Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Sirefef-A, Sirefef-AO, Karagany-HO


  • Please log in to reply

#1
clwhit12

clwhit12

    New Member

  • Member
  • Pip
  • 4 posts
I had an issue last night while I was browsing the internet and had a java prompt came up. I allowed it to run and immediately after avast starting reporting the Sirefef-A, Sirefef-AO, Karagany-HO, Jorik-HJ, Downloader-OOZ.

I ran Malware bytes and picked up several entries for rootkits and malware. I'm not getting warnings anymore but I'm not satisfied everything is gone. The machine is running slower and my google searches in chrome are telling me I am trying to access insecure content. Here is my log for OTO.

Thanks


OTL logfile created on: 5/29/2012 10:07:52 AM - Run 2
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\chris\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 25.63% Memory free
5.50 Gb Paging File | 2.52 Gb Available in Paging File | 45.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 596.07 Gb Total Space | 281.98 Gb Free Space | 47.31% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/29 09:56:23 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\chris\Downloads\OTL.exe
PRC - [2012/05/29 09:05:34 | 000,011,600 | ---- | M] (Microsoft Corporation) -- C:\Users\chris\My Documents\Visual Studio 2010\Projects\Infinium Quoting 3\Infinium Quoting 3\bin\Debug\Infinium Quoting 3.vshost.exe
PRC - [2012/05/14 19:06:32 | 013,806,080 | ---- | M] (Google Inc.) -- C:\Users\chris\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2012/04/27 17:49:29 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/04/05 15:50:08 | 000,008,704 | ---- | M] (Hi-Rez Studios) -- C:\Program Files\Hi-Rez Studios\HiPatchService.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/21 16:57:07 | 000,119,296 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
PRC - [2012/03/19 07:38:48 | 002,279,296 | ---- | M] (TeamViewer GmbH) -- c:\Program Files\TeamViewer\Version7\TeamViewer_Desktop.exe
PRC - [2012/03/19 07:38:46 | 007,357,824 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/03/19 07:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/03/19 07:29:38 | 000,106,368 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\tv_w32.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/27 14:43:07 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012/02/14 19:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\chris\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/09/20 15:52:58 | 000,245,608 | ---- | M] (Wondershare) -- C:\Program Files\Wondershare\MobileGo\MobileGoService.exe
PRC - [2011/08/28 17:16:39 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/05/25 02:09:08 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/05/25 02:09:07 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/05/25 02:09:06 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/04/27 09:55:28 | 000,973,824 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/21 17:04:48 | 000,571,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/06 22:24:32 | 001,866,864 | ---- | M] (PeerBlock, LLC) -- C:\Program Files\PeerBlock\peerblock.exe
PRC - [2010/05/28 10:33:44 | 000,447,952 | ---- | M] () -- C:\Program Files\PdaNet for Android\PdaNetPC.exe
PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/29 07:52:20 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/05/22 21:56:50 | 000,441,880 | ---- | M] () -- C:\Users\chris\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppgooglenaclpluginchrome.dll
MOD - [2012/05/22 21:56:49 | 003,922,456 | ---- | M] () -- C:\Users\chris\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
MOD - [2012/05/22 21:55:35 | 000,553,496 | ---- | M] () -- C:\Users\chris\AppData\Local\Google\Chrome\Application\19.0.1084.52\libglesv2.dll
MOD - [2012/05/22 21:55:33 | 000,117,784 | ---- | M] () -- C:\Users\chris\AppData\Local\Google\Chrome\Application\19.0.1084.52\libegl.dll
MOD - [2012/05/22 21:55:24 | 000,134,696 | ---- | M] () -- C:\Users\chris\AppData\Local\Google\Chrome\Application\19.0.1084.52\avutil-51.dll
MOD - [2012/05/22 21:55:23 | 000,250,408 | ---- | M] () -- C:\Users\chris\AppData\Local\Google\Chrome\Application\19.0.1084.52\avformat-54.dll
MOD - [2012/05/22 21:55:21 | 002,375,720 | ---- | M] () -- C:\Users\chris\AppData\Local\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll
MOD - [2012/05/22 21:06:23 | 008,743,584 | ---- | M] () -- C:\Users\chris\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
MOD - [2012/05/14 18:55:28 | 000,344,064 | ---- | M] () -- C:\Users\chris\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2012/05/14 18:55:16 | 000,346,624 | ---- | M] () -- C:\Users\chris\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2012/05/14 18:54:16 | 000,364,032 | ---- | M] () -- C:\Users\chris\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2012/05/14 18:54:12 | 000,198,656 | ---- | M] () -- C:\Users\chris\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2012/05/12 14:54:36 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\ede3b9144bc31da0eaaf86c7b6a9eaaa\WindowsFormsIntegration.ni.dll
MOD - [2012/05/12 14:54:35 | 000,142,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VSLangProj\c831cbaf715b5bb41a9197215a1009fc\VSLangProj.ni.dll
MOD - [2012/05/12 14:54:34 | 004,075,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VsDebugPresentation#\60d9be38818ee267e365f0bb0f4ee603\VsDebugPresentationPackage.ni.dll
MOD - [2012/05/12 14:52:36 | 000,134,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\7803f4398a527a87d5cace8023e93e8b\System.Data.DataSetExtensions.ni.dll
MOD - [2012/05/12 14:52:21 | 001,060,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Printing\bd371863e99082fa48cd630a73259448\System.Printing.ni.dll
MOD - [2012/05/12 14:52:20 | 000,196,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\0a80fd3af7e48eb9cc9099fee5814dff\UIAutomationTypes.ni.dll
MOD - [2012/05/12 14:52:20 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\05787d96761cf20b76b927ace10ef1d3\UIAutomationProvider.ni.dll
MOD - [2012/05/12 14:52:18 | 000,168,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8572cba29dbab554480704b9407be404\PresentationFramework.VisualStudio.Design.ni.dll
MOD - [2012/05/12 14:52:17 | 001,479,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationBuildTa#\96e437d1e82e54e63ed96af50e96d03d\PresentationBuildTasks.ni.dll
MOD - [2012/05/12 14:52:13 | 001,396,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Windows.D#\72f8cbc4e929d41b6d6cf887f3a2f601\Microsoft.Windows.Design.Platform.WPF.ni.dll
MOD - [2012/05/12 14:52:12 | 002,972,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Windows.D#\30cc8e489dbec3b75e7aab6343a0b801\Microsoft.Windows.Design.Platform.ni.dll
MOD - [2012/05/12 14:52:09 | 002,607,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Windows.D#\94fa4bb3b3199ec286153f2f4b6069df\Microsoft.Windows.Design.Markup.ni.dll
MOD - [2012/05/12 14:52:07 | 000,409,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Windows.D#\84a7aa97add340afbb361c35e26536db\Microsoft.Windows.Design.Developer.WPF.ni.dll
MOD - [2012/05/12 14:52:07 | 000,076,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Windows.D#\2f4104dec48189509ae61b35ac6b3da8\Microsoft.Windows.Design.Host.ni.dll
MOD - [2012/05/12 14:52:06 | 003,008,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Windows.D#\19ad78a54ba11079a812e17b51e49483\Microsoft.Windows.Design.Developer.ni.dll
MOD - [2012/05/12 14:52:00 | 010,703,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VSDesigner\f1b86770f09581a72a4c47dd8eec4649\Microsoft.VSDesigner.ni.dll
MOD - [2012/05/12 14:51:54 | 007,321,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\528e05b83a96ea6de5c21f7ab51d9b67\Microsoft.VisualStudio.Xaml.ni.dll
MOD - [2012/05/12 14:51:48 | 000,783,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\52fe76375ec4b542b5bd8df0d76aeb5f\Microsoft.VisualStudio.Web.HTML.Implementation.ni.dll
MOD - [2012/05/12 14:51:47 | 000,348,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\896efa83ae9b825caa6f242392468cfe\Microsoft.VisualStudio.Web.HTML.ni.dll
MOD - [2012/05/12 14:51:46 | 000,113,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\617121e58bd1255369e1ad5eb7335ba6\Microsoft.VisualStudio.Web.CSS.Implementation.ni.dll
MOD - [2012/05/12 14:51:46 | 000,064,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\4d86056db2678d857775968257e87a07\Microsoft.VisualStudio.Web.Exports.ni.dll
MOD - [2012/05/12 14:51:45 | 000,079,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\0598f328dd70f3b18f0b7f1344daebf3\Microsoft.VisualStudio.Web.CSS.ni.dll
MOD - [2012/05/12 14:51:42 | 002,848,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\1f13f3ff77185ba6b39ddda57316d8d7\Microsoft.VisualStudio.Web.ni.dll
MOD - [2012/05/12 14:51:39 | 001,066,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\1f52f41eb2d475631f9f17001dca8353\Microsoft.VisualStudio.VisualBasic.LanguageService.ni.dll
MOD - [2012/05/12 14:51:27 | 000,286,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\c6326c8b9544d6b068d6555955bec656\Microsoft.VisualStudio.Text.UI.Wpf.ni.dll
MOD - [2012/05/12 14:51:26 | 000,410,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\a3528059d8c2b7f92fed05bbe43ac535\Microsoft.VisualStudio.Text.UI.ni.dll
MOD - [2012/05/12 14:51:25 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\0560c278ea6ef9ac6f72aed11fe5663a\Microsoft.VisualStudio.Text.Data.ni.dll
MOD - [2012/05/12 14:51:25 | 000,266,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\d65ee797211b2b1203060cb4c1bc23bc\Microsoft.VisualStudio.Text.Logic.ni.dll
MOD - [2012/05/12 14:51:25 | 000,115,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\dea3cbb4057fdd4fa80184041aee8234\Microsoft.VisualStudio.Text.Internal.ni.dll
MOD - [2012/05/12 14:51:09 | 001,310,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\080714703b070f029fb6bb54a92d765b\Microsoft.VisualStudio.Shell.ViewManager.ni.dll
MOD - [2012/05/12 14:51:08 | 001,887,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\716d748a5f9cb098ea590f93fa2d0c4f\Microsoft.VisualStudio.Shell.UI.Internal.ni.dll
MOD - [2012/05/12 14:51:06 | 001,605,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\50165b7a9d4be8e358da29c394560f94\Microsoft.VisualStudio.Shell.StartPage.ni.dll
MOD - [2012/05/12 14:51:05 | 001,469,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\a0694c16d291ce75e4e0c775bd9547df\Microsoft.VisualStudio.Shell.Design.ni.dll
MOD - [2012/05/12 14:51:05 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\2ea90f4827f7af1870fe71893758c82a\Microsoft.VisualStudio.Shell.Immutable.10.0.ni.dll
MOD - [2012/05/12 14:50:29 | 002,359,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\8d20fdba624654768d115a854e076d5c\Microsoft.VisualStudio.Platform.WindowManagement.ni.dll
MOD - [2012/05/12 14:50:27 | 005,599,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\f7e5dc46d458e36067ec626875b2b63a\Microsoft.VisualStudio.Platform.VSEditor.ni.dll
MOD - [2012/05/12 14:50:22 | 000,051,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\f15d554a19f7a0882a73bc552a4999fa\Microsoft.VisualStudio.Platform.AppDomainManager.ni.dll
MOD - [2012/05/12 14:50:21 | 002,718,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\d7d20eceaf15ce26d325977ed2ab41d3\Microsoft.VisualStudio.Shell.10.0.ni.dll
MOD - [2012/05/12 14:50:10 | 000,028,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\e719bd054f9dbeef2201c7cd5051c94c\Microsoft.VisualStudio.Language.StandardClassification.ni.dll
MOD - [2012/05/12 14:50:08 | 000,197,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\ff2a2da9c306a9335bc6d714b3665570\Microsoft.VisualStudio.Language.Intellisense.ni.dll
MOD - [2012/05/12 14:50:07 | 000,033,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\c71a6537753f036a8fa90c75f8f6cff0\Microsoft.VisualStudio.Language.CallHierarchy.ni.dll
MOD - [2012/05/12 14:50:06 | 000,130,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\c288364e373e83bc7e18596de7c5cd9d\Microsoft.VisualStudio.FileDiscovery.ni.dll
MOD - [2012/05/12 14:50:05 | 001,433,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\17d48a00120d152f8cacc1572ce52428\Microsoft.VisualStudio.ExtensionManager.Implementation.ni.dll
MOD - [2012/05/12 14:50:04 | 000,792,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\40a010229b35b547479e111289b30b47\Microsoft.VisualStudio.ExtensibilityHosting.ni.dll
MOD - [2012/05/12 14:50:04 | 000,087,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\84d97f2cad28a901df1326424509f2a0\Microsoft.VisualStudio.ExtensionManager.ni.dll
MOD - [2012/05/12 14:49:54 | 000,920,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\9d37397657f48107e3b049d0f38dd35a\Microsoft.VisualStudio.Shell.9.0.ni.dll
MOD - [2012/05/12 14:49:44 | 002,673,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\dc2fb0c913eada93e2e0809ea3111bef\Microsoft.VisualStudio.Editor.Implementation.ni.dll
MOD - [2012/05/12 14:49:42 | 000,035,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\4ae5a117a692c487f19550fe43529d0f\Microsoft.VisualStudio.Editor.ni.dll
MOD - [2012/05/12 14:49:41 | 000,702,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\6719a23f7fb0550ce9b54de02b86387a\Microsoft.VisualStudio.Diagnostics.Common.ni.dll
MOD - [2012/05/12 14:49:39 | 001,844,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\c52304a0377c6a8c366a810cbce516ef\Microsoft.VisualStudio.Design.ni.dll
MOD - [2012/05/12 14:49:39 | 000,035,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\cd9c720a731b78e6f6361a1a27485d87\Microsoft.VisualStudio.Designer.Interfaces.ni.dll
MOD - [2012/05/12 14:49:37 | 000,275,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\e23d21902b1243fbcd8630720b51ac28\Microsoft.VisualStudio.CSharp.SmartTags.ni.dll
MOD - [2012/05/12 14:49:36 | 006,968,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\be1613d408ef3ffd0bd576b1180c06b3\Microsoft.VisualStudio.CSharp.Services.Language.ni.dll
MOD - [2012/05/12 14:49:30 | 000,091,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\3574850259acb7a02ac2b5fe9b5f2007\Microsoft.VisualStudio.CoreUtility.ni.dll
MOD - [2012/05/12 14:49:29 | 000,312,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\7a124260a8d802c21d72a6396959daf5\Microsoft.VisualStudio.ComponentModelHost.Implementation.ni.dll
MOD - [2012/05/12 14:49:28 | 001,168,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\2539d21dbc254d839d9ae58d3959fdc9\Microsoft.VisualStudio.CommonIDE.ni.dll
MOD - [2012/05/12 14:49:26 | 000,819,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\b5d759f365ff2b322f2fff851dcf0d75\Microsoft.VisualStudio.ni.dll
MOD - [2012/05/12 14:49:22 | 001,385,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\7ba63e988b607ef446e1a314c958e39a\Microsoft.VisualBasic.Editor.ni.dll
MOD - [2012/05/12 14:49:18 | 001,838,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\92694d06b9da1bff8e1722913a1d62bc\Microsoft.VisualBasic.ni.dll
MOD - [2012/05/12 14:47:49 | 000,194,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\f11d5fea7ded12068e8cdb8b2f1bdbd9\CustomMarshalers.ni.dll
MOD - [2012/05/12 14:47:45 | 004,248,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build\5246fa832baabf6e3706fd537fe19062\Microsoft.Build.ni.dll
MOD - [2012/05/12 14:47:39 | 000,027,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\9a4177f8a4c1587ca2ac8c60042f9e70\Microsoft.VisualStudio.ComponentModelHost.ni.dll
MOD - [2012/05/12 14:47:34 | 001,333,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Windows.D#\a2c8193e131190f1e1f21f9faed920a3\Microsoft.Windows.Design.Interaction.ni.dll
MOD - [2012/05/12 14:47:32 | 000,520,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Windows.D#\b5d879864a05dc46e040d0471eafe4cd\Microsoft.Windows.Design.Extensibility.ni.dll
MOD - [2012/05/12 14:47:14 | 002,014,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Expressio#\3d9b454d3700b66e2d57ea0d94f718f3\Microsoft.Expression.Platform.WPF.ni.dll
MOD - [2012/05/12 14:47:12 | 003,849,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Expressio#\f9161718d956e8d6b3be2ce6a54a5c1e\Microsoft.Expression.DesignModel.ni.dll
MOD - [2012/05/12 14:47:07 | 000,063,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\083b75900e64016a16940a46c668c7a5\Microsoft.VisualStudio.Diagnostics.Measurement.ni.dll
MOD - [2012/05/12 14:46:42 | 000,031,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\73cd171ac02decc24a600078d72fb400\Microsoft.VisualStudio.VSHelp80.ni.dll
MOD - [2012/05/12 14:46:35 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\4837a5c6204d53e7aa4f7dd94b98207c\System.Xml.Linq.ni.dll
MOD - [2012/05/12 14:46:30 | 002,877,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\ac69ff5ee7791bd60b846598e1e405eb\Microsoft.Build.Tasks.v4.0.ni.dll
MOD - [2012/05/12 14:46:28 | 000,631,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Uti#\3ad065635e1e0cd413081be61993cd38\Microsoft.Build.Utilities.v4.0.ni.dll
MOD - [2012/05/12 14:46:25 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
MOD - [2012/05/12 14:46:17 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\94b346f2ab12d38efb1331ded5783396\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 14:46:13 | 000,037,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\7a58bd71205e76dddb7b0885f5df4239\Microsoft.VisualStudio.VSHelp.ni.dll
MOD - [2012/05/12 14:46:12 | 000,898,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\EnvDTE\5a7cfe4ade7393e1444c64cb149b22cc\EnvDTE.ni.dll
MOD - [2012/05/12 14:46:12 | 000,055,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\stdole\346496646d08a98f3aa3006874fc2b55\stdole.ni.dll
MOD - [2012/05/12 14:45:05 | 000,258,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Fra#\71a3a98ff5fb128d3abf6ecc3224ba6b\Microsoft.Build.Framework.ni.dll
MOD - [2012/05/12 14:44:24 | 000,044,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\62c1a496dff99a6e5f5e4278d31ca4c1\Accessibility.ni.dll
MOD - [2012/05/12 10:30:26 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll
MOD - [2012/05/12 10:30:26 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll
MOD - [2012/05/12 10:30:25 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/12 10:30:05 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012/05/12 10:29:57 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/05/12 10:29:35 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 10:29:30 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 10:29:29 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 10:29:22 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/11 23:10:43 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\041b1bcf6ae9ab58925791d8198c37e2\PresentationFramework.ni.dll
MOD - [2012/05/11 23:10:26 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a1de74c8d0dfd15e3246e5dd394013bf\PresentationCore.ni.dll
MOD - [2012/05/11 23:10:19 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll
MOD - [2012/05/11 23:10:16 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\4b7adff986a085bb562222d0c5fdf5aa\WindowsBase.ni.dll
MOD - [2012/05/11 23:05:33 | 000,226,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\02fbf9c53252572c65734e4058139abc\System.Drawing.Design.ni.dll
MOD - [2012/05/11 23:05:32 | 011,021,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Design\5a3f59e0fe83702ffff3925dd6ef8f47\System.Design.ni.dll
MOD - [2012/05/11 23:05:21 | 000,693,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\877ef74350e6d374ca8f80b489a8cc8e\System.ComponentModel.Composition.ni.dll
MOD - [2012/05/11 23:05:11 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll
MOD - [2012/05/11 23:05:09 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9ee9841d9e33fe5dceba4cd7d90f2ae0\System.Windows.Forms.ni.dll
MOD - [2012/05/11 23:04:59 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\03b5233f1511f5fdb39eb681b04e5506\System.Drawing.ni.dll
MOD - [2012/05/11 23:04:58 | 001,616,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\9912b6d76c1017b5af6ef24730f550ca\Microsoft.CSharp.ni.dll
MOD - [2012/05/11 23:04:58 | 000,377,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\a9b1e597aaa263dea2cf8754440bd271\System.Dynamic.ni.dll
MOD - [2012/05/11 23:04:56 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012/05/11 23:04:53 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012/05/11 23:04:50 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
MOD - [2012/05/11 23:04:49 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012/05/11 23:04:43 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/08/27 09:45:30 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/08/27 09:45:30 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/08/27 09:45:29 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/06/02 15:28:04 | 000,904,704 | ---- | M] () -- C:\Program Files\Wondershare\MobileGo\System.Data.SQLite.dll
MOD - [2011/04/19 12:39:46 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2011/04/19 12:39:44 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/04 21:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/05/28 10:33:44 | 000,447,952 | ---- | M] () -- C:\Program Files\PdaNet for Android\PdaNetPC.exe
MOD - [2009/06/10 17:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/24 20:20:04 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/04 21:15:08 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/05 15:50:08 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/21 16:57:07 | 000,119,296 | ---- | M] (Yuna Software) [Auto | Running] -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe -- (MsgPlusService)
SRV - [2012/03/19 07:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/02/15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/28 01:36:23 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/28 17:16:39 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/05/25 02:09:06 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/03/26 18:54:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/12/31 08:39:54 | 008,133,120 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe -- (wampmysqld)
SRV - [2010/12/31 08:39:42 | 000,020,549 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\Apache2.2.17\bin\httpd.exe -- (wampapache)
SRV - [2010/11/20 08:19:33 | 000,068,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2010/09/17 10:14:58 | 000,370,008 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS)
SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/04/03 14:56:08 | 000,367,456 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL10_50.HOME\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$HOME) SQL Server Agent (HOME)
SRV - [2010/04/03 14:56:08 | 000,044,896 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2010/04/03 11:56:08 | 000,267,616 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 21:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\chris\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\chris\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/08/19 01:46:06 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tapoas.sys -- (tapoas)
DRV - [2011/08/13 21:18:58 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/13 21:18:58 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/05/25 02:09:05 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/20 04:42:28 | 000,246,784 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2010/11/06 22:24:32 | 000,020,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2010/09/16 12:39:16 | 001,505,280 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cmudaxp.sys -- (cmudaxp)
DRV - [2010/09/08 15:42:16 | 000,230,248 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2010/06/25 13:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010/04/12 04:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/04/03 11:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/07/13 21:20:28 | 000,022,096 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk)
DRV - [2009/07/13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/07/26 16:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 16:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/07/26 15:25:48 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 15:22:22 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2006/09/28 15:32:14 | 000,009,472 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pnetmdm.sys -- (pnetmdm)
DRV - [2002/10/01 15:43:32 | 000,119,798 | ---- | M] (SP) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SPCA561.SYS -- (CA561)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1657444015-3313040223-1549951278-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1657444015-3313040223-1549951278-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1657444015-3313040223-1549951278-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1657444015-3313040223-1549951278-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1657444015-3313040223-1549951278-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1657444015-3313040223-1549951278-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1657444015-3313040223-1549951278-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\chris\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\chris\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\chris\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\chris\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/23 14:13:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/27 14:11:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/01 00:44:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/08 20:49:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F053B81E-A984-11E1-8270-B8AC6F996F26}: C:\Users\chris\AppData\Local\{F053B81E-A984-11E1-8270-B8AC6F996F26}\ [2012/05/29 07:53:13 | 000,000,000 | ---D | M]

[2011/07/31 13:20:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\Mozilla\Extensions
[2011/04/05 13:44:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/07/31 13:20:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2012/05/20 23:44:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nyqkd4bp.default\extensions
[2012/01/16 14:30:55 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nyqkd4bp.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2011/11/26 18:54:00 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nyqkd4bp.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/07/25 19:52:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/25 19:52:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\chris\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\chris\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\chris\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\chris\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\chris\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\chris\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\chris\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: SEOquake = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\1.0.1_0\
CHR - Extension: ImageZoom = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmigpjhdoghhhmecocklaokmmamgobo\1.5_0\
CHR - Extension: Better Music for Google Play Music = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdollfdihekkbcgmbpjddfdaeigacmia\1.5.8_0\
CHR - Extension: Web Developer = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.3.1_0\
CHR - Extension: YouTube = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Firebug Lite for Google Chrome = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.3.2.9761_0\
CHR - Extension: YouTube quality selector = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceabifbfdgibpkmbmlmnckcdlphlbfba\1.2.4_0\
CHR - Extension: Google Search = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.33_0\
CHR - Extension: Flash Video Downloader = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpjfocihhfgighbkleiolokddfmhcdpm\1.0.1_0\
CHR - Extension: Rapportive = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin\1.2.6_0\
CHR - Extension: META SEO inspector = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibkclpciafdglkjkcibmohobjkcfkaef\1.8.3_0\
CHR - Extension: Resolution Test = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhfcdbheobinplaamokffboaccidbal\2.0_0\
CHR - Extension: Auto HD For YouTube = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak\2.5.5_0\
CHR - Extension: NoDoFollow = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nggmjepdgcjghlbekdemkkfblcbcmjcj\0.0.1_0\
CHR - Extension: NotScripts = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0\
CHR - Extension: Gmail = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/29 10:07:38 | 000,000,345 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MessengerPlusForSkypeService] C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software)
O4 - HKLM..\Run: [ncsStart] C:\Program Files\NetChatSpy\ncs.exe (Computer Home Help)
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKU\S-1-5-21-1657444015-3313040223-1549951278-1001..\Run: [dpsti] C:\Users\chris\AppData\Local\Temp\dpsti.dll (DT Soft Ltd.)
O4 - HKU\S-1-5-21-1657444015-3313040223-1549951278-1001..\Run: [MusicManager] C:\Users\chris\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKU\S-1-5-21-1657444015-3313040223-1549951278-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1657444015-3313040223-1549951278-1001..\Run: [wdmsql] C:\Users\chris\AppData\Local\Temp\wdmsql.dll (Analog Devices, Inc.)
O4 - HKU\S-1-5-21-1657444015-3313040223-1549951278-1008..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\chris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1657444015-3313040223-1549951278-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1657444015-3313040223-1549951278-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3897320B-7797-4E0E-AD04-CC268525069B}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/29 09:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max Uninstaller
[2012/05/29 09:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\Max Uninstaller
[2012/05/29 08:20:16 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\{F053F7BA-A984-11E1-8270-B8AC6F996F26}
[2012/05/29 07:53:13 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\{F053B81E-A984-11E1-8270-B8AC6F996F26}
[2012/05/28 22:47:57 | 000,000,000 | ---D | C] -- C:\Users\chris\Documents\Scans
[2012/05/28 22:21:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/28 22:21:01 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/05/28 21:44:39 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F170001AFD3000A6DA3B4EB238B
[2012/05/28 17:27:11 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\{6B61432E-B024-4917-B59F-B491658FBE1E}
[2012/05/28 17:26:56 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\{BA5502F2-6E7E-4EB6-BE87-C190FD68F4E8}
[2012/05/27 22:22:08 | 000,000,000 | ---D | C] -- C:\Users\chris\Documents\Calibre Library
[2012/05/27 22:22:05 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\calibre
[2012/05/27 22:20:50 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2012/05/27 22:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2012/05/27 18:41:14 | 000,000,000 | ---D | C] -- C:\Users\chris\Documents\My eBooks
[2012/05/27 18:41:14 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\Mobipocket
[2012/05/27 18:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobipocket.com
[2012/05/27 18:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mobipocket.com
[2012/05/26 01:11:19 | 000,000,000 | ---D | C] -- C:\Users\chris\Desktop\Multimedia
[2012/05/26 01:10:31 | 000,000,000 | ---D | C] -- C:\Users\chris\Desktop\Utilities
[2012/05/25 19:48:51 | 000,000,000 | ---D | C] -- C:\Users\chris\Desktop\Games
[2012/05/21 01:15:55 | 000,000,000 | ---D | C] -- C:\New folder
[2012/05/16 22:19:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gnaural
[2012/05/16 22:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\Gnaural
[2012/05/16 15:01:24 | 000,000,000 | ---D | C] -- C:\Users\chris\Documents\Anki
[2012/05/16 15:01:23 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\.anki
[2012/05/16 14:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\Anki
[2012/05/15 15:07:10 | 000,000,000 | ---D | C] -- C:\Users\chris\Documents\Diablo III
[2012/05/15 14:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012/05/15 14:36:07 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo III
[2012/05/15 14:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012/05/15 14:36:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2012/05/15 14:30:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012/05/14 20:05:06 | 000,000,000 | ---D | C] -- C:\Program Files\i3Mindware
[2012/05/14 11:15:36 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\Microsoft Corporation
[2012/05/13 01:14:50 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\Tropico 4
[2012/05/13 01:13:19 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\Kalypso Media
[2012/05/10 21:18:05 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\{7D2E5CD0-5AD5-4DF2-938A-23098E121FA3}
[2012/05/10 21:17:53 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\{8CF3B917-7424-46AA-A706-975AFC771CE7}
[2012/05/09 02:06:58 | 000,000,000 | ---D | C] -- C:\Users\chris\Documents\weight loss
[2012/05/06 03:13:36 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\{57A48D48-B98D-44EA-90DB-D9BFD525FE17}
[2012/05/06 03:13:25 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\{D3E83F96-4D1D-409F-9C99-9648AEB6A680}
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/29 09:33:09 | 000,001,018 | ---- | M] () -- C:\Users\chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Max Uninstaller.lnk
[2012/05/29 09:33:09 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\Max Uninstaller.lnk
[2012/05/29 09:28:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1657444015-3313040223-1549951278-1001UA.job
[2012/05/29 09:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/29 07:58:54 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/29 07:58:54 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/29 07:51:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/29 07:51:15 | 2213,441,536 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/29 01:28:21 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1657444015-3313040223-1549951278-1001Core.job
[2012/05/28 22:21:03 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/27 22:21:29 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/05/27 18:40:31 | 000,002,615 | ---- | M] () -- C:\Users\Public\Desktop\Mobipocket Reader.lnk
[2012/05/27 00:21:54 | 000,793,466 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/27 00:21:54 | 000,171,134 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/26 18:44:37 | 000,000,987 | ---- | M] () -- C:\Users\chris\Desktop\Traffic Travis.lnk
[2012/05/26 15:43:14 | 000,062,464 | ---- | M] () -- C:\Users\chris\Documents\criminology.msam
[2012/05/25 17:24:32 | 000,002,054 | -H-- | M] () -- C:\Users\chris\Documents\Default.rdp
[2012/05/23 23:29:57 | 000,002,401 | ---- | M] () -- C:\Users\chris\Desktop\Google Chrome.lnk
[2012/05/19 22:42:25 | 000,000,941 | ---- | M] () -- C:\Users\chris\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/05/19 22:42:25 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/05/18 18:45:10 | 000,006,144 | ---- | M] () -- C:\Users\chris\Documents\i3MindwareDB
[2012/05/16 14:55:46 | 000,000,704 | ---- | M] () -- C:\Users\chris\Desktop\Anki.lnk
[2012/05/14 20:05:13 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\i3Mindware.lnk
[2012/05/14 20:04:53 | 000,035,840 | ---- | M] () -- C:\Users\chris\Documents\IThreei3MindwareDB
[2012/05/12 10:27:34 | 000,453,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/08 15:27:17 | 000,326,656 | ---- | M] () -- C:\Users\chris\Documents\wisdom teeth removal.msam
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/29 09:33:09 | 000,001,018 | ---- | C] () -- C:\Users\chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Max Uninstaller.lnk
[2012/05/29 09:33:09 | 000,000,994 | ---- | C] () -- C:\Users\Public\Desktop\Max Uninstaller.lnk
[2012/05/28 22:21:03 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/27 22:21:29 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/05/27 18:40:31 | 000,002,615 | ---- | C] () -- C:\Users\Public\Desktop\Mobipocket Reader.lnk
[2012/05/16 14:55:46 | 000,000,716 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
[2012/05/16 14:55:46 | 000,000,704 | ---- | C] () -- C:\Users\chris\Desktop\Anki.lnk
[2012/05/14 20:05:30 | 000,035,840 | ---- | C] () -- C:\Users\chris\Documents\IThreei3MindwareDB
[2012/05/14 20:05:29 | 000,006,144 | ---- | C] () -- C:\Users\chris\Documents\i3MindwareDB
[2012/05/14 20:05:14 | 000,000,873 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i3Mindware.lnk
[2012/05/14 20:05:13 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\i3Mindware.lnk
[2012/04/06 15:32:35 | 000,000,191 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/04/06 15:32:35 | 000,000,145 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/04/02 15:34:21 | 000,000,120 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2012/01/16 16:59:41 | 000,114,176 | ---- | C] () -- C:\Windows\System32\nicimjob.dll
[2012/01/16 12:40:59 | 000,013,030 | ---- | C] () -- C:\ProgramData\PDOXUSRS.NET
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/08/09 21:09:58 | 002,473,984 | ---- | C] () -- C:\Windows\System32\diranexc.dll
[2011/08/09 21:09:58 | 001,273,856 | ---- | C] () -- C:\Windows\System32\minukdos.dll
[2011/08/09 21:09:58 | 000,088,156 | ---- | C] () -- C:\Windows\System32\selatctl.dll
[2011/07/27 11:57:05 | 000,000,600 | ---- | C] () -- C:\Users\chris\AppData\Local\PUTTY.RND
[2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/05/01 13:01:50 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/01 13:01:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/01 13:01:50 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/01 13:01:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/01 13:01:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/30 13:08:44 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/28 22:53:47 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/28 22:53:46 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/04/21 21:43:33 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/04/21 21:43:33 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/04/08 15:50:44 | 000,000,017 | ---- | C] () -- C:\Users\chris\AppData\Local\resmon.resmoncfg
[2011/04/06 12:02:35 | 000,001,160 | ---- | C] () -- C:\Windows\WinFTP.INI
[2011/03/29 21:01:55 | 000,015,872 | ---- | C] () -- C:\Users\chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/29 00:31:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/27 15:02:22 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/03/26 18:01:21 | 000,000,048 | ---- | C] () -- C:\Windows\System32\cmasiop.ini
[2011/03/26 18:01:17 | 000,561,152 | ---- | C] () -- C:\Windows\System32\Cmeauoxy.exe
[2011/03/26 18:01:17 | 000,042,187 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2011/03/26 18:01:03 | 000,000,946 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2011/03/26 18:01:01 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2011/03/26 18:01:01 | 000,004,967 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2011/03/26 18:01:01 | 000,000,558 | ---- | C] () -- C:\Windows\cmudaxp.ini
[2010/06/25 13:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll

========== LOP Check ==========

[2012/05/16 15:05:14 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\.anki
[2012/02/13 20:01:41 | 000,000,000 | -H-D | M] -- C:\Users\chris\AppData\Roaming\.minecraft
[2011/04/18 16:21:32 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\acccore
[2011/08/15 15:47:50 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Actual Tools
[2011/08/12 10:55:35 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Affilorama
[2011/08/05 20:29:00 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Arduino
[2011/03/26 18:01:27 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\ASUS
[2011/06/19 10:21:12 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Bitcoin
[2012/05/27 22:23:12 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\calibre
[2012/04/04 16:36:32 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\com.blueprintcentral.keywordblaze
[2012/05/29 07:52:32 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Dropbox
[2012/03/03 21:46:47 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Etasoft Inc
[2012/05/23 10:27:40 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\FileZilla
[2011/03/31 22:30:57 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Foxit Software
[2011/04/06 12:54:27 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\FTPRush
[2011/09/19 11:41:31 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\gtk-2.0
[2011/04/21 22:19:50 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\HandBrake
[2012/05/13 01:13:19 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Kalypso Media
[2011/03/26 17:45:48 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Leadertech
[2011/03/26 20:40:21 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2012/05/28 12:34:57 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\MediaMonkey
[2012/05/18 14:42:29 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\mjusbsp
[2012/05/27 18:41:38 | 000,000,000 | ---D | M] -- C:\Users\chris\AppAata\Roaming\Mobipocket
[2011/08/19 10:02:39 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Molura
[2011/08/16 16:28:56 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\MoreTerra
[2011/08/29 11:18:09 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\NeuroProgrammer3
[2011/04/06 12:49:37 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Notepad++
[2011/03/28 19:52:02 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\OpenOffice.org
[2012/01/18 16:33:50 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Spotify
[2011/04/28 18:56:22 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\SQLite Administrator
[2011/11/10 16:52:28 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Stellarium
[2012/01/27 00:53:11 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\TeamViewer
[2011/04/05 13:44:09 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Thunderbird
[2012/05/13 01:36:29 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Tropico 4
[2011/05/24 19:56:20 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\TweetAdder3
[2011/05/30 20:03:34 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\ubot
[2012/05/29 08:20:11 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\uTorrent
[2012/01/16 14:46:35 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Wireshark
[2012/04/06 16:11:04 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Wondershare
[2011/08/19 10:02:41 | 000,000,000 | -HSD | M] -- C:\Users\chris\AppData\Roaming\wyUpdate AU
[2011/11/12 15:54:58 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\XBMC
[2011/10/14 09:06:11 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 253 bytes -> C:\ProgramData\TEMP:157E1AD3

< End of report >
  • 0

Advertisements


#2
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#3
clwhit12

clwhit12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Here is the new OTL log:


OTL logfile created on: 6/2/2012 10:07:41 AM - Run 3
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\chris\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 35.35% Memory free
5.50 Gb Paging File | 3.50 Gb Available in Paging File | 63.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 596.07 Gb Total Space | 257.40 Gb Free Space | 43.18% Space Free | Partition Type: NTFS
Drive F: | 6.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CHRIS-PC | User Name: chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/30 18:01:12 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/05/29 09:56:23 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\chris\Downloads\OTL.exe
PRC - [2012/05/14 19:06:32 | 013,806,080 | ---- | M] (Google Inc.) -- C:\Users\chris\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2012/04/05 15:50:08 | 000,008,704 | ---- | M] (Hi-Rez Studios) -- C:\Program Files\Hi-Rez Studios\HiPatchService.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/21 16:57:07 | 000,119,296 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
PRC - [2012/03/19 07:38:46 | 007,357,824 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/03/19 07:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/03/19 07:29:38 | 000,106,368 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\tv_w32.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/27 14:43:07 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012/02/14 19:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\chris\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/09/20 15:52:58 | 000,245,608 | ---- | M] (Wondershare) -- C:\Program Files\Wondershare\MobileGo\MobileGoService.exe
PRC - [2011/08/28 17:16:39 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/05/25 02:09:08 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/05/25 02:09:07 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/05/25 02:09:06 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/04/27 09:55:28 | 000,973,824 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/05/28 10:33:44 | 000,447,952 | ---- | M] () -- C:\Program Files\PdaNet for Android\PdaNetPC.exe
PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/02 10:05:27 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/05/22 21:56:50 | 000,441,880 | ---- | M] () -- C:\Users\chris\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppgooglenaclpluginchrome.dll
MOD - [2012/05/22 21:56:49 | 003,922,456 | ---- | M] () -- C:\Users\chris\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
MOD - [2012/05/22 21:55:35 | 000,553,496 | ---- | M] () -- C:\Users\chris\AppData\Local\Google\Chrome\Application\19.0.1084.52\libglesv2.dll
MOD - [2012/05/22 21:55:33 | 000,117,784 | ---- | M] () -- C:\Users\chris\AppData\Local\Google\Chrome\Application\19.0.1084.52\libegl.dll
MOD - [2012/05/22 21:55:24 | 000,134,696 | ---- | M] () -- C:\Users\chris\AppData\Local\Google\Chrome\Application\19.0.1084.52\avutil-51.dll
MOD - [2012/05/22 21:55:23 | 000,250,408 | ---- | M] () -- C:\Users\chris\AppData\Local\Google\Chrome\Application\19.0.1084.52\avformat-54.dll
MOD - [2012/05/22 21:55:21 | 002,375,720 | ---- | M] () -- C:\Users\chris\AppData\Local\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll
MOD - [2012/05/14 18:55:28 | 000,344,064 | ---- | M] () -- C:\Users\chris\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2012/05/14 18:55:16 | 000,346,624 | ---- | M] () -- C:\Users\chris\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2012/05/14 18:54:16 | 000,364,032 | ---- | M] () -- C:\Users\chris\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2012/05/14 18:54:12 | 000,198,656 | ---- | M] () -- C:\Users\chris\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2012/05/12 10:30:26 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll
MOD - [2012/05/12 10:30:26 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll
MOD - [2012/05/12 10:30:25 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/12 10:30:05 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012/05/12 10:29:57 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/05/12 10:29:35 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 10:29:30 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 10:29:29 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 10:29:22 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/08/27 09:45:30 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/08/27 09:45:30 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/08/27 09:45:29 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/06/02 15:28:04 | 000,904,704 | ---- | M] () -- C:\Program Files\Wondershare\MobileGo\System.Data.SQLite.dll
MOD - [2011/04/19 12:39:46 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2011/04/19 12:39:44 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/04 21:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/05/28 10:33:44 | 000,447,952 | ---- | M] () -- C:\Program Files\PdaNet for Android\PdaNetPC.exe
MOD - [2009/06/10 17:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/24 20:20:04 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/04 21:15:08 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/05 15:50:08 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/21 16:57:07 | 000,119,296 | ---- | M] (Yuna Software) [Auto | Running] -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe -- (MsgPlusService)
SRV - [2012/03/19 07:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/12/28 01:36:23 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/28 17:16:39 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/05/25 02:09:06 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/03/26 18:54:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/12/31 08:39:54 | 008,133,120 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe -- (wampmysqld)
SRV - [2010/12/31 08:39:42 | 000,020,549 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\Apache2.2.17\bin\httpd.exe -- (wampapache)
SRV - [2010/11/20 08:19:33 | 000,068,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2010/09/17 10:14:58 | 000,370,008 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS)
SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/04/03 14:56:08 | 000,367,456 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL10_50.HOME\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$HOME) SQL Server Agent (HOME)
SRV - [2010/04/03 14:56:08 | 000,044,896 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2010/04/03 11:56:08 | 000,267,616 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 21:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\chris\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/08/19 01:46:06 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tapoas.sys -- (tapoas)
DRV - [2011/08/13 21:18:58 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/13 21:18:58 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/05/25 02:09:05 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/20 04:42:28 | 000,246,784 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2010/09/16 12:39:16 | 001,505,280 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cmudaxp.sys -- (cmudaxp)
DRV - [2010/09/08 15:42:16 | 000,230,248 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2010/06/25 13:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010/04/12 04:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/04/03 11:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/07/13 21:20:28 | 000,022,096 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk)
DRV - [2009/07/13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/07/26 16:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 16:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/07/26 15:25:48 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 15:22:22 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2006/09/28 15:32:14 | 000,009,472 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pnetmdm.sys -- (pnetmdm)
DRV - [2002/10/01 15:43:32 | 000,119,798 | ---- | M] (SP) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SPCA561.SYS -- (CA561)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1657444015-3313040223-1549951278-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1657444015-3313040223-1549951278-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1657444015-3313040223-1549951278-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1657444015-3313040223-1549951278-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1657444015-3313040223-1549951278-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1657444015-3313040223-1549951278-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1657444015-3313040223-1549951278-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\chris\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\chris\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\chris\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\chris\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/23 14:13:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/27 14:11:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/01 00:44:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/08 20:49:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F053B81E-A984-11E1-8270-B8AC6F996F26}: C:\Users\chris\AppData\Local\{F053B81E-A984-11E1-8270-B8AC6F996F26}\ [2012/05/29 07:53:13 | 000,000,000 | ---D | M]

[2011/07/31 13:20:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\Mozilla\Extensions
[2011/04/05 13:44:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/07/31 13:20:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2012/05/20 23:44:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nyqkd4bp.default\extensions
[2012/01/16 14:30:55 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nyqkd4bp.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2011/11/26 18:54:00 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nyqkd4bp.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/07/25 19:52:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/25 19:52:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\chris\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\chris\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\chris\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\chris\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\chris\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\chris\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\chris\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: SEOquake = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\1.0.1_0\
CHR - Extension: ImageZoom = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmigpjhdoghhhmecocklaokmmamgobo\1.5_0\
CHR - Extension: Better Music for Google Play Music = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdollfdihekkbcgmbpjddfdaeigacmia\1.5.8_0\
CHR - Extension: Web Developer = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.3.1_0\
CHR - Extension: YouTube = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Firebug Lite for Google Chrome = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.3.2.9761_0\
CHR - Extension: YouTube quality selector = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceabifbfdgibpkmbmlmnckcdlphlbfba\1.2.4_0\
CHR - Extension: Google Search = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.33_0\
CHR - Extension: Flash Video Downloader = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpjfocihhfgighbkleiolokddfmhcdpm\1.0.1_0\
CHR - Extension: Rapportive = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin\1.2.6_0\
CHR - Extension: META SEO inspector = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibkclpciafdglkjkcibmohobjkcfkaef\1.8.3_0\
CHR - Extension: Resolution Test = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhfcdbheobinplaamokffboaccidbal\2.0_0\
CHR - Extension: Auto HD For YouTube = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak\2.5.5_0\
CHR - Extension: NoDoFollow = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nggmjepdgcjghlbekdemkkfblcbcmjcj\0.0.1_0\
CHR - Extension: NotScripts = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0\
CHR - Extension: Gmail = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/29 10:07:38 | 000,000,345 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MessengerPlusForSkypeService] C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software)
O4 - HKLM..\Run: [ncsStart] C:\Program Files\NetChatSpy\ncs.exe (Computer Home Help)
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKU\S-1-5-21-1657444015-3313040223-1549951278-1001..\Run: [dpsti] C:\Users\chris\AppData\Local\Temp\dpsti.dll (DT Soft Ltd.)
O4 - HKU\S-1-5-21-1657444015-3313040223-1549951278-1001..\Run: [MusicManager] C:\Users\chris\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKU\S-1-5-21-1657444015-3313040223-1549951278-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1657444015-3313040223-1549951278-1001..\Run: [wdmsql] C:\Users\chris\AppData\Local\Temp\wdmsql.dll (Analog Devices, Inc.)
O4 - HKU\S-1-5-21-1657444015-3313040223-1549951278-1008..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\chris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1657444015-3313040223-1549951278-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1657444015-3313040223-1549951278-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.128.17.114 74.128.19.102 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33B99BB7-7A9C-4226-BAA7-A55AD70D1078}: DhcpNameServer = 74.128.17.114 74.128.19.102 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3897320B-7797-4E0E-AD04-CC268525069B}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/01/10 02:04:54 | 000,000,085 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/01 23:31:33 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\{5DBD1900-A486-4B7C-AADB-9A96C4D875D3}
[2012/06/01 23:31:20 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\{13D0E3BD-ED2D-4C6D-84AB-4ACA44A0BCC7}
[2012/05/29 18:05:53 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems
[2012/05/29 18:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco Systems
[2012/05/29 09:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max Uninstaller
[2012/05/29 09:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\Max Uninstaller
[2012/05/29 08:20:16 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\{F053F7BA-A984-11E1-8270-B8AC6F996F26}
[2012/05/29 07:53:13 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\{F053B81E-A984-11E1-8270-B8AC6F996F26}
[2012/05/28 22:47:57 | 000,000,000 | ---D | C] -- C:\Users\chris\Documents\Scans
[2012/05/28 22:45:06 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\chris\Desktop\OTL.exe
[2012/05/28 22:21:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/28 22:21:01 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/05/28 21:44:39 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F170001AFD3000A6DA3B4EB238B
[2012/05/28 17:27:11 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\{6B61432E-B024-4917-B59F-B491658FBE1E}
[2012/05/28 17:26:56 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\{BA5502F2-6E7E-4EB6-BE87-C190FD68F4E8}
[2012/05/27 22:22:08 | 000,000,000 | ---D | C] -- C:\Users\chris\Documents\Calibre Library
[2012/05/27 22:22:05 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\calibre
[2012/05/27 22:20:50 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2012/05/27 22:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2012/05/27 18:41:14 | 000,000,000 | ---D | C] -- C:\Users\chris\Documents\My eBooks
[2012/05/27 18:41:14 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\Mobipocket
[2012/05/27 18:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobipocket.com
[2012/05/27 18:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mobipocket.com
[2012/05/26 01:11:19 | 000,000,000 | ---D | C] -- C:\Users\chris\Desktop\Multimedia
[2012/05/26 01:10:31 | 000,000,000 | ---D | C] -- C:\Users\chris\Desktop\Utilities
[2012/05/25 19:48:51 | 000,000,000 | ---D | C] -- C:\Users\chris\Desktop\Games
[2012/05/21 01:15:55 | 000,000,000 | ---D | C] -- C:\New folder
[2012/05/16 22:19:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gnaural
[2012/05/16 22:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\Gnaural
[2012/05/16 15:01:24 | 000,000,000 | ---D | C] -- C:\Users\chris\Documents\Anki
[2012/05/16 15:01:23 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\.anki
[2012/05/16 14:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\Anki
[2012/05/15 15:07:10 | 000,000,000 | ---D | C] -- C:\Users\chris\Documents\Diablo III
[2012/05/15 14:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012/05/15 14:36:07 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo III
[2012/05/15 14:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012/05/15 14:36:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2012/05/15 14:30:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012/05/14 20:05:06 | 000,000,000 | ---D | C] -- C:\Program Files\i3Mindware
[2012/05/14 11:15:36 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\Microsoft Corporation
[2012/05/13 01:14:50 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\Tropico 4
[2012/05/13 01:13:19 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\Kalypso Media
[2012/05/10 21:18:05 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\{7D2E5CD0-5AD5-4DF2-938A-23098E121FA3}
[2012/05/10 21:17:53 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\{8CF3B917-7424-46AA-A706-975AFC771CE7}
[2012/05/09 02:06:58 | 000,000,000 | ---D | C] -- C:\Users\chris\Documents\weight loss
[2012/05/06 03:13:36 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\{57A48D48-B98D-44EA-90DB-D9BFD525FE17}
[2012/05/06 03:13:25 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\{D3E83F96-4D1D-409F-9C99-9648AEB6A680}
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/02 10:04:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/02 10:03:49 | 2213,441,536 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/02 00:28:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1657444015-3313040223-1549951278-1001UA.job
[2012/06/02 00:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/01 14:50:36 | 000,002,054 | -H-- | M] () -- C:\Users\chris\Documents\Default.rdp
[2012/06/01 02:48:53 | 000,793,466 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/01 02:48:53 | 000,171,134 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/01 01:28:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1657444015-3313040223-1549951278-1001Core.job
[2012/05/29 18:33:51 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/29 18:33:51 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/29 09:33:09 | 000,001,018 | ---- | M] () -- C:\Users\chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Max Uninstaller.lnk
[2012/05/29 09:33:09 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\Max Uninstaller.lnk
[2012/05/28 22:45:20 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\chris\Desktop\OTL.exe
[2012/05/28 22:21:03 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/27 22:21:29 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/05/27 18:40:31 | 000,002,615 | ---- | M] () -- C:\Users\Public\Desktop\Mobipocket Reader.lnk
[2012/05/26 18:44:37 | 000,000,987 | ---- | M] () -- C:\Users\chris\Desktop\Traffic Travis.lnk
[2012/05/26 15:43:14 | 000,062,464 | ---- | M] () -- C:\Users\chris\Documents\criminology.msam
[2012/05/23 23:29:57 | 000,002,401 | ---- | M] () -- C:\Users\chris\Desktop\Google Chrome.lnk
[2012/05/19 22:42:25 | 000,000,941 | ---- | M] () -- C:\Users\chris\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/05/19 22:42:25 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/05/18 18:45:10 | 000,006,144 | ---- | M] () -- C:\Users\chris\Documents\i3MindwareDB
[2012/05/16 14:55:46 | 000,000,704 | ---- | M] () -- C:\Users\chris\Desktop\Anki.lnk
[2012/05/14 20:05:13 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\i3Mindware.lnk
[2012/05/14 20:04:53 | 000,035,840 | ---- | M] () -- C:\Users\chris\Documents\IThreei3MindwareDB
[2012/05/12 10:27:34 | 000,453,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/08 15:27:17 | 000,326,656 | ---- | M] () -- C:\Users\chris\Documents\wisdom teeth removal.msam
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/29 18:06:05 | 000,002,125 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk
[2012/05/29 09:33:09 | 000,001,018 | ---- | C] () -- C:\Users\chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Max Uninstaller.lnk
[2012/05/29 09:33:09 | 000,000,994 | ---- | C] () -- C:\Users\Public\Desktop\Max Uninstaller.lnk
[2012/05/28 22:21:03 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/27 22:21:29 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/05/27 18:40:31 | 000,002,615 | ---- | C] () -- C:\Users\Public\Desktop\Mobipocket Reader.lnk
[2012/05/16 14:55:46 | 000,000,716 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
[2012/05/16 14:55:46 | 000,000,704 | ---- | C] () -- C:\Users\chris\Desktop\Anki.lnk
[2012/05/14 20:05:30 | 000,035,840 | ---- | C] () -- C:\Users\chris\Documents\IThreei3MindwareDB
[2012/05/14 20:05:29 | 000,006,144 | ---- | C] () -- C:\Users\chris\Documents\i3MindwareDB
[2012/05/14 20:05:14 | 000,000,873 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i3Mindware.lnk
[2012/05/14 20:05:13 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\i3Mindware.lnk
[2012/04/06 15:32:35 | 000,000,191 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/04/06 15:32:35 | 000,000,145 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/04/02 15:34:21 | 000,000,120 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2012/01/16 16:59:41 | 000,114,176 | ---- | C] () -- C:\Windows\System32\nicimjob.dll
[2012/01/16 12:40:59 | 000,013,030 | ---- | C] () -- C:\ProgramData\PDOXUSRS.NET
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/08/09 21:09:58 | 002,473,984 | ---- | C] () -- C:\Windows\System32\diranexc.dll
[2011/08/09 21:09:58 | 001,273,856 | ---- | C] () -- C:\Windows\System32\minukdos.dll
[2011/08/09 21:09:58 | 000,088,156 | ---- | C] () -- C:\Windows\System32\selatctl.dll
[2011/07/27 11:57:05 | 000,000,600 | ---- | C] () -- C:\Users\chris\AppData\Local\PUTTY.RND
[2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/05/01 13:01:50 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/01 13:01:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/01 13:01:50 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/01 13:01:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/01 13:01:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/30 13:08:44 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/28 22:53:47 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/28 22:53:46 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/04/21 21:43:33 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/04/21 21:43:33 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/04/08 15:50:44 | 000,000,017 | ---- | C] () -- C:\Users\chris\AppData\Local\resmon.resmoncfg
[2011/04/06 12:02:35 | 000,001,160 | ---- | C] () -- C:\Windows\WinFTP.INI
[2011/03/29 21:01:55 | 000,015,872 | ---- | C] () -- C:\Users\chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/29 00:31:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/27 15:02:22 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/03/26 18:01:21 | 000,000,048 | ---- | C] () -- C:\Windows\System32\cmasiop.ini
[2011/03/26 18:01:17 | 000,561,152 | ---- | C] () -- C:\Windows\System32\Cmeauoxy.exe
[2011/03/26 18:01:17 | 000,042,187 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2011/03/26 18:01:03 | 000,000,946 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2011/03/26 18:01:01 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2011/03/26 18:01:01 | 000,004,967 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2011/03/26 18:01:01 | 000,000,558 | ---- | C] () -- C:\Windows\cmudaxp.ini
[2010/06/25 13:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll

========== LOP Check ==========

[2012/05/16 15:05:14 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\.anki
[2012/02/13 20:01:41 | 000,000,000 | -H-D | M] -- C:\Users\chris\AppData\Roaming\.minecraft
[2011/04/18 16:21:32 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\acccore
[2011/08/15 15:47:50 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Actual Tools
[2011/08/12 10:55:35 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Affilorama
[2011/08/05 20:29:00 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Arduino
[2011/03/26 18:01:27 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\ASUS
[2011/06/19 10:21:12 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Bitcoin
[2012/05/27 22:23:12 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\calibre
[2012/04/04 16:36:32 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\com.blueprintcentral.keywordblaze
[2012/06/02 10:05:41 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Dropbox
[2012/03/03 21:46:47 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Etasoft Inc
[2012/05/30 09:15:44 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\FileZilla
[2011/03/31 22:30:57 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Foxit Software
[2011/04/06 12:54:27 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\FTPRush
[2011/09/19 11:41:31 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\gtk-2.0
[2011/04/21 22:19:50 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\HandBrake
[2012/05/13 01:13:19 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Kalypso Media
[2011/03/26 17:45:48 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Leadertech
[2011/03/26 20:40:21 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2012/05/31 23:31:56 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\MediaMonkey
[2012/05/18 14:42:29 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\mjusbsp
[2012/05/27 18:41:38 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Mobipocket
[2011/08/19 10:02:39 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Molura
[2011/08/16 16:28:56 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\MoreTerra
[2011/08/29 11:18:09 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\NeuroProgrammer3
[2011/04/06 12:49:37 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Notepad++
[2011/03/28 19:52:02 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\OpenOffice.org
[2012/01/18 16:33:50 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Spotify
[2011/04/28 18:56:22 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\SQLite Administrator
[2011/11/10 16:52:28 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Stellarium
[2012/01/27 00:53:11 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\TeamViewer
[2011/04/05 13:44:09 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Thunderbird
[2012/05/13 01:36:29 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Tropico 4
[2011/05/24 19:56:20 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\TweetAdder3
[2011/05/30 20:03:34 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\ubot
[2012/06/02 00:19:55 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\uTorrent
[2012/01/16 14:46:35 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Wireshark
[2012/04/06 16:11:04 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Wondershare
[2011/08/19 10:02:41 | 000,000,000 | -HSD | M] -- C:\Users\chris\AppData\Roaming\wyUpdate AU
[2011/11/12 15:54:58 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\XBMC
[2011/10/14 09:06:11 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 253 bytes -> C:\ProgramData\TEMP:157E1AD3

< End of report >
  • 0

#4
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts

O4 - HKLM..\Run: [ncsStart] C:\Program Files\NetChatSpy\ncs.exe (Computer Home Help)

Did you install this program (NetChatSpy) yourself? Do you know what it is?



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F053B81E-A984-11E1-8270-B8AC6F996F26}: C:\Users\chris\AppData\Local\{F053B81E-A984-11E1-8270-B8AC6F996F26}\ [2012/05/29 07:53:13 | 000,000,000 | ---D | M]
    O4 - HKU\S-1-5-21-1657444015-3313040223-1549951278-1001..\Run: [dpsti] C:\Users\chris\AppData\Local\Temp\dpsti.dll (DT Soft Ltd.)
    O4 - HKU\S-1-5-21-1657444015-3313040223-1549951278-1001..\Run: [wdmsql] C:\Users\chris\AppData\Local\Temp\wdmsql.dll (Analog Devices, Inc.)
    [2012/05/28 21:44:39 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F170001AFD3000A6DA3B4EB238B
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done




Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
clwhit12

clwhit12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Did you install this program (NetChatSpy) yourself? Do you know what it is?

I didn't install it, and I don't know what it is. I don't see it in add/remove programs so I'm assuming it shouldn't be there.

Besides that it looks like the PC has sped up and the avast warning I was getting during the first 30 minutes of the PC have gone away.

Here is the combofix log.


ComboFix 12-06-03.01 - chris 06/03/2012 12:46:01.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2815.1572 [GMT -4:00]
Running from: c:\users\chris\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
C:\readme.rtf
c:\users\chris\AppData\Local\assembly\tmp
c:\users\chris\AppData\Roaming\ubot
c:\users\chris\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-03 to 2012-06-03 )))))))))))))))))))))))))))))))
.
.
2012-06-03 16:57 . 2012-06-03 16:57 -------- d-----w- c:\users\chris\AppData\Local\temp
2012-06-03 16:57 . 2012-06-03 16:57 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-03 16:57 . 2012-06-03 16:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-03 16:52 . 2012-06-03 16:52 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A4D94DF1-3F19-48B5-BCC9-B0C9D2DF0FD7}\offreg.dll
2012-06-03 16:34 . 2012-06-03 16:34 -------- d-----w- C:\_OTL
2012-06-01 08:45 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A4D94DF1-3F19-48B5-BCC9-B0C9D2DF0FD7}\mpengine.dll
2012-05-29 22:05 . 2012-05-29 22:05 -------- d-----w- c:\program files\Cisco Systems
2012-05-29 22:02 . 2012-05-29 22:02 -------- d-----w- c:\programdata\Cisco Systems
2012-05-29 13:33 . 2012-05-29 13:33 -------- d-----w- c:\program files\Max Uninstaller
2012-05-29 12:20 . 2012-05-29 12:20 -------- d-----w- c:\users\chris\AppData\Local\{F053F7BA-A984-11E1-8270-B8AC6F996F26}
2012-05-29 11:53 . 2012-05-29 11:53 -------- d-----w- c:\users\chris\AppData\Local\{F053B81E-A984-11E1-8270-B8AC6F996F26}
2012-05-29 02:21 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-29 01:44 . 2012-05-29 02:37 -------- d-----w- c:\programdata\F4D55F170001AFD3000A6DA3B4EB238B
2012-05-28 02:22 . 2012-05-28 02:23 -------- d-----w- c:\users\chris\AppData\Roaming\calibre
2012-05-28 02:20 . 2012-05-28 02:21 -------- d-----w- c:\program files\Calibre2
2012-05-27 22:41 . 2012-05-27 22:41 -------- d-----w- c:\users\chris\AppData\Roaming\Mobipocket
2012-05-27 22:40 . 2012-05-27 22:40 -------- d-----w- c:\program files\Mobipocket.com
2012-05-21 05:15 . 2012-05-21 05:15 -------- d-----w- C:\New folder
2012-05-17 02:19 . 2012-05-17 02:19 -------- d-----w- c:\program files\Gnaural
2012-05-16 19:01 . 2012-05-16 19:05 -------- d-----w- c:\users\chris\AppData\Roaming\.anki
2012-05-16 18:55 . 2012-05-16 18:56 -------- d-----w- c:\program files\Anki
2012-05-15 18:36 . 2012-05-31 02:09 -------- d-----w- c:\program files\Diablo III
2012-05-15 18:36 . 2012-05-15 18:36 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-05-15 18:36 . 2012-05-15 18:36 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2012-05-15 18:30 . 2012-05-15 18:34 -------- d-----w- c:\programdata\Battle.net
2012-05-15 00:05 . 2012-05-15 00:05 -------- d-----w- c:\program files\i3Mindware
2012-05-14 15:15 . 2012-05-14 15:15 -------- d-----w- c:\users\chris\AppData\Roaming\Microsoft Corporation
2012-05-13 05:14 . 2012-05-13 05:36 -------- d-----w- c:\users\chris\AppData\Roaming\Tropico 4
2012-05-13 05:13 . 2012-05-13 05:13 -------- d-----w- c:\users\chris\AppData\Roaming\Kalypso Media
2012-05-12 02:26 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-12 02:26 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-12 02:26 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 02:26 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-12 02:26 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-12 02:26 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-12 02:26 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-12 02:26 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 02:26 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 02:26 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 01:15 . 2012-04-10 22:59 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 01:15 . 2011-05-22 00:00 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-10 22:55 . 2011-03-27 01:30 2384224 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-04-10 22:47 . 2012-04-09 23:16 111968 ----a-w- c:\programdata\Microsoft\VPDExpress\10.0\1033\ResourceCache.dll
2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\system32\sirenacm.dll
2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-06 23:15 . 2011-05-01 21:18 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-05-01 21:18 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-05-01 21:19 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2011-05-01 21:19 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-03-23 18:13 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01 . 2011-05-01 21:19 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-05-01 21:19 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-05-01 21:19 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-18 17:53 . 2011-04-27 18:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\chris\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\chris\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\chris\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-30 3905920]
"MusicManager"="c:\users\chris\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-05-14 13806080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]
"ncsStart"="c:\progra~1\NETCHA~1\ncs.exe" [2005-01-09 573440]
"MessengerPlusForSkypeService"="c:\program files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [2012-03-21 119296]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\chris\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2011-4-27 973824]
PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2011-7-19 447952]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MobileGo Service.lnk - c:\program files\Wondershare\MobileGo\MobileGoService.exe [2012-4-6 245608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-14 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 20080]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-08-19 26112]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-26 1343400]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 240608]
R4 SQLAgent$HOME;SQL Server Agent (HOME);c:\program files\Microsoft SQL Server\MSSQL10_50.HOME\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 367456]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 370008]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-08-14 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-08-14 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-28 116608]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 MsgPlusService;Messenger Plus! Service;c:\program files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2012-03-21 119296]
S2 MSSQL$HOME;SQL Server (HOME);c:\program files\Microsoft SQL Server\MSSQL10_50.HOME\MSSQL\Binn\sqlservr.exe [2010-04-03 42884448]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 cmudaxp;ASUS Xonar D1 Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2010-09-16 1505280]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm.sys [2006-09-28 9472]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 01:15]
.
2012-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1657444015-3313040223-1549951278-1001Core.job
- c:\users\chris\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-26 21:46]
.
2012-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1657444015-3313040223-1549951278-1001UA.job
- c:\users\chris\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-26 21:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 74.128.17.114 74.128.19.102 192.168.1.1
FF - ProfilePath - c:\users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nyqkd4bp.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-03 13:02:52
ComboFix-quarantined-files.txt 2012-06-03 17:02
ComboFix2.txt 2011-05-01 17:28
ComboFix3.txt 2011-04-28 22:06
.
Pre-Run: 276,160,126,976 bytes free
Post-Run: 276,071,485,440 bytes free
.
- - End Of File - - 2B2C5691713767119338F61E24150D8D
  • 0

#6
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Folder::
c:\users\chris\AppData\Local\{F053F7BA-A984-11E1-8270-B8AC6F996F26}
c:\users\chris\AppData\Local\{F053B81E-A984-11E1-8270-B8AC6F996F26}
c:\programdata\F4D55F170001AFD3000A6DA3B4EB238B
C:\Program Files\NetChatSpy

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#7
clwhit12

clwhit12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Here is the new log


ComboFix 12-06-04.02 - chris 06/04/2012 13:45:51.3.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2815.1466 [GMT -4:00]
Running from: c:\users\chris\Desktop\ComboFix.exe
Command switches used :: c:\users\chris\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\NetChatSpy
c:\program files\NetChatSpy\eSellerateControl350.dll
c:\program files\NetChatSpy\eSellerateEngine.dll
c:\program files\NetChatSpy\ncs.exe
c:\program files\NetChatSpy\ncslog.txt
c:\program files\NetChatSpy\NetChat-Logo.gif
c:\program files\NetChatSpy\NetChatSpyHelp.chm
c:\program files\NetChatSpy\PacketX.dll
c:\program files\NetChatSpy\ReadMe.txt
c:\program files\NetChatSpy\regobj.dll
c:\program files\NetChatSpy\UNWISE.EXE
c:\program files\NetChatSpy\WinPcapSetup.exe
c:\programdata\F4D55F170001AFD3000A6DA3B4EB238B
c:\programdata\F4D55F170001AFD3000A6DA3B4EB238B\F4D55F170001AFD3000A6DA3B4EB238B
c:\users\chris\AppData\Local\{F053B81E-A984-11E1-8270-B8AC6F996F26}
c:\users\chris\AppData\Local\{F053B81E-A984-11E1-8270-B8AC6F996F26}\chrome.manifest
c:\users\chris\AppData\Local\{F053B81E-A984-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul
c:\users\chris\AppData\Local\{F053B81E-A984-11E1-8270-B8AC6F996F26}\install.rdf
c:\users\chris\AppData\Local\{F053F7BA-A984-11E1-8270-B8AC6F996F26}
c:\users\chris\AppData\Local\{F053F7BA-A984-11E1-8270-B8AC6F996F26}\background.html
c:\users\chris\AppData\Local\{F053F7BA-A984-11E1-8270-B8AC6F996F26}\icon.png
c:\users\chris\AppData\Local\{F053F7BA-A984-11E1-8270-B8AC6F996F26}\manager.js
c:\users\chris\AppData\Local\{F053F7BA-A984-11E1-8270-B8AC6F996F26}\manifest.json
c:\users\chris\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))
.
.
2012-06-04 17:55 . 2012-06-04 17:55 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-04 17:55 . 2012-06-04 17:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-04 02:46 . 2012-06-04 02:48 -------- d-----w- C:\Rph
2012-06-03 17:17 . 2012-06-04 06:28 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A4D94DF1-3F19-48B5-BCC9-B0C9D2DF0FD7}\offreg.dll
2012-06-03 17:02 . 2012-06-04 17:55 -------- d-----w- c:\users\chris\AppData\Local\temp
2012-06-03 16:34 . 2012-06-03 16:34 -------- d-----w- C:\_OTL
2012-06-01 08:45 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A4D94DF1-3F19-48B5-BCC9-B0C9D2DF0FD7}\mpengine.dll
2012-05-29 22:05 . 2012-05-29 22:05 -------- d-----w- c:\program files\Cisco Systems
2012-05-29 22:02 . 2012-05-29 22:02 -------- d-----w- c:\programdata\Cisco Systems
2012-05-29 13:33 . 2012-05-29 13:33 -------- d-----w- c:\program files\Max Uninstaller
2012-05-29 02:21 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-28 02:22 . 2012-05-28 02:23 -------- d-----w- c:\users\chris\AppData\Roaming\calibre
2012-05-28 02:20 . 2012-05-28 02:21 -------- d-----w- c:\program files\Calibre2
2012-05-27 22:41 . 2012-05-27 22:41 -------- d-----w- c:\users\chris\AppData\Roaming\Mobipocket
2012-05-27 22:40 . 2012-05-27 22:40 -------- d-----w- c:\program files\Mobipocket.com
2012-05-21 05:15 . 2012-05-21 05:15 -------- d-----w- C:\New folder
2012-05-17 02:19 . 2012-05-17 02:19 -------- d-----w- c:\program files\Gnaural
2012-05-16 19:01 . 2012-05-16 19:05 -------- d-----w- c:\users\chris\AppData\Roaming\.anki
2012-05-16 18:55 . 2012-05-16 18:56 -------- d-----w- c:\program files\Anki
2012-05-15 18:36 . 2012-05-31 02:09 -------- d-----w- c:\program files\Diablo III
2012-05-15 18:36 . 2012-05-15 18:36 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-05-15 18:36 . 2012-05-15 18:36 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2012-05-15 18:30 . 2012-05-15 18:34 -------- d-----w- c:\programdata\Battle.net
2012-05-15 00:05 . 2012-05-15 00:05 -------- d-----w- c:\program files\i3Mindware
2012-05-14 15:15 . 2012-05-14 15:15 -------- d-----w- c:\users\chris\AppData\Roaming\Microsoft Corporation
2012-05-13 05:14 . 2012-05-13 05:36 -------- d-----w- c:\users\chris\AppData\Roaming\Tropico 4
2012-05-13 05:13 . 2012-05-13 05:13 -------- d-----w- c:\users\chris\AppData\Roaming\Kalypso Media
2012-05-12 02:26 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-12 02:26 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-12 02:26 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 02:26 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-12 02:26 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-12 02:26 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-12 02:26 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-12 02:26 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 02:26 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 02:26 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 01:15 . 2012-04-10 22:59 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 01:15 . 2011-05-22 00:00 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-10 22:55 . 2011-03-27 01:30 2384224 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-04-10 22:47 . 2012-04-09 23:16 111968 ----a-w- c:\programdata\Microsoft\VPDExpress\10.0\1033\ResourceCache.dll
2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\system32\sirenacm.dll
2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-06 23:15 . 2011-05-01 21:18 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-05-01 21:18 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-05-01 21:19 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2011-05-01 21:19 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-03-23 18:13 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01 . 2011-05-01 21:19 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-05-01 21:19 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-05-01 21:19 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-18 17:53 . 2011-04-27 18:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\chris\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\chris\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\chris\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-30 3905920]
"MusicManager"="c:\users\chris\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-05-14 13806080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]
"MessengerPlusForSkypeService"="c:\program files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [2012-03-21 119296]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\chris\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2011-4-27 973824]
PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2011-7-19 447952]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MobileGo Service.lnk - c:\program files\Wondershare\MobileGo\MobileGoService.exe [2012-4-6 245608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-14 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-05-03 158856]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-08-19 26112]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-26 1343400]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 240608]
R4 SQLAgent$HOME;SQL Server Agent (HOME);c:\program files\Microsoft SQL Server\MSSQL10_50.HOME\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 367456]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 370008]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-08-14 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-08-14 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-28 116608]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 MsgPlusService;Messenger Plus! Service;c:\program files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2012-03-21 119296]
S2 MSSQL$HOME;SQL Server (HOME);c:\program files\Microsoft SQL Server\MSSQL10_50.HOME\MSSQL\Binn\sqlservr.exe [2010-04-03 42884448]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472]
S3 cmudaxp;ASUS Xonar D1 Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2010-09-16 1505280]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm.sys [2006-09-28 9472]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 01:15]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1657444015-3313040223-1549951278-1001Core.job
- c:\users\chris\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-26 21:46]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1657444015-3313040223-1549951278-1001UA.job
- c:\users\chris\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-26 21:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 74.128.17.114 74.128.19.102 192.168.1.1
FF - ProfilePath - c:\users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nyqkd4bp.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ncsStart - c:\progra~1\NETCHA~1\ncs.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-04 13:58:31
ComboFix-quarantined-files.txt 2012-06-04 17:58
ComboFix2.txt 2012-06-03 17:02
ComboFix3.txt 2011-05-01 17:28
ComboFix4.txt 2011-04-28 22:06
.
Pre-Run: 271,041,146,880 bytes free
Post-Run: 270,964,195,328 bytes free
.
- - End Of File - - 3046E30C6CAD89404DB2DA87C78EAED4
  • 0

#8
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Google Chrome and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these.

The WOT add-on will nicely help to enhance your security, no matter which web browser you use. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.
  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :cool:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP