2013/01/11 02:37:48 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9b2eef59d0cfc5aff182d0951de5f040\Accessibility.ni.dll

MOD - [2013/01/11 02:37:44 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll

MOD - [2013/01/11 02:37:20 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll

MOD - [2013/01/11 02:36:52 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll

MOD - [2013/01/11 02:35:36 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll

MOD - [2013/01/11 02:35:24 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll

MOD - [2012/11/17 05:37:32 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll

MOD - [2012/11/16 15:09:18 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

MOD - [2011/11/01 22:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/11/01 22:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2009/07/02 01:50:31 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3331.38812__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll

MOD - [2009/07/02 01:50:31 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3331.38896__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll

MOD - [2009/07/02 01:50:31 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3331.38795__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll

MOD - [2009/07/02 01:50:31 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3331.38814__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll

MOD - [2009/07/02 01:50:31 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3331.38897__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll

MOD - [2009/07/02 01:50:31 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3331.38802__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll

MOD - [2009/07/02 01:50:31 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3331.38809__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll

MOD - [2009/07/02 01:50:31 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3331.38838__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll

MOD - [2009/07/02 01:50:31 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3331.38803__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll

MOD - [2009/07/02 01:50:30 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3331.38841__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll

MOD - [2009/07/02 01:50:30 | 000,712,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3331.38804__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll

MOD - [2009/07/02 01:50:30 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3331.38869__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll

MOD - [2009/07/02 01:50:30 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3331.38859__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll

MOD - [2009/07/02 01:50:30 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3331.38814__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll

MOD - [2009/07/02 01:50:30 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3331.38850__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll

MOD - [2009/07/02 01:50:30 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3331.38860__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll

MOD - [2009/07/02 01:50:30 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3331.38840__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll

MOD - [2009/07/02 01:50:30 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3331.38839__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll

MOD - [2009/07/02 01:50:30 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3331.38858__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll

MOD - [2009/07/02 01:50:30 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3331.38818__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll

MOD - [2009/07/02 01:50:30 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3331.38850__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll

MOD - [2009/07/02 01:50:29 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll

MOD - [2009/07/02 01:50:29 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll

MOD - [2009/07/02 01:50:29 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3331.38840__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll

MOD - [2009/07/02 01:50:29 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll

MOD - [2009/07/02 01:50:29 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll

MOD - [2009/07/02 01:50:29 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll

MOD - [2009/07/02 01:50:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll

MOD - [2009/07/02 01:50:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll

MOD - [2009/07/02 01:50:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll

MOD - [2009/07/02 01:50:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll

MOD - [2009/07/02 01:50:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll

MOD - [2009/07/02 01:50:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll

MOD - [2009/07/02 01:50:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll

MOD - [2009/07/02 01:50:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll

MOD - [2009/07/02 01:50:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll

MOD - [2009/07/02 01:50:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll

MOD - [2009/07/02 01:50:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll

MOD - [2009/07/02 01:50:29 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll

MOD - [2009/07/02 01:50:28 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3331.38890__90ba9c70f846762e\MOM.Implementation.dll

MOD - [2009/07/02 01:50:28 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3331.38888__90ba9c70f846762e\LOG.Foundation.Implementation.dll

MOD - [2009/07/02 01:50:28 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3309.28647__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3331.38906__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll

MOD - [2009/07/02 01:50:28 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll

MOD - [2009/07/02 01:50:28 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll

MOD - [2009/07/02 01:50:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll

MOD - [2009/07/02 01:50:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll

MOD - [2009/07/02 01:50:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll

MOD - [2009/07/02 01:50:28 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll

MOD - [2009/07/02 01:50:28 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3331.38791__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll

MOD - [2009/07/02 01:50:27 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3331.38799__90ba9c70f846762e\CLI.Component.Dashboard.dll

MOD - [2009/07/02 01:50:27 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3331.38808__90ba9c70f846762e\CLI.Component.Wizard.dll

MOD - [2009/07/02 01:50:27 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3331.38793__90ba9c70f846762e\CLI.Component.Runtime.dll

MOD - [2009/07/02 01:50:27 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3331.38793__90ba9c70f846762e\ATIDEMOS.dll

MOD - [2009/07/02 01:50:27 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3331.38792__90ba9c70f846762e\APM.Server.dll

MOD - [2009/07/02 01:50:27 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3331.38794__90ba9c70f846762e\CLI.Component.SkinFactory.dll

MOD - [2009/07/02 01:50:27 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll

MOD - [2009/07/02 01:50:27 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3331.38791__90ba9c70f846762e\AEM.Server.dll

MOD - [2009/07/02 01:50:27 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll

MOD - [2009/07/02 01:50:27 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll

MOD - [2009/07/02 01:50:27 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll

MOD - [2009/07/02 01:50:27 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3331.38889__90ba9c70f846762e\CCC.Implementation.dll

MOD - [2009/07/02 01:50:27 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll

MOD - [2009/07/02 01:50:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll

MOD - [2009/07/02 01:50:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll

MOD - [2009/06/28 00:29:34 | 000,439,296 | ---- | M] () -- C:\Program Files\NetWorx\sqlite.dll

MOD - [2009/04/09 18:29:00 | 001,762,032 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe

MOD - [2009/04/09 18:29:00 | 000,263,920 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.dll

MOD - [2009/04/09 18:29:00 | 000,132,336 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.XmlSerializers.dll

MOD - [2009/04/09 18:29:00 | 000,095,472 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbUI.dll

MOD - [2009/04/09 18:29:00 | 000,058,608 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\BalloonWindow.dll

MOD - [2009/04/09 18:29:00 | 000,017,648 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\CppUtils.dll

MOD - [2009/01/19 19:41:52 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll

 

 

========== Services (SafeList) ==========

 

SRV - [2013/07/10 11:56:22 | 000,559,016 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2013/07/05 09:44:46 | 001,495,512 | ---- | M] (Echobit LLC) [On_Demand | Stopped] -- C:\Program Files\Echobit\Evolve\EvoSvc.exe -- (EvoSvc)

SRV - [2013/06/28 14:02:04 | 001,440,080 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2013/05/28 23:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2012/12/10 11:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgfws.exe -- (avgfws)

SRV - [2012/11/24 11:18:02 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files\Common Files\Desura\desura_service.exe -- (Desura Install Service)

SRV - [2012/11/17 06:44:46 | 000,217,088 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)

SRV - [2012/08/01 09:29:15 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/06/11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)

SRV - [2012/06/11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)

SRV - [2011/12/16 16:51:54 | 001,778,176 | ---- | M] () [Auto | Running] -- C:\Program Files\FreeWordHelper\FreeWordHelperUpdt.exe -- (FreeWordHelper)

SRV - [2010/09/03 16:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/07/02 01:54:16 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)

SRV - [2009/01/30 02:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)

SRV - [2009/01/13 20:32:52 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)

SRV - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV - [2008/01/21 12:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\Free Ride Games\X6XSEx_Pr143.Sys -- (X6XSEx_Pr143)

DRV - File not found [Kernel | Boot | Unknown] -- system32\drivers\Partizan.sys -- (Partizan)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\kkhlafex.sys -- (kkhlafex)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - [2013/07/11 15:27:19 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68AECD3A-7458-4361-B541-A3A96671453F}\MpKsl5a67bc44.sys -- (MpKsl5a67bc44)

DRV - [2013/06/29 15:27:11 | 000,099,400 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)

DRV - [2013/05/22 22:15:28 | 000,018,584 | ---- | M] (Echobit, LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\evolve.sys -- (EvolveVirtualAdapter)

DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2012/11/17 07:07:06 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2012/11/17 07:07:06 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2012/11/17 07:07:06 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)

DRV - [2012/11/17 05:38:48 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)

DRV - [2012/11/15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)

DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)

DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)

DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)

DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)

DRV - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)

DRV - [2012/02/23 22:31:36 | 000,083,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)

DRV - [2011/08/02 16:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)

DRV - [2009/08/29 12:51:51 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\pssdk42.sys -- (PSSDK42)

DRV - [2009/03/18 15:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)

DRV - [2009/01/19 19:40:58 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)

DRV - [2009/01/13 22:39:40 | 000,138,240 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2008/11/05 09:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})

DRV - [2008/04/03 22:36:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)

DRV - [2008/01/21 12:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)

DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope = 

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com

IE - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com

IE - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\..\SearchScopes\{52AC9703-45DB-48CB-A233-DFB87D488AF3}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox

IE - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\..\SearchScopes\{54C213C6-A9BA-4FA8-8613-A96262987179}: "URL" = http://delicious.com/search?p={searchTerms}

IE - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\..\SearchScopes\{65478155-B43B-4152-9DB2-D9029124ED8C}: "URL" = http://www.flickr.com/search/?q={searchTerms}

IE - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\..\SearchScopes\{A085142A-1794-4EBD-991E-894EEC4E13B8}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\..\SearchScopes\{EED74EFB-6793-4D8C-867D-875B47980146}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9

IE - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: 

FF - prefs.js..browser.search.defaultenginename: "Google" 

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll File not found

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Users\josh\Desktop\Picasa3\npPicasa3.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@news.net/npapi: C:\Program Files\BreakingNews\npapi.dll (news.net)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\www.exent.com/GameTreatWidget: C:\Program Files\Free Ride Games\NPGameTreatPlugin.dll File not found

FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\josh\AppData\Local\Roblox\Versions\version-bac2ef28b67142d0\\NPRobloxProxy.dll ()

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\josh\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/01 19:23:00 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/07 09:22:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/07 09:22:58 | 000,000,000 | ---D | M]

 

[2013/07/02 19:34:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\josh\AppData\Roaming\mozilla\Extensions

[2013/07/10 20:00:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\josh\AppData\Roaming\mozilla\firefox\Profiles\lxx114p3.default\Extensions

[2013/07/02 19:40:14 | 000,000,000 | ---D | M] (news.net) -- C:\Users\josh\AppData\Roaming\mozilla\firefox\Profiles\lxx114p3.default\Extensions\news@news.net

[2013/07/03 16:51:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2013/06/15 11:33:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012/09/18 19:38:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2013/05/17 18:16:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}

[2013/06/15 11:33:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions

[2013/06/15 11:33:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012/08/01 09:29:16 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/12/07 23:57:20 | 000,075,776 | ---- | M] (Free Word Help) -- C:\Program Files\mozilla firefox\plugins\npFreeWordHelper.dll

[2012/04/24 17:20:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/04/24 17:20:42 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

[2009/04/07 12:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober703666315.gif

[2009/12/18 05:46:46 | 000,000,202 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober703666315.src

 

========== Chrome  ==========

 

CHR - default_search_provider: Mixi.DJ Search (Enabled)

CHR - default_search_provider: search_url = http://mixidj.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=669D0000A1F8C1A8&affID=121136&tsp=4931

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: 

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll

CHR - plugin: Norton Confidential (Enabled) = C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\npcoplgn.dll

CHR - plugin: widdit (Enabled) = C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdabpabkmacjiiooccecnpakonoibah\1.4_0\npwiddit.dll

CHR - plugin: Free Word Help (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\npFreeWordHelper.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Adobe Acrobat (Enabled) = c:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 6 U35 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\system32\npdeployJava1.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Users\josh\AppData\Local\Roblox\Versions\version-470c28140c5148c2\\NPRobloxProxy.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: news.net = C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmbbgcooaabknohabmoaikiakkoignai\1.0.12_0\

 

O1 HOSTS File: ([2013/07/10 17:07:33 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (news.net) - {BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} - C:\Program Files\BreakingNews\ScriptHost.dll ()

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (&NetWorx Desk Band) - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\Program Files\NetWorx\deskband.dll (SoftPerfect Research)

O3 - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()

O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [NetWorx] C:\Program Files\NetWorx\networx.exe (SoftPerfect Research)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002..\Run: [breakingNews] C:\Program Files\BreakingNews\BreakingNews\DesktopContainer.exe (International News Network Limited)

O4 - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002..\Run: [Desura] C:\Program Files\Desura\desura.exe (Desura Pty Ltd)

O4 - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002..\Run: [Dxtory Update Checker 2.0] C:\Program Files\Dxtory Software\Dxtory2.0\UpdateChecker.exe (Dxtory Software)

O4 - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002..\Run: [EvolveClient] C:\Program Files\Echobit\Evolve\EvolveClient.exe (Echobit LLC)

O4 - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002..\Run: [steam] C:\Program Files\Steam\steam2\steam.exe (Valve Corporation)

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

O4 - Startup: C:\Users\josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

O4 - Startup: C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

O4 - Startup: C:\Users\Williams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\..Trusted Domains: sony.com ([]* in Trusted sites)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.25.2)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)

O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.25.2)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{478B4304-BA1B-4DBB-BEC8-D3389FCF3CB6}: DhcpNameServer = 10.143.147.147 10.143.147.148

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB062B98-9986-4F2B-9B17-5EC7862F454C}: DhcpNameServer = 10.0.0.138

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O24 - Desktop WallPaper: C:\Users\josh\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\josh\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (MACHINE BootExecut)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013/07/11 19:43:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\josh\Desktop\OTL.exe

[2013/07/10 21:46:23 | 000,000,000 | ---D | C] -- C:\Users\josh\Desktop\key changer

[2013/07/10 20:39:19 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Roaming\AVG2013

[2013/07/10 20:37:16 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Roaming\TuneUp Software

[2013/07/10 20:37:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

[2013/07/10 20:35:34 | 000,000,000 | ---D | C] -- C:\Windows\LastGood

[2013/07/10 20:33:46 | 000,000,000 | -H-D | C] -- C:\$AVG

[2013/07/10 20:33:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013

[2013/07/10 20:31:01 | 000,000,000 | ---D | C] -- C:\Program Files\AVG

[2013/07/10 20:21:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2013/07/10 20:21:02 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Local\MFAData

[2013/07/10 20:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2013/07/10 20:21:02 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Local\Avg2013

[2013/07/10 20:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2013/07/10 20:11:18 | 002,347,384 | ---- | C] (ESET) -- C:\Users\josh\Desktop\esetsmartinstaller_enu.exe

[2013/07/10 19:25:55 | 000,000,000 | ---D | C] -- C:\Users\josh\Desktop\New Folder (5)

[2013/07/10 17:24:24 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013/07/10 17:24:23 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Local\temp

[2013/07/10 16:39:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/07/09 16:58:16 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Roaming\Quest3D

[2013/07/09 16:58:15 | 000,000,000 | ---D | C] -- C:\Users\josh\Documents\ShipSimExtremesDemo Userdata

[2013/07/09 16:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation

[2013/07/08 18:41:56 | 000,643,592 | ---- | C] (Unity Technologies ApS) -- C:\Users\josh\Desktop\UnityWebPlayer.exe

[2013/07/08 18:41:34 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Local\Unity

[2013/07/07 11:35:07 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\josh\Desktop\tdsskiller (1).exe

[2013/07/07 11:12:06 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013/07/07 11:11:19 | 000,000,000 | ---D | C] -- C:\JRT

[2013/07/07 11:11:10 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\josh\Desktop\JRT.exe

[2013/07/07 09:28:50 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Roaming\Uniblue

[2013/07/05 09:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

[2013/07/05 09:43:51 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\josh\Desktop\dds.com

[2013/07/04 15:21:58 | 001,492,584 | ---- | C] (Skype Technologies S.A.) -- C:\Users\josh\Desktop\SkypeSetup (1).exe

[2013/07/04 09:34:38 | 000,000,000 | ---D | C] -- C:\Users\josh\Desktop\malwerebytes logs

[2013/07/04 07:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan

[2013/07/04 07:47:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

[2013/07/04 07:47:39 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi

[2013/07/03 17:44:05 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Roaming\HPAppData

[2013/07/03 17:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP

[2013/07/03 17:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

[2013/07/03 17:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\ATI

[2013/07/03 17:35:08 | 000,000,000 | ---D | C] -- C:\AMD

[2013/07/03 17:23:29 | 000,792,704 | ---- | C] (AMD) -- C:\Users\josh\Desktop\amddriverdownloader.exe

[2013/07/03 16:50:44 | 000,000,000 | ---D | C] -- C:\@RestoreQuarantine

[2013/07/03 13:20:14 | 000,000,000 | ---D | C] -- C:\BackSys

[2013/07/03 08:24:47 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun

[2013/07/03 08:24:37 | 000,000,000 | ---D | C] -- C:\Users\josh\Documents\RegRun2

[2013/07/03 08:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe

[2013/07/02 19:40:31 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BreakingNews

[2013/07/02 19:36:06 | 000,000,000 | ---D | C] -- C:\Program Files\BreakingNews

[2013/07/02 07:59:58 | 000,000,000 | ---D | C] -- C:\Users\josh\Desktop\new minecraft

[2013/07/01 22:12:03 | 000,000,000 | ---D | C] -- C:\9a65bd9af90ba97ce36c19

[2013/07/01 22:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2013/07/01 21:25:32 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Roaming\Malwarebytes

[2013/07/01 16:43:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/07/01 16:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/07/01 16:43:47 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2013/07/01 16:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013/07/01 16:42:30 | 000,000,000 | ---D | C] -- C:\ProgramData\1E1A5

[2013/07/01 10:49:30 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Local\Macromedia

[2013/07/01 10:48:36 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Local\Mozilla

[2013/06/29 15:26:06 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Roaming\MotioninJoy

[2013/06/29 15:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy

[2013/06/29 15:26:05 | 000,099,400 | ---- | C] (MotioninJoy) -- C:\Windows\System32\drivers\MijXfilt.sys

[2013/06/29 09:40:12 | 000,034,304 | ---- | C] (AMD, Inc.) -- C:\Windows\System32\drivers\AmdLLD.sys

[2013/06/29 09:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\AMD

[2013/06/29 09:39:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2013/06/26 15:47:06 | 000,000,000 | ---D | C] -- C:\Users\josh\Documents\Euro Truck Simulator 2

[2013/06/25 16:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan

[2013/06/25 07:51:17 | 000,000,000 | ---D | C] -- C:\Users\josh\Documents\DeadIsland

[2013/06/23 10:31:31 | 000,000,000 | ---D | C] -- C:\Users\josh\Desktop\New Folder (4)

[2013/06/21 16:48:31 | 000,000,000 | ---D | C] -- C:\Users\josh\Desktop\StarMade

[2013/06/21 16:48:21 | 000,000,000 | ---D | C] -- C:\Users\josh\Desktop\Slendytubbies V2 Beta

[2013/06/21 16:39:14 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Roaming\.StarMade

[2013/06/18 21:43:54 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Roaming\3909 LLC

[2013/06/18 21:38:50 | 000,000,000 | ---D | C] -- C:\Users\josh\Desktop\papers please

[2013/06/17 22:00:11 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Local\IsolatedStorage

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2013/07/11 20:28:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/07/11 20:21:08 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/07/11 19:59:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013/07/11 19:59:54 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013/07/11 19:44:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\josh\Desktop\OTL.exe

[2013/07/11 19:00:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3287801049-2637330249-1735968051-1000UA.job

[2013/07/11 16:12:00 | 000,000,408 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Williams.job

[2013/07/11 14:28:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/07/11 09:59:59 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3287801049-2637330249-1735968051-1000Core.job

[2013/07/10 20:37:16 | 000,000,844 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk

[2013/07/10 20:11:39 | 002,347,384 | ---- | M] (ESET) -- C:\Users\josh\Desktop\esetsmartinstaller_enu.exe

[2013/07/10 19:57:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/07/10 19:57:23 | 3487,748,096 | -HS- | M] () -- C:\hiberfil.sys

[2013/07/10 17:07:33 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2013/07/10 14:33:48 | 000,000,085 | ---- | M] () -- C:\Users\josh\Desktop\fun stuff.bat

[2013/07/09 16:09:16 | 000,000,222 | ---- | M] () -- C:\Users\josh\Desktop\Ship Simulator Extremes Demo.url

[2013/07/08 18:36:42 | 000,643,592 | ---- | M] (Unity Technologies ApS) -- C:\Users\josh\Desktop\UnityWebPlayer.exe

[2013/07/07 11:31:02 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\josh\Desktop\tdsskiller (1).exe

[2013/07/07 11:23:13 | 000,000,193 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat

[2013/07/07 11:14:04 | 000,650,027 | ---- | M] () -- C:\Users\josh\Desktop\AdwCleaner.exe

[2013/07/07 09:38:16 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\josh\Desktop\JRT.exe

[2013/07/06 15:17:02 | 000,000,221 | ---- | M] () -- C:\Users\josh\Desktop\Killing Floor.url

[2013/07/06 09:19:56 | 000,000,680 | ---- | M] () -- C:\Users\josh\AppData\Local\d3d9caps.dat

[2013/07/05 09:58:27 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

[2013/07/05 09:41:26 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\josh\Desktop\dds.com

[2013/07/04 15:20:44 | 001,492,584 | ---- | M] (Skype Technologies S.A.) -- C:\Users\josh\Desktop\SkypeSetup (1).exe

[2013/07/04 07:47:43 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk

[2013/07/03 17:21:18 | 000,792,704 | ---- | M] (AMD) -- C:\Users\josh\Desktop\amddriverdownloader.exe

[2013/07/03 13:28:41 | 000,632,170 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013/07/03 13:28:41 | 000,118,796 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013/07/03 08:24:42 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2013/07/03 08:24:42 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt

[2013/07/03 08:24:42 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat

[2013/07/01 22:08:45 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2013/07/01 16:43:58 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/07/01 16:25:38 | 000,000,557 | ---- | M] () -- C:\Windows\System32\MyDefrag.debuglog

[2013/06/29 21:01:28 | 011,181,219 | ---- | M] () -- C:\Users\josh\Desktop\ARMA2_OA_Build_105785.zip

[2013/06/29 15:38:45 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01009.Wdf

[2013/06/29 15:38:44 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_MijXfilt_01009.Wdf

[2013/06/29 15:27:11 | 000,099,400 | ---- | M] (MotioninJoy) -- C:\Windows\System32\drivers\MijXfilt.sys

[2013/06/29 15:26:10 | 000,000,937 | ---- | M] () -- C:\Users\josh\Application Data\Microsoft\Internet Explorer\Quick Launch\DS3 Tool.lnk

[2013/06/29 15:16:24 | 001,964,304 | ---- | M] () -- C:\Users\josh\Desktop\MotioninJoy_050002_x86.zip

[2013/06/29 14:59:33 | 000,000,223 | ---- | M] () -- C:\Users\josh\Desktop\Cry of Fear.url

[2013/06/29 08:44:44 | 000,000,222 | ---- | M] () -- C:\Users\josh\Desktop\Moonbase Alpha.url

[2013/06/25 22:35:17 | 000,000,223 | ---- | M] () -- C:\Users\josh\Desktop\Euro Truck Simulator 2 Demo.url

[2013/06/25 09:04:43 | 003,020,770 | ---- | M] () -- C:\Users\josh\Desktop\TechnicLauncher.exe

[2013/06/24 21:09:25 | 000,000,222 | ---- | M] () -- C:\Users\josh\Desktop\Dead Island.url

[2013/06/23 21:08:39 | 000,000,196 | ---- | M] () -- C:\Users\josh\Desktop\Gunpoint Demo.url

[2013/06/21 16:37:04 | 001,142,586 | ---- | M] () -- C:\Users\josh\Desktop\StarMade-starter.exe

[2013/06/18 17:07:05 | 000,007,380 | ---- | M] () -- C:\Users\josh\Desktop\minecraft- worst server ever.xej

[2013/06/18 17:00:02 | 000,001,284 | ---- | M] () -- C:\Users\josh\Desktop\minecraft-worst server ever.lnk

[2013/06/18 16:54:21 | 005,928,662 | ---- | M] () -- C:\Users\josh\Desktop\iDayzkilla intro.wmv

[2013/06/18 16:54:04 | 000,012,288 | ---- | M] () -- C:\Users\josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013/06/17 22:26:31 | 146,144,976 | ---- | M] () -- C:\Users\josh\Desktop\ScreenCapture_17-06-2013 10.25.00 PM.xesc

[2013/06/13 16:08:03 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2013/07/10 20:37:16 | 000,000,844 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk

[2013/07/10 14:35:50 | 000,000,085 | ---- | C] () -- C:\Users\josh\Desktop\fun stuff.bat

[2013/07/09 16:09:16 | 000,000,222 | ---- | C] () -- C:\Users\josh\Desktop\Ship Simulator Extremes Demo.url

[2013/07/07 11:18:14 | 000,000,193 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat

[2013/07/07 11:16:52 | 000,650,027 | ---- | C] () -- C:\Users\josh\Desktop\AdwCleaner.exe

[2013/07/06 15:17:02 | 000,000,221 | ---- | C] () -- C:\Users\josh\Desktop\Killing Floor.url

[2013/07/03 08:24:42 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat

[2013/07/01 22:07:50 | 000,001,828 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2013/07/01 16:43:58 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/06/29 21:03:10 | 011,181,219 | ---- | C] () -- C:\Users\josh\Desktop\ARMA2_OA_Build_105785.zip

[2013/06/29 15:38:45 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01009.Wdf

[2013/06/29 15:38:44 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_MijXfilt_01009.Wdf

[2013/06/29 15:26:10 | 000,000,937 | ---- | C] () -- C:\Users\josh\Application Data\Microsoft\Internet Explorer\Quick Launch\DS3 Tool.lnk

[2013/06/29 15:19:11 | 001,964,304 | ---- | C] () -- C:\Users\josh\Desktop\MotioninJoy_050002_x86.zip

[2013/06/29 14:59:33 | 000,000,223 | ---- | C] () -- C:\Users\josh\Desktop\Cry of Fear.url

[2013/06/29 08:44:43 | 000,000,222 | ---- | C] () -- C:\Users\josh\Desktop\Moonbase Alpha.url

[2013/06/25 22:35:16 | 000,000,223 | ---- | C] () -- C:\Users\josh\Desktop\Euro Truck Simulator 2 Demo.url

[2013/06/25 16:31:33 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

[2013/06/24 21:09:25 | 000,000,222 | ---- | C] () -- C:\Users\josh\Desktop\Dead Island.url

[2013/06/23 21:08:38 | 000,000,196 | ---- | C] () -- C:\Users\josh\Desktop\Gunpoint Demo.url

[2013/06/21 16:39:07 | 001,142,586 | ---- | C] () -- C:\Users\josh\Desktop\StarMade-starter.exe

[2013/06/18 17:07:04 | 000,007,380 | ---- | C] () -- C:\Users\josh\Desktop\minecraft- worst server ever.xej

[2013/06/18 17:00:02 | 000,001,284 | ---- | C] () -- C:\Users\josh\Desktop\minecraft-worst server ever.lnk

[2013/06/18 16:54:08 | 005,928,662 | ---- | C] () -- C:\Users\josh\Desktop\iDayzkilla intro.wmv

[2013/06/17 22:25:01 | 146,144,976 | ---- | C] () -- C:\Users\josh\Desktop\ScreenCapture_17-06-2013 10.25.00 PM.xesc

[2013/06/15 15:41:07 | 3487,748,096 | -HS- | C] () -- C:\hiberfil.sys

[2013/06/13 16:08:03 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2013/04/11 11:15:58 | 000,139,424 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2013/04/11 11:15:57 | 000,138,056 | ---- | C] () -- C:\Users\josh\AppData\Roaming\PnkBstrK.sys

[2013/04/11 11:15:46 | 000,282,104 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe

[2013/04/11 11:15:42 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe

[2013/04/11 11:15:40 | 002,793,768 | ---- | C] () -- C:\Windows\System32\pbsvc.exe

[2013/01/25 15:23:38 | 000,042,880 | ---- | C] () -- C:\Windows\System32\xfcodec.dll

[2013/01/07 10:31:38 | 000,000,552 | ---- | C] () -- C:\Users\josh\AppData\Local\d3d8caps.dat

[2012/11/17 05:37:32 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll

[2012/11/16 16:01:04 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe

[2012/11/13 16:25:00 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat

[2012/09/30 12:32:53 | 000,015,432 | ---- | C] () -- C:\Windows\Launcher.exe

[2012/09/08 18:48:16 | 000,000,680 | ---- | C] () -- C:\Users\josh\AppData\Local\d3d9caps.dat

[2012/09/08 09:09:52 | 001,145,382 | ---- | C] () -- C:\Users\josh\AppData\Local\Tempmusic.ogg

[2012/09/03 16:43:51 | 000,012,288 | ---- | C] () -- C:\Users\josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/04/20 08:14:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2012/03/07 03:59:32 | 000,618,823 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2011/09/13 08:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat

[2010/05/30 15:01:10 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

 

========== ZeroAccess Check ==========

 

[2006/11/02 22:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 03:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 16:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 16:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

========== LOP Check ==========

 

[2013/07/11 16:35:03 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\.minecraft

[2013/06/21 16:39:14 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\.StarMade

[2013/06/30 18:51:02 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\.technic

[2013/04/25 15:49:40 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\.techniclauncher

[2013/06/18 21:43:54 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\3909 LLC

[2013/01/20 08:07:16 | 000,000,000 | -H-D | M] -- C:\Users\josh\AppData\Roaming\669DCF4F

[2013/07/10 20:39:19 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\AVG2013

[2013/06/04 17:32:50 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Fox Dgital Copy

[2013/04/30 20:53:30 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\ftblauncher

[2012/12/13 15:25:37 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Java

[2013/06/05 19:25:19 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\LolClient

[2013/06/29 15:26:06 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\MotioninJoy

[2012/10/15 19:36:34 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Notepad++

[2012/12/10 20:14:56 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Play withSIX

[2013/07/09 16:58:16 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Quest3D

[2013/06/04 17:54:13 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Riot Games

[2012/09/17 20:13:45 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\six-zsync

[2013/05/20 21:52:39 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\SplitMediaLabs

[2012/12/25 16:58:29 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Stellarium

[2013/03/12 16:14:17 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\TechSmith

[2013/07/10 20:37:16 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\TuneUp Software

[2013/07/07 09:28:50 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Uniblue

[2013/07/07 09:19:19 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\uTorrent

[2010/05/19 08:35:27 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Canon

[2011/08/06 08:00:28 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\go

[2011/11/23 12:52:59 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\MusicNet

[2011/04/03 18:40:22 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\NetMeter

[2011/11/22 14:09:38 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Template

[2013/07/02 11:26:52 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\.minecraft

[2012/06/14 20:59:51 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\.spoutcraft

[2013/07/05 12:30:11 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\.techniclauncher

[2011/05/01 19:22:32 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\Amazon

[2009/07/22 07:57:11 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\Canon

[2012/05/27 09:15:31 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2012/08/28 16:41:41 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\Dexpot

[2013/07/08 16:00:57 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\go

[2013/07/05 12:29:46 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\logs

[2013/06/06 20:04:34 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\LolClient

[2013/01/16 10:03:26 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\Media Get LLC

[2011/11/09 16:35:44 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\MusicNet

[2012/01/30 10:15:56 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\NetMeter

[2012/11/27 16:57:08 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\Notepad++

[2013/01/09 17:44:05 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\skyz

[2012/07/08 09:24:17 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\SPORE

[2009/07/12 16:06:39 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\Template

[2012/03/03 15:04:37 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\Uniblue

[2013/06/15 10:59:11 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\uTorrent

[2009/07/12 17:14:40 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\Windows Live Writer

[2011/11/05 12:42:23 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\WinZip

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:6D4F7F2B

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D1B5B4F1

 

< End of report >

Share this post


Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    CHR - default_search_provider: Mixi.DJ Search (Enabled)

    CHR - default_search_provider: search_url = http://mixidj.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=669D0000A1F8C1A8&affID=121136&tsp=4931

    CHR - plugin: widdit (Enabled) = C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdabpabkmacjiiooccecnpakonoibah\1.4_0\npwiddit.dll

    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

    O4 - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002..\Run: [breakingNews] C:\Program Files\BreakingNews\BreakingNews\DesktopContainer.exe (International News Network Limited)

    O2 - BHO: (news.net) - {BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} - C:\Program Files\BreakingNews\ScriptHost.dll ()

    FF - HKLM\Software\MozillaPlugins\@news.net/npapi: C:\Program Files\BreakingNews\npapi.dll (news.net)

    [2013/07/02 19:40:14 | 000,000,000 | ---D | M] (news.net) -- C:\Users\josh\AppData\Roaming\mozilla\firefox\Profiles\lxx114p3.default\Extensions\news@news.net

    CHR - Extension: news.net = C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmbbgcooaabknohabmoaikiakkoignai\1.0.12_0\

    [2013/07/02 19:40:31 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BreakingNews

    [2013/07/02 19:36:06 | 000,000,000 | ---D | C] -- C:\Program Files\BreakingNews

    [2013/07/07 09:19:19 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\uTorrent

    [2013/06/15 10:59:11 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\uTorrent

    :files

    C:\Program Files\BreakingNews

    ipconfig /flushdns /c

    :Commands

    [emptytemp]

    [clearallrestorepoints]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.
Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Share this post


Link to post
Share on other sites

i still have the message coming up saying my recycle bin is corrupt and i went in and i found 2 folders in it saying the same thing:S-1-5-21-3287801049-2637330249-1735968051-1002 i cant get rid of any of them.

Share this post


Link to post
Share on other sites

i keep getting network errors on the computer. what happens is i restart my computer and internet is fine and then after a while it just stops im not sure why. 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.