Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible Hotmail hijack/trojan or something... [Solved]

Started by Chris G Kelly , Apr 18 2012 12:01 PM

  • This topic is locked This topic is locked

#1
Chris G Kelly
Posted 18 April 2012 - 12:01 PM

Chris G Kelly

    New Member

  • Member
  • Pip
  • 2 posts
Hi all

I may have a virus/malware that is sending spam to people on my hotmail contact list. Any chance of someone looking at my OT log? Thank you! :thumbsup:

I have included here the old timer log:

OTL logfile created on: 18/04/2012 18:51:39 - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Chris\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

6.87 Gb Total Physical Memory | 3.68 Gb Available Physical Memory | 53.52% Memory free
17.61 Gb Paging File | 14.34 Gb Available in Paging File | 81.45% Paging File free
Paging file location(s): c:\pagefile.sys 11000 11000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 348.45 Gb Total Space | 171.98 Gb Free Space | 49.36% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 5.76 Gb Free Space | 38.42% Space Free | Partition Type: NTFS
Drive E: | 2.10 Gb Total Space | 2.06 Gb Free Space | 98.09% Space Free | Partition Type: NTFS
Drive F: | 100.22 Gb Total Space | 11.37 Gb Free Space | 11.35% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/18 18:51:10 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Downloads\OTL.exe
PRC - [2012/04/18 15:41:47 | 000,170,152 | ---- | M] () -- C:\ProgramData\HP Photo Creations\MessageCheck.exe
PRC - [2012/04/13 09:28:38 | 002,076,672 | ---- | M] (www.ispyconnect.com) -- C:\Program Files (x86)\iSpy\iSpy\iSpy.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 06:05:28 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/04/04 06:05:16 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/03/19 17:26:53 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\real\realplayer\Update\realsched.exe
PRC - [2012/03/18 09:21:26 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/03/14 05:48:58 | 003,051,619 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
PRC - [2012/02/23 05:03:53 | 000,740,216 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2012/02/17 17:03:23 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/02/15 00:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/02/06 08:52:46 | 003,450,832 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2012/02/02 16:16:56 | 002,671,936 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2012/01/23 15:42:34 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2012/01/17 06:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccsvchst.exe
PRC - [2012/01/16 23:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\ccsvchst.exe
PRC - [2012/01/06 18:22:48 | 000,541,512 | ---- | M] () -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
PRC - [2012/01/06 18:22:46 | 000,267,080 | ---- | M] () -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe
PRC - [2012/01/06 18:22:44 | 000,631,624 | ---- | M] (PacketVideo) -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/16 20:22:56 | 020,569,352 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe
PRC - [2011/12/16 20:15:06 | 005,881,968 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2011/12/16 20:14:16 | 000,403,104 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011/12/16 20:13:36 | 001,484,200 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeNotify.exe
PRC - [2011/12/16 20:13:26 | 005,954,296 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2011/12/16 20:00:14 | 012,574,624 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe
PRC - [2011/11/25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/10/31 15:53:44 | 000,251,760 | ---- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
PRC - [2011/10/27 12:17:20 | 001,927,120 | ---- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
PRC - [2011/04/15 10:48:40 | 000,562,176 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
PRC - [2011/04/15 07:04:04 | 000,390,656 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files (x86)\WinTV\TVServer\CaptureGenUSB.exe
PRC - [2011/01/25 19:36:38 | 000,082,944 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
PRC - [2010/09/13 19:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/09/13 19:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/06/16 22:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2010/02/18 19:27:40 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe
PRC - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
PRC - [2009/12/09 10:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe
PRC - [2009/10/09 06:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/05/15 11:37:00 | 000,206,128 | ---- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
PRC - [2007/07/23 16:43:42 | 000,057,344 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe
PRC - [2007/02/01 12:13:06 | 000,094,208 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/18 15:41:47 | 000,170,152 | ---- | M] () -- C:\ProgramData\HP Photo Creations\MessageCheck.exe
MOD - [2012/04/18 02:56:22 | 000,024,701 | R--- | M] () -- C:\Users\Chris\AppData\Local\Temp\pdk-Chris-5848\93e7e3d6030f426844228042348210cf\Service.dll
MOD - [2012/04/18 02:56:21 | 000,184,414 | R--- | M] () -- C:\Users\Chris\AppData\Local\Temp\pdk-Chris-5848\bd5179a413bc0c4b82eedc22c6cab101\re.dll
MOD - [2012/04/18 02:56:18 | 000,053,340 | R--- | M] () -- C:\Users\Chris\AppData\Local\Temp\pdk-Chris-5848\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
MOD - [2012/04/18 02:56:17 | 000,094,334 | R--- | M] () -- C:\Users\Chris\AppData\Local\Temp\pdk-Chris-5848\eb138ef0e4282611dbf485a302784646\LibYAML.dll
MOD - [2012/04/18 02:56:15 | 000,061,540 | R--- | M] () -- C:\Users\Chris\AppData\Local\Temp\pdk-Chris-5848\e56c61f7248672819579325af3387035\POSIX.dll
MOD - [2012/04/18 02:56:15 | 000,024,676 | R--- | M] () -- C:\Users\Chris\AppData\Local\Temp\pdk-Chris-5848\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
MOD - [2012/04/18 02:56:13 | 000,082,033 | R--- | M] () -- C:\Users\Chris\AppData\Local\Temp\pdk-Chris-5848\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
MOD - [2012/04/18 02:56:12 | 000,020,590 | R--- | M] () -- C:\Users\Chris\AppData\Local\Temp\pdk-Chris-5848\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
MOD - [2012/04/18 02:56:10 | 000,036,964 | R--- | M] () -- C:\Users\Chris\AppData\Local\Temp\pdk-Chris-5848\f233f63b6654362865c7577442edb9e3\Win32.dll
MOD - [2012/04/18 02:56:07 | 000,020,576 | R--- | M] () -- C:\Users\Chris\AppData\Local\Temp\pdk-Chris-5848\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
MOD - [2012/04/18 02:56:04 | 000,082,048 | R--- | M] () -- C:\Users\Chris\AppData\Local\Temp\pdk-Chris-5848\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
MOD - [2012/04/18 02:55:57 | 000,118,918 | R--- | M] () -- C:\Users\Chris\AppData\Local\Temp\pdk-Chris-5848\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
MOD - [2012/04/18 02:55:53 | 000,020,601 | R--- | M] () -- C:\Users\Chris\AppData\Local\Temp\pdk-Chris-5848\4461f48e31bde5c56b31b973b773de09\List.dll
MOD - [2012/04/18 02:55:50 | 000,028,779 | R--- | M] () -- C:\Users\Chris\AppData\Local\Temp\pdk-Chris-5848\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
MOD - [2012/04/18 02:55:49 | 000,024,701 | R--- | M] () -- C:\Users\Chris\AppData\Local\Temp\pdk-Chris-5848\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
MOD - [2012/04/18 02:55:45 | 000,032,878 | R--- | M] () -- C:\Users\Chris\AppData\Local\Temp\pdk-Chris-5848\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
MOD - [2012/04/18 02:55:43 | 000,024,679 | R--- | M] () -- C:\Users\Chris\AppData\Local\Temp\pdk-Chris-5848\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
MOD - [2012/04/18 02:55:42 | 000,028,774 | R--- | M] () -- C:\Users\Chris\AppData\Local\Temp\pdk-Chris-5848\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
MOD - [2012/04/14 17:01:38 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2012/04/13 09:28:44 | 000,296,960 | ---- | M] () -- C:\Program Files (x86)\iSpy\iSpy\swscale-2.dll
MOD - [2012/04/13 09:28:42 | 002,462,208 | ---- | M] () -- C:\Program Files (x86)\iSpy\iSpy\avformat-53.dll
MOD - [2012/04/13 09:28:42 | 000,079,872 | ---- | M] () -- C:\Program Files (x86)\iSpy\iSpy\AForge.Video.FFMPEG.dll
MOD - [2012/04/13 09:28:38 | 013,496,832 | ---- | M] () -- C:\Program Files (x86)\iSpy\iSpy\avcodec-53.dll
MOD - [2012/04/13 09:28:38 | 000,137,728 | ---- | M] () -- C:\Program Files (x86)\iSpy\iSpy\avutil-51.dll
MOD - [2012/04/11 14:34:52 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\39cf4f0f0e6adca3403df6c641a73e15\IAStorUtil.ni.dll
MOD - [2012/04/11 14:25:41 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/11 14:25:35 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/04/11 14:01:19 | 018,019,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\aceee343625b7f4576e6d48fb91977e3\PresentationFramework.ni.dll
MOD - [2012/04/11 14:01:09 | 011,469,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\5eb81f84116fecd08f3acf0603204457\PresentationCore.ni.dll
MOD - [2012/04/11 14:01:05 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\33d45f88d59de3b84f2ed79095e29f41\System.Windows.Forms.ni.dll
MOD - [2012/04/11 14:01:00 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8729094857a3f3185deec237ef30b087\WindowsBase.ni.dll
MOD - [2012/04/11 14:00:57 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5654b44c3d45f7863f6d3d218a87967a\System.Drawing.ni.dll
MOD - [2012/04/08 09:23:23 | 000,115,137 | ---- | M] () -- C:\Users\Chris\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
MOD - [2012/04/04 06:05:28 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012/03/18 09:21:26 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/03/04 17:16:18 | 001,885,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\f0629c2175067956f0a202f37541a2c5\System.Web.Services.ni.dll
MOD - [2012/03/04 17:15:56 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\888be382c48887c830026806a9587e31\System.Management.ni.dll
MOD - [2012/03/04 17:14:52 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1378a1c9290882206f4d5a6561bfc5d7\System.Runtime.Remoting.ni.dll
MOD - [2012/03/04 17:14:47 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a07e3882af9ea368a54742fc19c86662\System.Xaml.ni.dll
MOD - [2012/03/04 16:05:04 | 006,841,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\4011f5950280c16001b643ee940036aa\System.Data.ni.dll
MOD - [2012/03/04 16:04:58 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\22d54437cf1de9478f5c2c23f07eb9d6\System.Core.ni.dll
MOD - [2012/03/04 16:04:52 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\f7bbdea460b86c08496e471d808bd386\System.Configuration.ni.dll
MOD - [2012/03/04 16:04:50 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\1084708d3872b8e64f7ec88145298b2d\System.Xml.ni.dll
MOD - [2012/03/04 16:04:48 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\eaeaf5f980c23f6075820513748695d9\PresentationFramework.Aero.ni.dll
MOD - [2012/03/04 16:04:45 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff7c4aa829c327b186ef85cff3289bdf\System.ni.dll
MOD - [2012/03/04 16:04:40 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\90842cf922c71c82718ba71d5801c30c\mscorlib.ni.dll
MOD - [2012/02/15 17:18:19 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/15 17:17:44 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/15 17:17:40 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/15 17:17:35 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/15 17:17:34 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/02/06 16:34:38 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ebfad289d9759034cd3a887802fadb5b\IAStorCommon.ni.dll
MOD - [2012/02/06 15:18:58 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/12/16 20:13:06 | 013,903,176 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll
MOD - [2011/12/16 15:02:14 | 000,435,552 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/28 14:02:24 | 007,947,616 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\QtGui4.dll
MOD - [2011/09/28 14:02:16 | 002,299,232 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\QtCore4.dll
MOD - [2011/09/28 14:02:10 | 000,243,040 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\qmng4.dll
MOD - [2011/08/31 16:44:40 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2011/08/31 16:44:38 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/01/17 21:38:58 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/07/22 17:45:00 | 000,181,760 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2010/06/16 22:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
MOD - [2009/12/29 17:50:00 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/01/07 09:16:52 | 004,660,664 | ---- | M] () [Auto | Running] -- C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe -- (GsServer)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/14 17:01:38 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/11 22:56:23 | 000,387,712 | ---- | M] (JRiver, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\J River\Media Center 17\JRService.exe -- (Media Center 17 Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/06 15:07:16 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012/02/06 15:06:50 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012/02/06 08:52:46 | 003,450,832 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012/02/06 06:47:48 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2012/01/17 06:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe -- (NIS)
SRV - [2012/01/16 23:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\ccSvcHst.exe -- (MCLIENT)
SRV - [2012/01/06 18:22:48 | 000,541,512 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe -- (TwonkyProxy)
SRV - [2012/01/06 18:22:46 | 000,267,080 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe -- (TwonkyWebDav)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/16 20:15:06 | 005,881,968 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2011/12/16 20:14:34 | 001,124,104 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011/11/25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2011/10/31 15:53:44 | 000,251,760 | ---- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)
SRV - [2011/04/15 10:48:40 | 000,562,176 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2011/03/16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/13 19:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2010/01/15 22:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/12/09 10:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)
SRV - [2009/10/09 06:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/23 07:23:26 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/16 13:42:00 | 000,676,968 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/02/16 00:24:40 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2012/02/16 00:24:38 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2012/02/11 11:35:03 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/02/06 15:40:00 | 000,641,920 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw10bda.sys -- (hcw10bda)
DRV:64bit: - [2012/02/06 15:40:00 | 000,046,080 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcw10cir.sys -- (hcw10cir)
DRV:64bit: - [2012/02/06 08:52:47 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2012/02/06 08:52:45 | 001,285,216 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2012/02/06 08:52:45 | 000,986,208 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2012/02/06 08:52:44 | 000,211,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
DRV:64bit: - [2012/02/06 08:52:43 | 000,142,944 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt61.sys -- (vidsflt61) Acronis Disk Storage Filter (61)
DRV:64bit: - [2012/02/06 08:52:41 | 000,310,368 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2012/02/06 08:52:40 | 000,133,728 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2012/01/18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C270(UVC)
DRV:64bit: - [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/01/17 23:46:01 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/01/17 23:45:57 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/01/17 23:35:24 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/01/17 23:33:51 | 000,738,936 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/01/17 23:33:51 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2012/01/10 23:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/12/01 12:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
DRV:64bit: - [2011/12/01 12:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
DRV:64bit: - [2011/11/29 23:44:29 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2011/11/29 16:44:30 | 000,167,048 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MCLIENTx64\0201020.00D\ccsetx64.sys -- (ccSet_MCLIENT)
DRV:64bit: - [2011/11/24 03:23:20 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2011/09/13 15:45:06 | 001,588,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ksaud.sys -- (ksaud)
DRV:64bit: - [2011/08/16 07:51:40 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\symds64.sys -- (SymDS)
DRV:64bit: - [2011/08/08 19:13:12 | 000,198,480 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/13 19:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 22:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/06/16 04:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/05/24 12:51:14 | 000,013,824 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\copperhd.sys -- (copperhd)
DRV:64bit: - [2005/09/23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2012/04/18 11:38:45 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120417.032\ex64.sys -- (NAVEX15)
DRV - [2012/04/18 11:38:45 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120417.032\eng64.sys -- (NAVENG)
DRV - [2012/04/12 09:50:43 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/04/03 00:38:04 | 001,160,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120413.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/04/01 06:47:45 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/03/06 17:04:10 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20120417.001\IDSviA64.sys -- (IDSVia64)
DRV - [2011/06/02 11:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2010/05/31 13:38:06 | 000,146,928 | ---- | M] (CyberLink Corp.) [2012/02/06 05:45:39] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2010/01/29 12:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://packardbell.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://packardbell.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://startpage.com/uk/
IE - HKCU\..\SearchScopes,DefaultScope = {C1A6A558-C7A2-4755-80F7-991655254A3B}
IE - HKCU\..\SearchScopes\{21D6D773-236E-41D6-A501-6B1A0DD107AB}: "URL" = http://www.dogpile.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://uk.ask.com/we...l&geo=GB&ver=19
IE - HKCU\..\SearchScopes\{C1A6A558-C7A2-4755-80F7-991655254A3B}: "URL" = https://startpage.co...uage=english_uk
IE - HKCU\..\SearchScopes\{EC9E3F05-4AB7-46D9-9259-D5F04F6DEC51}: "URL" = https://ixquick.com/...uage=english_uk
IE - HKCU\..\SearchScopes\{EF4A180D-D6D8-4713-A94E-06A5C89F8F8A}: "URL" = http://www.dogpile.c...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Privatelee HTTPS"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://startpage.com/uk/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ [2012/02/06 12:19:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ [2012/04/18 02:55:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012/02/17 17:03:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/19 17:27:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/29 04:45:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/02/11 05:10:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2012/04/18 18:18:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\eibjwxnu.default\extensions
[2012/03/08 19:15:48 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\eibjwxnu.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2012/04/18 18:18:44 | 000,000,000 | ---D | M] (Diigo Toolbar) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\eibjwxnu.default\extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}
[2012/03/14 18:54:12 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\eibjwxnu.default\extensions\[email protected]
[2012/02/12 08:36:41 | 000,002,134 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\eibjwxnu.default\searchplugins\ask-jeeves.xml
[2012/02/12 08:29:00 | 000,002,052 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\eibjwxnu.default\searchplugins\dogpile-uk.xml
[2012/03/01 07:44:38 | 000,002,064 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\eibjwxnu.default\searchplugins\privatelee-https.xml
[2012/02/16 06:40:06 | 000,002,472 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\eibjwxnu.default\searchplugins\safesearch.xml
[2012/04/16 11:05:19 | 000,005,485 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\eibjwxnu.default\searchplugins\startpage-https---uk.xml
[2012/04/07 15:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/07 15:50:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/04/18 02:55:01 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\COFFPLGN
[2012/02/06 12:19:13 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPLGN
[2012/03/19 17:27:03 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EIBJWXNU.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EIBJWXNU.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EIBJWXNU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EIBJWXNU.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EIBJWXNU.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EIBJWXNU.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EIBJWXNU.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EIBJWXNU.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EIBJWXNU.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EIBJWXNU.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EIBJWXNU.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EIBJWXNU.DEFAULT\EXTENSIONS\[email protected]
[2012/03/18 09:21:26 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/08 18:50:00 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/08 18:21:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/08 18:50:00 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/08 18:50:00 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/08 18:50:00 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/02/11 05:16:16 | 000,000,860 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 statse.webtrendslive.com
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [Creative SB Monitoring Utility] C:\Windows\SysNative\SBAVMon.dll (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [adm_tray.exe] C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe (Acronis)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe File not found
O4 - HKLM..\Run: [Driver Genius] File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Module Loader] C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [iSpy] C:\Program Files (x86)\iSpy\iSpy\iSpy.exe (www.ispyconnect.com)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk = C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk = C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twonky 7.0.lnk = C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6ED6BDF3-0113-4A16-9026-6B845233B8C4} https://media.blinkb...x.Licensing.cab (ComplianceChecker Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC97B91A-ACDB-4873-AD39-434F914E29A3}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (auto_reactivate \\?\Volume{0087c344-5084-11e1-9a41-806e6f6e6963}\bootwiz\asrm.bin)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/18 18:27:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/04/18 18:27:53 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/04/18 16:20:58 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2012/04/18 15:42:00 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Visan
[2012/04/18 15:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2012/04/18 14:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2012/04/18 14:59:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations
[2012/04/18 14:59:13 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\HpUpdate
[2012/04/18 14:59:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012/04/18 14:58:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\HP
[2012/04/18 06:11:41 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{9172D6A9-46EE-44A3-AD9B-60FFB31672D6}
[2012/04/18 06:11:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{DFCFBE16-5810-4C74-B2F3-E31D43E3F039}
[2012/04/18 06:10:01 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/04/18 03:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCare Data Recovery
[2012/04/18 03:59:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iCare Data Recovery
[2012/04/18 03:47:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Power Data Recovery 6.5
[2012/04/18 03:47:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerDataRecovery
[2012/04/17 05:20:50 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DiskInternals
[2012/04/17 05:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskInternals
[2012/04/17 05:20:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DiskInternals
[2012/04/17 04:46:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Scavenger 3.2
[2012/04/17 04:46:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Scavenger 3.2
[2012/04/17 04:46:23 | 000,000,000 | ---D | C] -- C:\License File Scavenger
[2012/04/17 04:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
[2012/04/17 04:42:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runtime Software
[2012/04/16 16:55:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012/04/16 16:55:52 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2012/04/16 16:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/04/12 11:10:04 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Auslogics
[2012/04/12 11:09:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2012/04/12 11:09:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2012/04/12 08:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
[2012/04/12 08:58:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foolish IT
[2012/04/12 07:28:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DTI Data
[2012/04/11 08:54:58 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\DVDFab
[2012/04/08 13:34:22 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\JonDo
[2012/04/08 08:25:29 | 000,000,000 | ---D | C] -- C:\Users\Chris\.grabMyBooks
[2012/04/07 15:50:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/04/05 08:39:03 | 000,000,000 | -H-D | C] -- C:\Users\Chris\Documents\_gsdata_
[2012/04/05 06:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\dvdfab
[2012/04/05 06:01:27 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\DVDFab
[2012/04/05 06:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 8 Qt
[2012/04/05 06:01:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDFab 8 Qt
[2012/04/01 08:30:49 | 000,676,968 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2012/04/01 06:25:54 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Mobile Action
[2012/04/01 06:25:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobile Action
[2012/04/01 06:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Sync Manager WiFi
[2012/04/01 06:24:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\CompanionLink
[2012/04/01 06:14:06 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\gSyncit
[2012/04/01 05:59:47 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2012/04/01 05:51:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Android-Sync
[2012/03/29 04:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/29 04:53:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/29 04:53:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/29 04:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/03/29 04:44:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/03/29 04:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/03/29 04:18:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/03/28 18:43:00 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{57FE9053-D434-4299-A8FC-8BB704955493}
[2012/03/28 16:20:40 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\ZenPoint
[2012/03/28 15:57:04 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{DA9F2281-E0B3-429D-9575-E89FDB928AE6}
[2012/03/28 15:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech Media Server
[2012/03/27 04:20:44 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{FD10C716-27A9-4C6F-8481-EA4DE3EB447C}
[2012/03/25 13:53:18 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/03/25 13:38:01 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{1151A984-4888-4992-B17F-39207CB2719B}
[2012/03/25 13:27:50 | 000,000,000 | ---D | C] -- C:\Users\Chris\Tracing
[2012/03/25 13:23:04 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012/03/25 13:20:24 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/03/25 13:18:50 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Windows Live
[2012/03/25 13:04:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZenPoint
[2012/03/25 13:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZenPoint
[2012/03/25 13:04:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012/03/25 13:04:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/03/25 12:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012/03/25 12:02:33 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
[2012/03/25 09:31:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\MediaMonkey
[2012/03/25 09:31:24 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\MediaMonkey
[2012/03/25 09:31:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
[2012/03/25 09:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaMonkey
[2012/03/25 09:31:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaMonkey
[2012/03/25 05:58:25 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free IP Switcher
[2012/03/25 05:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free IP Switcher
[2012/03/25 05:58:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free IP Switcher
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/18 18:50:00 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012/04/18 18:27:53 | 000,002,975 | ---- | M] () -- C:\Users\Chris\Desktop\HiJackThis.lnk
[2012/04/18 18:19:40 | 000,002,504 | ---- | M] () -- C:\{E829BBC0-C1E5-4F7E-B36E-46DC1BBE7966}
[2012/04/18 18:15:09 | 000,002,264 | ---- | M] () -- C:\{0F135BBF-DCEE-4CF2-A61E-0598AE835F93}
[2012/04/18 18:01:58 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/18 15:41:59 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/18 15:41:59 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/18 15:41:48 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2012/04/18 14:59:08 | 001,922,744 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\Cat.DB
[2012/04/18 14:59:08 | 000,002,224 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart 5510 series.lnk
[2012/04/18 14:59:08 | 000,001,888 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Photosmart 5510 series.lnk
[2012/04/18 14:59:08 | 000,001,192 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart 5510 series.lnk
[2012/04/18 14:58:51 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2012/04/18 09:00:01 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\GoodSync - USERS FOLDER SYNC.job
[2012/04/18 03:59:22 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\iCare data Recovery Software.lnk
[2012/04/18 03:47:46 | 000,001,005 | ---- | M] () -- C:\Users\Public\Desktop\MiniTool Power Data Recovery 6.5.lnk
[2012/04/18 02:54:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/18 02:54:05 | 1234,522,111 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/18 02:52:33 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/18 02:52:33 | 000,630,928 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/18 02:52:33 | 000,111,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/17 05:20:51 | 000,001,258 | ---- | M] () -- C:\Users\Chris\Desktop\DiskInternals Research.lnk
[2012/04/17 04:42:33 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\NAS Data Recovery.lnk
[2012/04/17 03:05:38 | 018,705,238 | ---- | M] () -- C:\Users\Chris\Documents\NasNavigator manuel.pdf
[2012/04/16 16:57:16 | 000,058,238 | ---- | M] () -- C:\Users\Chris\Desktop\HP Installation Error - Windows 7.hta
[2012/04/16 15:52:44 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/14 05:37:05 | 000,002,581 | ---- | M] () -- C:\Users\Public\Desktop\iSpy.lnk
[2012/04/12 08:58:40 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\CheckDisk.lnk
[2012/04/12 07:28:21 | 000,001,292 | ---- | M] () -- C:\Users\Chris\Desktop\DTI Surface Scanner.lnk
[2012/04/12 02:16:02 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\VT20120410.034
[2012/04/11 22:56:25 | 000,380,544 | ---- | M] (JRiver, Inc.) -- C:\Windows\SysWow64\MC17.exe
[2012/04/11 22:56:25 | 000,380,544 | ---- | M] (JRiver, Inc.) -- C:\Windows\SysNative\MC17.exe
[2012/04/11 14:35:39 | 000,001,103 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/04/11 08:40:38 | 000,001,418 | ---- | M] () -- C:\Users\Chris\Desktop\Download Windows.lnk
[2012/04/05 06:01:18 | 000,001,025 | ---- | M] () -- C:\Users\Chris\Desktop\DVDFab Profile Editor.lnk
[2012/04/05 06:01:18 | 000,001,012 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 8 Qt.lnk
[2012/04/05 06:01:18 | 000,000,988 | ---- | M] () -- C:\Users\Chris\Desktop\DVDFab 8 Qt.lnk
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/03 17:12:53 | 000,003,392 | ---- | M] () -- C:\{3E688429-10F3-41F7-BA78-861D19A635D8}
[2012/04/01 18:48:55 | 000,003,392 | ---- | M] () -- C:\{5D061F34-F0BC-4CA8-8CC8-B43ED09C1241}
[2012/04/01 06:46:58 | 000,000,000 | ---- | M] () -- C:\Windows\PanelExe.INI
[2012/04/01 06:46:58 | 000,000,000 | ---- | M] () -- C:\Windows\EngineExe.INI
[2012/04/01 06:25:56 | 000,001,194 | ---- | M] () -- C:\Users\Public\Desktop\Android Sync Manager WiFi.lnk
[2012/04/01 05:28:51 | 000,034,454 | ---- | M] () -- C:\Users\Chris\Documents\PRIVATE Calendar.ics
[2012/03/29 16:46:09 | 000,003,392 | ---- | M] () -- C:\{59F72426-5802-49C1-A025-1EB51FF5A6BA}
[2012/03/29 04:54:33 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/29 04:44:50 | 000,001,817 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/03/29 04:18:06 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/28 16:18:52 | 000,008,736 | ---- | M] () -- C:\Users\Chris\Documents\license.license
[2012/03/28 15:58:08 | 000,003,392 | ---- | M] () -- C:\{702A46DE-2CB3-434D-AD61-71496D2C8C9F}
[2012/03/28 15:50:31 | 000,001,024 | ---- | M] () -- C:\Users\Chris\Desktop\Logitech Media Server.lnk
[2012/03/28 15:50:30 | 000,001,026 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Media Server Tray Tool.lnk
[2012/03/28 04:24:50 | 000,003,392 | ---- | M] () -- C:\{A895249E-CF83-4B8B-B4DA-E02D83223287}
[2012/03/25 13:04:37 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Administration.lnk
[2012/03/25 13:04:37 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\DigitalCenter.lnk
[2012/03/25 13:04:00 | 000,008,736 | ---- | M] () -- C:\Users\Chris\Documents\zenpoint digitalcenter license.license
[2012/03/25 12:02:54 | 000,001,925 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/03/25 12:02:43 | 000,001,949 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/03/25 11:42:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012/03/25 09:31:24 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2012/03/25 05:58:26 | 000,000,955 | ---- | M] () -- C:\Users\Chris\Desktop\Free IP Switcher.lnk
[2012/03/24 07:36:15 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\MCLIENTx64\0201020.00D\isolate.ini
[2012/03/24 05:43:13 | 000,002,473 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/03/23 07:23:26 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/03/23 07:23:26 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/03/23 07:23:26 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/03/22 14:39:53 | 000,013,344 | ---- | M] () -- C:\Users\Chris\Documents\WORK Calendar.ics
[2012/03/22 06:51:48 | 000,003,392 | ---- | M] () -- C:\{6DF03502-7CCE-4943-BB24-0C362A29CAB6}
[2012/03/21 17:13:20 | 000,003,392 | ---- | M] () -- C:\{9B86E049-6B1F-41C5-A382-E0B1AB8767BB}
[2012/03/21 05:50:07 | 000,003,392 | ---- | M] () -- C:\{79BF3088-370E-4AA4-8097-98F533265A68}
[2012/03/20 05:26:35 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\isolate.ini
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/18 18:27:53 | 000,002,975 | ---- | C] () -- C:\Users\Chris\Desktop\HiJackThis.lnk
[2012/04/18 18:19:40 | 000,002,504 | ---- | C] () -- C:\{E829BBC0-C1E5-4F7E-B36E-46DC1BBE7966}
[2012/04/18 18:15:09 | 000,002,264 | ---- | C] () -- C:\{0F135BBF-DCEE-4CF2-A61E-0598AE835F93}
[2012/04/18 15:41:50 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012/04/18 14:59:25 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2012/04/18 14:59:08 | 000,002,224 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart 5510 series.lnk
[2012/04/18 14:59:08 | 000,001,888 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Photosmart 5510 series.lnk
[2012/04/18 14:59:08 | 000,001,192 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart 5510 series.lnk
[2012/04/18 14:58:51 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/04/18 03:59:22 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\iCare data Recovery Software.lnk
[2012/04/18 03:47:46 | 000,001,005 | ---- | C] () -- C:\Users\Public\Desktop\MiniTool Power Data Recovery 6.5.lnk
[2012/04/17 05:20:51 | 000,001,258 | ---- | C] () -- C:\Users\Chris\Desktop\DiskInternals Research.lnk
[2012/04/17 04:42:33 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\NAS Data Recovery.lnk
[2012/04/17 03:05:38 | 018,705,238 | ---- | C] () -- C:\Users\Chris\Documents\NasNavigator manuel.pdf
[2012/04/16 16:57:16 | 000,058,238 | ---- | C] () -- C:\Users\Chris\Desktop\HP Installation Error - Windows 7.hta
[2012/04/12 08:58:40 | 000,001,048 | ---- | C] () -- C:\Users\Public\Desktop\CheckDisk.lnk
[2012/04/12 07:28:21 | 000,001,292 | ---- | C] () -- C:\Users\Chris\Desktop\DTI Surface Scanner.lnk
[2012/04/11 08:40:38 | 000,001,418 | ---- | C] () -- C:\Users\Chris\Desktop\Download Windows.lnk
[2012/04/05 06:01:18 | 000,001,025 | ---- | C] () -- C:\Users\Chris\Desktop\DVDFab Profile Editor.lnk
[2012/04/05 06:01:18 | 000,001,012 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 8 Qt.lnk
[2012/04/05 06:01:18 | 000,000,988 | ---- | C] () -- C:\Users\Chris\Desktop\DVDFab 8 Qt.lnk
[2012/04/03 17:12:53 | 000,003,392 | ---- | C] () -- C:\{3E688429-10F3-41F7-BA78-861D19A635D8}
[2012/04/01 18:48:55 | 000,003,392 | ---- | C] () -- C:\{5D061F34-F0BC-4CA8-8CC8-B43ED09C1241}
[2012/04/01 06:46:58 | 000,000,000 | ---- | C] () -- C:\Windows\PanelExe.INI
[2012/04/01 06:46:58 | 000,000,000 | ---- | C] () -- C:\Windows\EngineExe.INI
[2012/04/01 06:25:56 | 000,001,194 | ---- | C] () -- C:\Users\Public\Desktop\Android Sync Manager WiFi.lnk
[2012/03/29 16:46:05 | 000,003,392 | ---- | C] () -- C:\{59F72426-5802-49C1-A025-1EB51FF5A6BA}
[2012/03/29 09:50:56 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/29 04:54:33 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/29 04:44:50 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/03/29 04:18:06 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/28 15:58:08 | 000,003,392 | ---- | C] () -- C:\{702A46DE-2CB3-434D-AD61-71496D2C8C9F}
[2012/03/28 04:24:50 | 000,003,392 | ---- | C] () -- C:\{A895249E-CF83-4B8B-B4DA-E02D83223287}
[2012/03/25 13:22:59 | 000,001,277 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/03/25 13:22:40 | 000,001,346 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/03/25 13:21:44 | 000,001,430 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/03/25 13:21:10 | 000,002,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/03/25 13:06:00 | 000,008,736 | ---- | C] () -- C:\Users\Chris\Documents\license.license
[2012/03/25 13:04:37 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Administration.lnk
[2012/03/25 13:04:37 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\DigitalCenter.lnk
[2012/03/25 13:04:00 | 000,008,736 | ---- | C] () -- C:\Users\Chris\Documents\zenpoint digitalcenter license.license
[2012/03/25 12:02:54 | 000,001,925 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/03/25 12:02:43 | 000,001,949 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/03/25 11:42:21 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012/03/25 09:31:24 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2012/03/25 05:58:26 | 000,000,955 | ---- | C] () -- C:\Users\Chris\Desktop\Free IP Switcher.lnk
[2012/03/22 14:39:53 | 000,013,344 | ---- | C] () -- C:\Users\Chris\Documents\WORK Calendar.ics
[2012/03/22 06:51:47 | 000,003,392 | ---- | C] () -- C:\{6DF03502-7CCE-4943-BB24-0C362A29CAB6}
[2012/03/21 17:13:20 | 000,003,392 | ---- | C] () -- C:\{9B86E049-6B1F-41C5-A382-E0B1AB8767BB}
[2012/03/21 05:50:06 | 000,003,392 | ---- | C] () -- C:\{79BF3088-370E-4AA4-8097-98F533265A68}
[2012/02/18 04:26:15 | 000,003,921 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis aoTuV Encoder.dat
[2012/02/18 04:25:44 | 000,003,071 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
[2012/02/18 04:23:16 | 000,003,627 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Nero AAC Encoder.dat
[2012/02/18 04:22:35 | 000,003,190 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
[2012/02/18 04:20:13 | 000,003,181 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Utilities.dat
[2012/02/18 04:19:52 | 000,003,334 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp AAC Encoder.dat
[2012/02/18 04:19:07 | 000,003,232 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.dat
[2012/02/18 04:17:54 | 000,012,502 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2012/02/18 04:17:51 | 000,015,613 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2012/02/18 04:17:15 | 003,031,784 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2012/02/18 04:17:15 | 000,005,894 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp CD Writer.dat
[2012/02/16 08:27:11 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2012/02/11 19:04:45 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/02/11 12:52:13 | 000,009,216 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/07 05:12:57 | 000,015,046 | ---- | C] () -- C:\Windows\UN060501.INI
[2012/02/06 19:57:16 | 000,000,076 | ---- | C] () -- C:\Windows\SysWow64\dtirc.dll
[2012/02/06 19:22:19 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/02/06 19:22:18 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/02/06 19:22:07 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe
[2012/02/06 19:21:56 | 000,005,078 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2012/02/06 15:40:22 | 000,734,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/06 15:08:49 | 000,181,760 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/02/06 15:08:49 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/02/06 15:08:26 | 000,001,772 | ---- | C] () -- C:\ProgramData\cfSB1095.ini
[2012/02/06 13:24:19 | 000,019,521 | ---- | C] () -- C:\Windows\SysWow64\njtfikvz.dll
[2012/01/31 01:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/01/18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012/01/10 23:27:26 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012/01/10 23:27:26 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012/01/10 23:27:26 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012/01/10 22:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/12/23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/12/23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/12/23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/12/23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010/08/25 12:31:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2012/02/06 09:10:19 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Acronis
[2012/04/12 11:10:04 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Auslogics
[2012/02/07 06:33:05 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Babylon
[2012/02/11 08:35:29 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Boilsoft
[2012/04/01 06:24:37 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\CompanionLink
[2012/04/01 08:49:43 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DAEMON Tools Pro
[2012/02/19 09:40:41 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\dBpoweramp
[2012/04/18 02:56:21 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Dropbox
[2012/04/11 08:54:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DVDFab
[2012/04/18 02:34:15 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\GoodSync
[2012/04/01 06:19:02 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\gSyncit
[2012/04/18 02:56:41 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\iSpy
[2012/03/18 12:41:06 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\J River
[2012/04/08 13:37:35 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\JonDo
[2012/02/08 06:22:29 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Leadertech
[2012/04/08 17:16:53 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\MediaMonkey
[2012/04/01 06:25:54 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mobile Action
[2012/02/07 05:13:35 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\NASNaviator2
[2012/02/06 07:08:21 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OEM
[2012/02/10 18:14:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenDNS Updater
[2012/03/25 12:01:49 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Samsung
[2012/04/18 10:53:16 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Spotify
[2012/04/01 08:17:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\SystemRequirementsLab
[2012/04/08 09:30:36 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Temp
[2012/04/18 04:24:52 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TwonkyServer
[2012/04/18 18:55:25 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent
[2012/04/18 15:50:00 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Visan
[2012/02/06 07:18:54 | 000,000,000 | -HSD | M] -- C:\Users\Chris\AppData\Roaming\wyUpdate AU
[2012/03/28 16:20:40 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ZenPoint
[2012/04/18 09:00:01 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\GoodSync - USERS FOLDER SYNC.job
[2012/04/18 02:28:31 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
CompCav
Posted 20 April 2012 - 02:48 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Hi, Chris G Kelly! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.


FIRST

For your hotmail account, go to a known clean computer log on to your hotmail account and change your password to a stronger password that hackers would have trouble guessing.



Now that we have that done let's get on with cleaning your computer:

Since it has been awhile we need an updated OTL plus Extras and aswMBR logs :)


Step 1.

Download OTL to your Desktop
or
If you still have OTL on your desktop go immediately to the following steps:

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Under File Scans File Age: Select 90 days from the drop down box.
  • Select Lop Check and Purity Check
  • Under Extra Registry: Select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    C:\Program Files\Common Files\ComObjects\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt and Extras.txt .
  • Post both logs


Step 2.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
If it does not run rename aswMBR.exe to Iexplore.exe and try it again.

Step 3.

Please post:

OTL.txt
Extras.txt
aswMBR log




Give me any updates on issues with your computer
  • 0

#3
Chris G Kelly
Posted 24 April 2012 - 01:16 AM

Chris G Kelly

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
HI. Thank you. It seems the changing of passwords has eliminated the problem so far. If it starts up again, i will use the other steps. :thumbsup:
  • 0

#4
CompCav
Posted 24 April 2012 - 05:39 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
I will hold this topic open for four days so try it out and let me know.

Regards,

CompCav
  • 0

#5
CompCav
Posted 27 April 2012 - 10:10 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP