Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

worried about install of rogue file?

Started by eddieras , Jul 23 2013 07:18 AM

  • Please log in to reply

#1
eddieras
Posted 23 July 2013 - 07:18 AM

eddieras

    New Member

  • Member
  • Pip
  • 4 posts
yesterday i had a huge brain cramp. got a window that said i needed to update google chrome and without thinking i hit ok! the file name is "chrome_setup.exe". i immediately ran malware bytes, ms security essentials and spybot - all were clean. i tried hijack this which i used years ago but from what i read this program is no longer relevant. i checked programs to see if anything new was installed and nothing shows. everything seems to be running ok but it must have inserted it's nasty hands somewhere. my google search led me to otl and this forum. here's my scan from otl. any help/advice would be greatly appreciated! thanks - ed

OTL logfile created on: 07/23/13 7:34:53 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Preferred Customer\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

3.90 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 33.97% Memory free
7.79 Gb Paging File | 4.38 Gb Available in Paging File | 56.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 230.78 Gb Free Space | 49.56% Space Free | Partition Type: NTFS
Drive F: | 93.36 Gb Total Space | 81.52 Gb Free Space | 87.32% Space Free | Partition Type: NTFS

Computer Name: PREFERREDCUST | User Name: Preferred Customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/23 07:28:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Preferred Customer\Desktop\OTL.exe
PRC - [2013/07/12 15:48:24 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/07/12 13:49:47 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/06/20 18:52:00 | 007,345,664 | ---- | M] (Google Inc.) -- C:\Users\Preferred Customer\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2013/06/19 14:46:00 | 001,182,536 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2013/06/19 13:08:36 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2013/06/12 04:39:24 | 000,010,192 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome Remote Desktop\28.0.1500.45\remoting_host.exe
PRC - [2013/06/06 23:57:24 | 019,676,256 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/05/30 11:01:43 | 002,804,536 | ---- | M] (Intuit Inc. All rights reserved.) -- C:\Users\Preferred Customer\AppData\Local\Intuit\SyncManager\Current\IntuitSyncManager.exe
PRC - [2013/05/24 19:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Preferred Customer\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/05/15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/27 16:18:02 | 001,098,072 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
PRC - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2013/03/12 07:32:58 | 000,506,744 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/10/22 12:24:07 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\real\realplayer\Update\realsched.exe
PRC - [2012/08/18 19:55:30 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2012/08/18 19:53:54 | 000,679,936 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2013\QBDBMgrN.exe
PRC - [2012/06/21 11:07:06 | 003,825,152 | ---- | M] (SourceForge.net) -- C:\Program Files (x86)\Password Safe\pwsafe.exe
PRC - [2011/06/22 22:20:28 | 000,029,552 | ---- | M] (Gladinet, INC) -- C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe
PRC - [2011/06/22 22:11:02 | 002,574,192 | ---- | M] (Gladinet, INC) -- C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\GladinetClient.exe
PRC - [2011/01/04 12:56:44 | 000,730,624 | ---- | M] (M8 Software) -- C:\Program Files (x86)\FreeClip\FreeClip.exe
PRC - [2010/05/20 09:58:48 | 000,032,600 | ---- | M] (Thought Communications, Inc.) -- C:\Program Files (x86)\FaxTalk\FTmsgsvc.exe
PRC - [2010/05/20 09:58:32 | 000,120,152 | ---- | M] (Thought Communications, Inc.) -- C:\Program Files (x86)\FaxTalk\FTclctrl.exe
PRC - [2010/05/20 09:58:26 | 000,014,680 | ---- | M] (Thought Communications, Inc.) -- C:\Program Files (x86)\FaxTalk\Fapiexe.exe
PRC - [2010/05/12 11:35:41 | 000,045,056 | ---- | M] () -- C:\Windows\SysWOW64\UTSCSI.EXE
PRC - [2009/08/16 12:56:22 | 000,716,800 | ---- | M] () -- C:\Program Files (x86)\Ditto\Ditto.exe
PRC - [2008/02/08 07:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2005/07/27 03:39:05 | 000,032,256 | ---- | M] (ContextMagic.com) -- C:\Program Files (x86)\Express ClickYes\ClickYes.exe
PRC - [2005/01/31 10:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/22 19:32:47 | 000,128,512 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Temp\_MEI35242\_elementtree.pyd
MOD - [2013/07/22 19:32:47 | 000,098,816 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Temp\_MEI35242\win32api.pyd
MOD - [2013/07/22 19:32:47 | 000,044,032 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Temp\_MEI35242\_socket.pyd
MOD - [2013/07/22 19:32:47 | 000,022,528 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Temp\_MEI35242\win32ts.pyd
MOD - [2013/07/22 19:32:46 | 000,557,056 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Temp\_MEI35242\pysqlite2._sqlite.pyd
MOD - [2013/07/22 19:32:46 | 000,320,512 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Temp\_MEI35242\win32com.shell.shell.pyd
MOD - [2013/07/22 19:32:46 | 000,070,656 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Temp\_MEI35242\wx._html2.pyd
MOD - [2013/07/22 19:32:46 | 000,026,624 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Temp\_MEI35242\_multiprocessing.pyd
MOD - [2013/07/22 19:32:46 | 000,011,264 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Temp\_MEI35242\win32crypt.pyd
MOD - [2013/07/22 19:32:45 | 001,022,416 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Temp\_MEI35242\windows._cacheinvalidation.pyd
MOD - [2013/07/22 19:32:45 | 000,805,888 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Temp\_MEI35242\wx._gdi_.pyd
MOD - [2013/07/22 19:32:45 | 000,364,544 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Temp\_MEI35242\pythoncom27.dll
MOD - [2013/07/22 19:32:45 | 000,087,040 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Temp\_MEI35242\_ctypes.pyd
MOD - [2013/07/22 19:32:45 | 000,017,408 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Temp\_MEI35242\win32profile.pyd
MOD - [2013/07/22 19:32:44 | 001,175,040 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Temp\_MEI35242\wx._core_.pyd
MOD - [2013/07/22 19:32:44 | 000,735,232 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Temp\_MEI35242\wx._misc_.pyd
MOD - [2013/07/22 19:32:44 | 000,110,080 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Temp\_MEI35242\PyWinTypes27.dll
MOD - [2013/07/22 19:32:44 | 000,108,544 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Temp\_MEI35242\win32security.pyd
MOD - [2013/07/22 19:32:43 | 001,153,024 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Temp\_MEI35242\_ssl.pyd
MOD - [2013/07/22 19:32:43 | 000,025,600 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Temp\_MEI35242\win32pdh.pyd
MOD - [2013/07/22 19:32:42 | 000,811,008 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Temp\_MEI35242\wx._windows_.pyd
MOD - [2013/07/22 19:32:42 | 000,711,680 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Temp\_MEI35242\_hashlib.pyd
MOD - [2013/07/22 19:32:42 | 000,122,368 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Temp\_MEI35242\wx._wizard.pyd
MOD - [2013/07/22 19:32:42 | 000,119,808 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Temp\_MEI35242\win32file.pyd
MOD - [2013/07/22 19:32:42 | 000,035,840 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Temp\_MEI35242\win32process.pyd
MOD - [2013/07/22 19:32:41 | 001,062,400 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Temp\_MEI35242\wx._controls_.pyd
MOD - [2013/07/22 19:32:41 | 000,038,912 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Temp\_MEI35242\win32inet.pyd
MOD - [2013/07/22 19:32:40 | 000,018,432 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Temp\_MEI35242\win32event.pyd
MOD - [2013/07/22 19:32:39 | 000,686,080 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Temp\_MEI35242\unicodedata.pyd
MOD - [2013/07/22 19:32:39 | 000,127,488 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Temp\_MEI35242\pyexpat.pyd
MOD - [2013/07/22 19:32:39 | 000,010,240 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Temp\_MEI35242\select.pyd
MOD - [2013/07/12 13:49:44 | 000,396,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll
MOD - [2013/07/12 13:49:43 | 013,599,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
MOD - [2013/07/12 13:49:42 | 004,052,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
MOD - [2013/07/12 13:48:52 | 000,601,552 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\libglesv2.dll
MOD - [2013/07/12 13:48:51 | 000,123,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\libegl.dll
MOD - [2013/07/12 13:48:49 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll
MOD - [2013/07/12 03:51:23 | 000,455,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Office\83868576c288df1344e0ac2ca7ea515e\Office.ni.dll
MOD - [2013/07/12 03:49:52 | 000,197,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\6e55440295a24cb4a2dcf6f2752634a1\Microsoft.Practices.Unity.ni.dll
MOD - [2013/07/12 03:49:51 | 000,292,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\a984945add5655052d38640822157c72\Microsoft.Practices.ObjectBuilder2.ni.dll
MOD - [2013/07/12 03:49:37 | 000,988,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\eb12a6a48b9ccd1404cb3f189ab4b55b\Microsoft.Office.Interop.Outlook.ni.dll
MOD - [2013/07/12 03:49:12 | 002,061,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.Redemption\5dcc552a6bfa8c8e762d7961634ce0ca\Interop.Redemption.ni.dll
MOD - [2013/07/12 03:48:58 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Extensibility\4429536a85275eb537693735010b207a\Extensibility.ni.dll
MOD - [2013/07/12 03:48:53 | 000,044,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\stdole\9435596607dd0931161f3a561c7b9c65\stdole.ni.dll
MOD - [2013/07/12 03:47:31 | 000,494,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SQLite\232f9b6222cb83a829483b41f1ea31c1\System.Data.SQLite.ni.dll
MOD - [2013/07/12 03:47:28 | 004,772,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\gSyncit.core\327cc22c9a9de82271bb198ba8649109\gSyncit.core.ni.dll
MOD - [2013/07/12 03:47:24 | 000,081,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\gsyncit.addin\30f864171f7745e95bb99b1b557c16c4\gsyncit.addin.ni.dll
MOD - [2013/07/12 03:47:03 | 000,165,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\ActOutlookAddin\7d8649129871e0c04eec2bd1833c088c\ActOutlookAddin.ni.dll
MOD - [2013/07/12 03:40:14 | 000,134,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Utilities\2f6a1ee302868c02fdb114a9f8692d6b\Act.Shared.Utilities.ni.dll
MOD - [2013/07/12 03:40:09 | 005,150,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Images\ecdabee4cc51faea5d5f11808c1caa4b\Act.Shared.Images.ni.dll
MOD - [2013/07/12 03:40:03 | 000,123,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Diagnost#\3658817f1c53184e5d9dd0304597df0f\Act.Shared.Diagnostics.ni.dll
MOD - [2013/07/12 03:40:02 | 000,080,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Config\a471f27abdf7b3237ea9c061c440a375\Act.Shared.Config.ni.dll
MOD - [2013/07/12 03:39:54 | 000,527,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Outlook.Service#\cd9dcae7e6ebfef6d3366f49ba289985\Act.Outlook.Service.Shared.ni.dll
MOD - [2013/07/12 03:39:53 | 000,064,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Outlook.Service#\4d4c35c13c7cfeb2ff20bcc65639d6f1\Act.Outlook.Service.Interfaces.ni.dll
MOD - [2013/07/12 03:39:52 | 000,559,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Outlook.Service#\b034b19aa738cdd4afbe194d00b11dbc\Act.Outlook.Service.Desktop.ni.dll
MOD - [2013/07/12 03:39:48 | 000,374,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Outlook.Message#\9928588cf339bff41fba38d47a6d9881\Act.Outlook.Message.Reader.ni.dll
MOD - [2013/07/12 03:39:46 | 000,264,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Outlook.Addin.S#\d5b96aebf6c09d4e23329fe1cf66049f\Act.Outlook.Addin.Shared.ni.dll
MOD - [2013/07/12 03:39:15 | 009,803,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Framework\c16514042abe3d8f40e23143ab9fa6d2\Act.Framework.ni.dll
MOD - [2013/07/12 03:33:13 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\2c5c86bb5156ff508ca8045aff50a482\System.Core.ni.dll
MOD - [2013/07/12 03:33:02 | 010,580,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\0ca606ce8b163ff9406476297f4400ad\System.Design.ni.dll
MOD - [2013/07/12 03:32:40 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\59a12d8db2a29bbe4e597124682cc4f7\System.EnterpriseServices.ni.dll
MOD - [2013/07/12 03:32:39 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\dca6df8260d6c4c0bd66cb3be72eb73a\System.Transactions.ni.dll
MOD - [2013/07/12 03:32:38 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f95e6b6a92e3e28a3b553fe2998dd308\System.Data.ni.dll
MOD - [2013/07/12 03:32:06 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013/07/12 03:31:56 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013/07/12 03:31:29 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013/07/12 03:31:24 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013/07/12 03:31:23 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013/07/12 03:29:58 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/06/20 18:41:50 | 000,344,064 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2013/06/20 18:41:28 | 000,231,936 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2013/06/20 18:40:36 | 000,253,440 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2013/06/20 18:40:00 | 000,117,248 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2013/06/19 14:44:16 | 000,269,128 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_regex-vc90-mt-p-1_33.dll
MOD - [2013/05/16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2013/04/02 10:04:26 | 001,226,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\17b4a6296ab10e2cf9a1a54a73a13ec4\System.WorkflowServices.ni.dll
MOD - [2013/04/02 09:48:35 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d7e422a7ea0059ccbf84af3d0248fd44\System.ServiceModel.Routing.ni.dll
MOD - [2013/04/02 09:48:34 | 001,140,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\111dad9be375edc468be9c0f45cd5fe1\System.ServiceModel.Discovery.ni.dll
MOD - [2013/04/02 09:48:33 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\50d52d64dc3118e1073886095ad8af38\System.ServiceModel.Channels.ni.dll
MOD - [2013/04/02 09:48:21 | 001,393,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ee2267c0bc047b57924763400a3f4a37\System.ServiceModel.Activities.ni.dll
MOD - [2013/04/02 09:48:18 | 001,079,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c91632cef78dc1e1ab7dce314c64f7a0\System.IdentityModel.ni.dll
MOD - [2013/04/02 09:48:16 | 018,123,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\3485907c71cb4575a8ae6a9609bfe16c\System.ServiceModel.ni.dll
MOD - [2013/04/02 09:48:01 | 001,086,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\77241a1b66706f7590c522f4765c4f25\System.ServiceModel.Web.ni.dll
MOD - [2013/04/02 09:46:42 | 001,925,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\1ecaf1204c3fb41ffcf4861f3177a192\System.Web.Services.ni.dll
MOD - [2013/04/02 09:46:39 | 012,082,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\e0c821e627baf606525b6ced41023f7a\System.Web.ni.dll
MOD - [2013/04/02 09:46:31 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1a832afa259d3062db5d2767bb66367a\System.EnterpriseServices.ni.dll
MOD - [2013/04/02 09:46:31 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1a832afa259d3062db5d2767bb66367a\System.EnterpriseServices.Wrapper.dll
MOD - [2013/04/02 09:46:30 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\83bbc0d5a9689f5de5090dcf3e3958f8\System.Transactions.ni.dll
MOD - [2013/04/02 09:46:29 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\4373d5deea0fd001dfac01a83f6f2bca\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/04/02 09:46:28 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\a9ecbe8beef8c04f60f9127ec6599abf\SMDiagnostics.ni.dll
MOD - [2013/04/02 09:46:27 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8834e734c13d53e65982db2a00563ce7\System.Runtime.Serialization.ni.dll
MOD - [2013/04/02 09:46:25 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\2b8c61f577f1ffdd781e18d96d97ee3a\System.Xml.Linq.ni.dll
MOD - [2013/04/02 09:45:49 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll
MOD - [2013/04/02 09:45:43 | 000,044,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\fb5c42d141f09e9baf071ccb84e95efd\Accessibility.ni.dll
MOD - [2013/04/02 07:58:20 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll
MOD - [2013/04/02 07:58:07 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll
MOD - [2013/04/02 07:58:03 | 006,841,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\564f737274f47efdfa212f8da43286e7\System.Data.ni.dll
MOD - [2013/04/02 07:58:01 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e963e9f51746f8e23837be7760e187c6\System.Windows.Forms.ni.dll
MOD - [2013/04/02 07:57:56 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll
MOD - [2013/04/02 07:57:55 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll
MOD - [2013/04/02 07:57:55 | 002,549,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\3bde88946bced4455f89f40679b29f5f\System.Data.SqlXml.ni.dll
MOD - [2013/04/02 07:57:53 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\60674dde4b56087c189f576f36f6720f\PresentationFramework.Aero.ni.dll
MOD - [2013/04/02 07:57:52 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll
MOD - [2013/04/02 07:57:52 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll
MOD - [2013/04/02 07:57:50 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll
MOD - [2013/04/02 07:57:48 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll
MOD - [2013/04/02 07:57:43 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\221d903193177a76f68965e8ffb8cbb4\System.Numerics.ni.dll
MOD - [2013/04/02 07:57:42 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
MOD - [2013/03/13 15:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/01/10 15:01:44 | 000,026,624 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
MOD - [2013/01/10 15:01:26 | 010,683,392 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
MOD - [2013/01/10 15:01:24 | 001,681,408 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
MOD - [2013/01/10 15:01:22 | 007,741,952 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
MOD - [2013/01/10 15:01:20 | 002,248,192 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
MOD - [2012/12/16 14:08:14 | 000,448,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\office\14.0.0.0__71e9bce111e9429c\office.dll
MOD - [2012/12/16 14:07:46 | 000,972,664 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
MOD - [2012/11/13 18:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/22 21:45:42 | 000,440,176 | ---- | M] () -- C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\WOSBr_default.dll
MOD - [2011/06/22 21:44:24 | 000,128,880 | ---- | M] () -- C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\WOSMui_En.dll
MOD - [2011/06/22 21:44:16 | 000,015,216 | ---- | M] () -- C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\WOSMui.dll
MOD - [2011/06/22 21:44:10 | 000,079,728 | ---- | M] () -- C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\zlib125.dll
MOD - [2011/06/22 21:43:58 | 000,292,720 | ---- | M] () -- C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\sqlite3.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/02/22 20:33:44 | 000,837,632 | ---- | M] () -- C:\Program Files (x86)\Fieldston Software\gSyncit\System.Data.SQLite.DLL
MOD - [2010/12/21 02:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/10/20 17:08:14 | 000,122,720 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\OUTLCTL.DLL
MOD - [2010/09/13 09:26:59 | 000,137,216 | ---- | M] () -- C:\Windows\assembly\GAC_32\Act.Outlook.Message.Reader\13.0.401.0__ebf6b2ff4d0a08aa\Act.Outlook.Message.Reader.dll
MOD - [2009/08/16 12:56:22 | 000,716,800 | ---- | M] () -- C:\Program Files (x86)\Ditto\Ditto.exe
MOD - [2009/08/16 12:53:46 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Ditto\focus.dll
MOD - [2009/08/16 12:52:16 | 000,497,058 | ---- | M] () -- C:\Program Files (x86)\Ditto\sqlite3.dll
MOD - [2009/08/16 12:52:04 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Ditto\zlib1.dll
MOD - [2009/06/10 16:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/10/25 09:42:10 | 000,164,008 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®
SRV:64bit: - [2010/02/09 10:02:34 | 000,047,432 | ---- | M] (Secure Backup and Share) [Auto | Running] -- C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe -- (ComcastSecureBackupSharebackup)
SRV:64bit: - [2010/01/06 15:32:14 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.exe -- (XAudioService)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/06/19 13:08:36 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2013/06/12 05:28:18 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/12 04:39:24 | 000,010,192 | ---- | M] (Google Inc.) [Auto | Running] -- C:\Program Files (x86)\Google\Chrome Remote Desktop\28.0.1500.45\remoting_host.exe -- (chromoting)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2012/08/18 19:55:30 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2012/08/18 19:55:02 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2012/08/18 19:53:54 | 000,679,936 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Intuit\QuickBooks 2013\QBDBMgrN.exe -- (QuickBooksDB23)
SRV - [2011/06/22 22:20:28 | 000,029,552 | ---- | M] (Gladinet, INC) [Auto | Running] -- C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe -- (GladFileMonSvc)
SRV - [2010/08/18 23:54:12 | 000,081,920 | ---- | M] (Sage Software, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe -- (ACT! Scheduler)
SRV - [2010/07/16 17:23:30 | 006,638,080 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (AllShare)
SRV - [2010/05/20 09:58:48 | 000,032,600 | ---- | M] (Thought Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\FaxTalk\FTmsgsvc.exe -- (FaxTalk FaxCenter Pro 8)
SRV - [2010/05/12 11:35:41 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\UTSCSI.EXE -- (UTSCSI)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/02/08 07:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2005/01/31 10:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/06/17 20:54:22 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0151.sys -- (RsFx0151)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/12/14 13:06:00 | 000,066,552 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\ComcastSecureBackupShare.sys -- (ComcastSecureBackupShareFilter)
DRV:64bit: - [2010/11/20 08:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 08:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 06:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/09/29 13:02:30 | 000,314,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2010/01/06 15:32:14 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2010/01/06 15:32:14 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2010/01/06 15:32:12 | 001,478,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2010/01/06 15:32:12 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2010/01/06 15:32:12 | 000,380,928 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWCD2.sys -- (CAXHWCD2)
DRV:64bit: - [2009/11/11 19:19:54 | 000,027,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2009/11/11 19:19:54 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/22 21:10:13 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/06/10 16:01:07 | 000,543,744 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ltmdm64.sys -- (ltmodem5)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/09/22 23:59:24 | 000,098,304 | ---- | M] (SIIG, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\siigPPort.sys -- (siigPPort)
DRV:64bit: - [2007/06/25 16:20:52 | 000,134,656 | ---- | M] (SIIG, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\siigpar.sys -- (siigpar)
DRV:64bit: - [2005/09/23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [1998/06/30 23:15:58 | 000,048,648 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\Dtc328x.sys -- (DTC328X)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://dal03.um.att...=ListExtensions
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 42 E1 1F CD 23 F9 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{68DFF1C3-AB66-47B6-881D-604D90F00CD6}: "URL" = http://search.yahoo....ei=utf-8&fr=ie8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGIH_en
IE - HKCU\..\SearchScopes\{71F1CF6D-5AD5-4FD2-A481-5AD8418FDEF9}: "URL" = http://www.google.co...&rlz=1I7GGIH_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = cdn;127.0.0.1;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = actsvr.comcastonline.com:8100


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@neulion.com/npadaptiveplugin: C:\Users\Preferred Customer\AppData\Roaming\NeuLion\AdaptivePlugin\npadaptiveplugin_1_6_5_7131.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@neulion.com/npadaptiveplugin: C:\Users\Preferred Customer\AppData\Roaming\NeuLion\AdaptivePlugin\npadaptiveplugin_1_6_5_7131.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Preferred Customer\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Preferred Customer\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101772.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/18 06:03:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/05/29 10:54:11 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.co...=en&source=iglk
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101772.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: NeuLion Adaptive Plugin (Enabled) = C:\Users\Preferred Customer\AppData\Roaming\NeuLion\AdaptivePlugin\npadaptiveplugin_1_6_5_7131.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: Entanglement = C:\Users\Preferred Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Google Docs = C:\Users\Preferred Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Preferred Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Preferred Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: AddThis - Share & Bookmark (new) = C:\Users\Preferred Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.0_0\
CHR - Extension: New Tab Page = C:\Users\Preferred Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cikkigamncoobkmpenfdeniclmehdidh\0.3.0_0\
CHR - Extension: Google Search = C:\Users\Preferred Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: ImageShack.us Right-Click by Red Squirrel = C:\Users\Preferred Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkedpofhcigoiibhjfmlfpghobnbabn\2.0_0\
CHR - Extension: Faviconize Google = C:\Users\Preferred Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fijobgpmmkilncagclaejpjlccfhopdo\2.3_0\
CHR - Extension: AdBlock = C:\Users\Preferred Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0\
CHR - Extension: Save to Pulse = C:\Users\Preferred Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\imnghiiajfangdaolekmphkaohhcnklj\1.0.4_0\
CHR - Extension: Google Voice (by Google) = C:\Users\Preferred Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.4.1_0\
CHR - Extension: Poppit = C:\Users\Preferred Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\Preferred Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.19_0\
CHR - Extension: Pocket (formerly Read It Later) = C:\Users\Preferred Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj\1.5.5_0\
CHR - Extension: Fade to White Aero Skin (by Skarv) = C:\Users\Preferred Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\oekemfmehiakocmomemagciajlikigkl\1.0_0\
CHR - Extension: Gmail = C:\Users\Preferred Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {D5233FCD-D258-4903-89B8-FB1568E7413D} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [FaxTalk FaxCenter Pro 8] C:\Program Files (x86)\FaxTalk\FTClCtrl.exe (Thought Communications, Inc.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [94434A07FFEDD3C90B74E86ACC26E09ACD511394._service_run] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [Ditto] C:\Program Files (x86)\Ditto\Ditto.exe ()
O4 - HKCU..\Run: [Express ClickYes] C:\Program Files (x86)\Express ClickYes\ClickYes.exe (ContextMagic.com)
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [gSyncit] C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe (Fieldston Software)
O4 - HKCU..\Run: [Kana Reminder] C:\Program Files (x86)\Kana Reminder\Reminder.exe (Kana Solution)
O4 - HKCU..\Run: [MusicManager] C:\Users\Preferred Customer\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - Startup: C:\Users\Preferred Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Preferred Customer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Preferred Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FreeClip.lnk = C:\Program Files (x86)\FreeClip\FreeClip.exe (M8 Software)
O4 - Startup: C:\Users\Preferred Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk = C:\Program Files (x86)\Password Safe\pwsafe.exe (SourceForge.net)
O4 - Startup: C:\Users\Preferred Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup.exe (magicJack L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: imageshack.us ([toolbar] http in Trusted sites)
O15 - HKCU\..Trusted Domains: magicjack.com ([my] https in Trusted sites)
O15 - HKCU\..Trusted Domains: talk4free.com ([reg] https in Trusted sites)
O16:64bit: - DPF: {0DF9173C-D4E4-4A58-8A70-80670B556103} http://98.100.216.18...gin_3_0_1_0.cab (Reg Error: Key error.)
O16:64bit: - DPF: {F46C8920-9B32-4953-80DB-06AE06927A07} http://98.100.216.18...gin_3_0_1_0.cab (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.winkflash...geUploader5.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0BDEEC0A-F3C2-49E3-9DF8-08EB6F54519F}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O18:64bit: - Protocol\Handler\intu-help-qb6 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb6 {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/07/16 10:51:42 | 000,000,031 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/23 07:28:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Preferred Customer\Desktop\OTL.exe
[2013/07/23 07:15:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/07/23 07:15:32 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/07/23 07:15:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/07/23 03:02:03 | 000,000,000 | ---D | C] -- C:\b4486fb36d93426b57d859e958
[2013/07/22 17:08:15 | 000,000,000 | ---D | C] -- C:\Users\Preferred Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/07/22 17:08:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/07/18 16:13:08 | 000,000,000 | --SD | C] -- C:\Users\Preferred Customer\Google Drive
[2013/07/18 11:44:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2011/01/25 23:06:15 | 008,969,504 | ---- | C] (Secure Backup and Share) -- C:\ProgramData\TempComcastSecureBackupShare-update-94576f825cbee21cffeff81117efd21f.exe
[2010/09/13 09:17:28 | 000,277,880 | ---- | C] (Sage Software ) -- C:\Users\Preferred Customer\AppData\Roaming\ACT2011Hotfix_SS.exe
[2010/06/14 22:01:18 | 009,015,424 | ---- | C] (Secure Backup and Share) -- C:\ProgramData\TempComcastSecureBackupShare-update-9d139f00bf24a8f6ac0e09afee05b1ba.exe
[2010/03/02 10:41:50 | 000,923,424 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Preferred Customer\chromeinstall-6u18.exe
[1 C:\Users\Preferred Customer\Desktop\*.tmp files -> C:\Users\Preferred Customer\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/23 07:40:02 | 000,000,960 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3997971836-1513657449-1991120708-1000UA.job
[2013/07/23 07:28:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Preferred Customer\Desktop\OTL.exe
[2013/07/23 07:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/23 07:23:14 | 000,278,336 | ---- | M] () -- C:\Users\Preferred Customer\Documents\cc_20130723_072256.reg
[2013/07/23 07:15:37 | 000,001,424 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/07/23 07:01:13 | 000,000,468 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013/07/23 06:53:01 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/23 05:40:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3997971836-1513657449-1991120708-1000Core.job
[2013/07/22 19:41:41 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/22 19:41:41 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/22 19:31:55 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/22 19:31:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/22 19:31:32 | 3139,072,000 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/22 17:08:15 | 000,003,031 | ---- | M] () -- C:\Users\Preferred Customer\Desktop\HiJackThis.lnk
[2013/07/22 16:49:20 | 001,062,552 | ---- | M] () -- C:\Users\Preferred Customer\Desktop\Chrome_Setup.exe
[2013/07/22 08:02:35 | 000,011,952 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Roaming\Comma Separated Values (Windows).CAL
[2013/07/22 07:59:23 | 000,011,928 | ---- | M] () -- C:\Users\Preferred Customer\AppData\Roaming\Comma Separated Values (DOS).CAL
[2013/07/18 16:13:09 | 000,001,717 | ---- | M] () -- C:\Users\Preferred Customer\Desktop\Google Drive.lnk
[2013/07/18 11:28:33 | 000,888,010 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/18 11:28:33 | 000,738,930 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/18 11:28:33 | 000,150,656 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/17 22:04:20 | 000,004,852 | ---- | M] () -- C:\Windows\ComcastSecureBackupShare.blk
[2013/07/17 22:04:20 | 000,000,354 | ---- | M] () -- C:\Windows\ComcastSecureBackupShare.flt
[2013/07/16 06:52:51 | 000,000,090 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2013/07/12 20:55:57 | 000,002,224 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/12 03:25:50 | 000,524,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/03 16:10:26 | 000,569,344 | -H-- | M] () -- C:\Users\Preferred Customer\Desktop\tonido.db
[2013/06/28 09:59:45 | 000,001,003 | ---- | M] () -- C:\Users\Public\Desktop\Tonido.lnk
[2013/06/28 09:59:45 | 000,000,939 | ---- | M] () -- C:\Users\Preferred Customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Tonido.lnk
[2013/06/26 19:25:59 | 000,002,283 | ---- | M] () -- C:\Users\Preferred Customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[1 C:\Users\Preferred Customer\Desktop\*.tmp files -> C:\Users\Preferred Customer\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/23 07:23:01 | 000,278,336 | ---- | C] () -- C:\Users\Preferred Customer\Documents\cc_20130723_072256.reg
[2013/07/23 07:15:37 | 000,001,436 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/07/23 07:15:37 | 000,001,424 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/07/22 17:08:15 | 000,003,031 | ---- | C] () -- C:\Users\Preferred Customer\Desktop\HiJackThis.lnk
[2013/07/22 16:48:41 | 001,062,552 | ---- | C] () -- C:\Users\Preferred Customer\Desktop\Chrome_Setup.exe
[2013/07/22 07:58:06 | 000,011,928 | ---- | C] () -- C:\Users\Preferred Customer\AppData\Roaming\Comma Separated Values (DOS).CAL
[2013/07/18 16:13:09 | 000,001,717 | ---- | C] () -- C:\Users\Preferred Customer\Desktop\Google Drive.lnk
[2013/02/05 17:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/02/05 17:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/02/05 17:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/02/05 17:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/11/12 18:13:33 | 000,003,092 | ---- | C] () -- C:\Users\Preferred Customer\NSTS_reg605.prefs
[2012/08/18 19:49:04 | 000,667,280 | ---- | C] () -- C:\Windows\SysWow64\tx12.dll
[2012/08/18 19:49:04 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx12_ic.ini
[2012/08/18 19:49:04 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\Gsw32.exe.config
[2012/08/03 11:07:36 | 000,007,609 | ---- | C] () -- C:\Users\Preferred Customer\AppData\Local\Resmon.ResmonCfg
[2012/07/26 07:33:54 | 000,011,952 | ---- | C] () -- C:\Users\Preferred Customer\AppData\Roaming\Comma Separated Values (Windows).CAL
[2011/06/29 06:43:38 | 019,558,912 | ---- | C] () -- C:\Users\Preferred Customer\GladinetSetup_3.2.690_x64.msi
[2011/03/04 17:15:05 | 000,083,295 | ---- | C] () -- C:\Users\Preferred Customer\ZEM200sf-wf-bf_specs.pdf
[2011/01/12 14:39:54 | 000,000,313 | ---- | C] () -- C:\Users\Preferred Customer\.JMAppsCfg
[2010/10/30 10:44:30 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/09/22 16:23:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/13 09:31:10 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/09/13 09:31:10 | 000,000,088 | RHS- | C] () -- C:\ProgramData\E6707A1791.sys
[2010/08/19 10:09:21 | 065,466,368 | ---- | C] () -- C:\Users\Preferred Customer\EJR_Cons (Backup Aug 19,2010 10 09 AM).QBB
[2010/08/08 17:00:52 | 001,836,544 | ---- | C] () -- C:\Users\Preferred Customer\gSyncit_2_1_29.msi
[2010/06/11 06:56:01 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/05/08 17:40:25 | 000,005,120 | ---- | C] () -- C:\Users\Preferred Customer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/12 17:08:50 | 000,000,106 | ---- | C] () -- C:\Users\Preferred Customer\AppData\Local\fusioncache.dat
[2010/01/08 14:31:29 | 150,840,320 | ---- | C] () -- C:\Users\Preferred Customer\faxtalk bu.fta

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2010/09/13 09:27:35 | 000,000,000 | ---D | M] -- C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Desktop

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/12/07 20:29:18 | 000,000,000 | ---D | M] -- C:\Users\Preferred Customer\AppData\Roaming\.minecraft
[2010/09/13 09:31:04 | 000,000,000 | ---D | M] -- C:\Users\Preferred Customer\AppData\Roaming\ACT
[2011/05/24 19:15:54 | 000,000,000 | ---D | M] -- C:\Users\Preferred Customer\AppData\Roaming\aignes
[2011/05/26 22:08:25 | 000,000,000 | ---D | M] -- C:\Users\Preferred Customer\AppData\Roaming\Amazon
[2012/12/12 15:38:02 | 000,000,000 | ---D | M] -- C:\Users\Preferred Customer\AppData\Roaming\Catalina Marketing Corp
[2011/04/05 08:22:16 | 000,000,000 | ---D | M] -- C:\Users\Preferred Customer\AppData\Roaming\com.amazon.music.uploader
[2011/02/11 10:29:11 | 000,000,000 | ---D | M] -- C:\Users\Preferred Customer\AppData\Roaming\CyberMatrix
[2011/05/24 19:01:19 | 000,000,000 | ---D | M] -- C:\Users\Preferred Customer\AppData\Roaming\Darq Software
[2013/07/23 01:00:01 | 000,000,000 | ---D | M] -- C:\Users\Preferred Customer\AppData\Roaming\Dropbox
[2010/02/09 12:59:58 | 000,000,000 | ---D | M] -- C:\Users\Preferred Customer\AppData\Roaming\Efficient To-Do List Free
[2010/08/15 07:12:37 | 000,000,000 | ---D | M] -- C:\Users\Preferred Customer\AppData\Roaming\FinalTorrent
[2013/03/24 07:58:51 | 000,000,000 | ---D | M] -- C:\Users\Preferred Customer\AppData\Roaming\GARMIN
[2013/07/23 07:33:37 | 000,000,000 | ---D | M] -- C:\Users\Preferred Customer\AppData\Roaming\gSyncit
[2012/11/08 15:33:32 | 000,000,000 | ---D | M] -- C:\Users\Preferred Customer\AppData\Roaming\ID Vault
[2011/11/03 09:17:25 | 000,000,000 | ---D | M] -- C:\Users\Preferred Customer\AppData\Roaming\InfraRecorder
[2010/09/13 09:31:09 | 000,000,000 | ---D | M] -- C:\Users\Preferred Customer\AppData\Roaming\IsolatedStorage
[2010/01/13 19:03:07 | 000,000,000 | ---D | M] -- C:\Users\Preferred Customer\AppData\Roaming\M8 Software
[2013/05/01 13:18:42 | 000,000,000 | ---D | M] -- C:\Users\Preferred Customer\AppData\Roaming\MediaMonkey
[2012/12/21 04:24:14 | 000,000,000 | ---D | M] -- C:\Users\Preferred Customer\AppData\Roaming\mjusbsp
[2013/04/06 08:47:05 | 000,000,000 | ---D | M] -- C:\Users\Preferred Customer\AppData\Roaming\Mp3tag
[2010/01/26 19:42:01 | 000,000,000 | ---D | M] -- C:\Users\Preferred Customer\AppData\Roaming\NeuLion
[2010/10/29 15:09:40 | 000,000,000 | ---D | M] -- C:\Users\Preferred Customer\AppData\Roaming\PC-FAX TX
[2010/01/12 18:04:46 | 000,000,000 | ---D | M] -- C:\Users\Preferred Customer\AppData\Roaming\Pixela
[2010/03/17 16:38:20 | 000,000,000 | ---D | M] -- C:\Users\Preferred Customer\AppData\Roaming\proDAD
[2013/04/23 08:45:50 | 000,000,000 | ---D | M] -- C:\Users\Preferred Customer\AppData\Roaming\Samsung
[2010/01/16 16:29:03 | 000,000,000 | ---D | M] -- C:\Users\Preferred Customer\AppData\Roaming\SanDisk
[2010/09/02 13:09:22 | 000,000,000 | ---D | M] -- C:\Users\Preferred Customer\AppData\Roaming\ScanSoft
[2011/01/18 15:13:14 | 000,000,000 | ---D | M] -- C:\Users\Preferred Customer\AppData\Roaming\SystemRequirementsLab
[2013/06/28 09:59:45 | 000,000,000 | ---D | M] -- C:\Users\Preferred Customer\AppData\Roaming\Tonido
[2012/01/16 09:59:34 | 000,000,000 | ---D | M] -- C:\Users\Preferred Customer\AppData\Roaming\TonidoSyncData
[2010/01/14 11:23:23 | 000,000,000 | ---D | M] -- C:\Users\Preferred Customer\AppData\Roaming\Ulead Systems
[2013/06/18 09:36:53 | 000,000,000 | ---D | M] -- C:\Users\Preferred Customer\AppData\Roaming\Wondershare
[2010/09/02 13:09:30 | 000,000,000 | ---D | M] -- C:\Users\Preferred Customer\AppData\Roaming\Zeon

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:A0CB5C3C

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 23 July 2013 - 12:44 PM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
Far as I know that is the Chrome install file. If you still have it you can submit it to virustotal.com and see what they say.

Don't see any malware in your logs.
If worried try a free on-line Scan with ESET:

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.
  • 0

#3
eddieras
Posted 23 July 2013 - 04:13 PM

eddieras

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
thanks so much for the reply. i will check out eset too. what really made me nervous is literally as i'm hitting "OK" i see the fine print stating they are not affiliated with google! i still can't believe i did this- very embarrassing!!
  • 0

#4
eddieras
Posted 23 July 2013 - 09:25 PM

eddieras

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
i ran the scan and it found the following -

C:\Users\Preferred Customer\Desktop\Chrome_Setup.exe a variant of Win32/Adware.iBryte.G application cleaned by deleting - quarantined

actually, now that i look at what it found that his the exe file i downloaded and installed by mistake - the chrome_setup file as mentioned in my original post. so it found the exe on my desktop from the download but what happened when i executed the file??

Edited by eddieras, 23 July 2013 - 09:38 PM.

  • 0

#5
RKinner
Posted 23 July 2013 - 10:16 PM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
It's adware so not so bad. It appears to be related to Optimum Installer. If you are infected then if you download something that needs to be installed it's possible that it might take the place of the usual installer and offer you some foistware along with the download / install. (Not to be confused with the foistware that Java, Adobe, and Skype offer you when you upgrade.) Give it a try with something easy like the Hijackthis program:

http://www.filehippo...oad_hijackthis/

I just checked it and there are no foistware programs included in the download. You can uninstall Hijackthis afterward.
  • 0

#6
eddieras
Posted 24 July 2013 - 06:14 AM

eddieras

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
thanks once again - i really appreciate it. i tried using hijackthis but it won't save a log file to analyze and it says 'no internet connection'. but i guess i can stop worry! thanks again!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP