iDayzKilla

i have Trojan.0Access and i can't get rid of it!

92 posts in this topic

ComboFix 13-07-09.01 - josh 10/07/2013  16:48:32.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.61.1033.18.3325.1937 [GMT 10:00]

Running from: c:\users\josh\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\progra~1\FREEWO~1\FREEwo~1.dll

c:\users\josh\AppData\Local\Temp\Rar$EXa0.651\hw.exe

c:\users\josh\AppData\Roaming\Roaming

c:\users\josh\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst

c:\users\Williams\AppData\Roaming\DataSafeDotNet.exe

c:\users\Williams\Documents\~WRL0005.tmp

c:\users\Williams\Documents\~WRL2295.tmp

c:\windows\security\Database\tmp.edb

c:\windows\system32\frapsvid.dll

.

.

(((((((((((((((((((((((((   Files Created from 2013-06-10 to 2013-07-10  )))))))))))))))))))))))))))))))

.

.

2013-07-10 07:05 . 2013-07-10 07:09 -------- d-----w- c:\users\josh\AppData\Local\temp

2013-07-10 07:05 . 2013-07-10 07:05 -------- d-----w- c:\users\Williams\AppData\Local\temp

2013-07-10 07:05 . 2013-07-10 07:05 -------- d-----w- c:\users\Ken\AppData\Local\temp

2013-07-10 05:00 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9E888C58-2445-4BCE-9BCF-93F61A78F209}\mpengine.dll

2013-07-09 06:58 . 2013-07-09 06:58 -------- d-----w- c:\users\josh\AppData\Roaming\Quest3D

2013-07-09 06:56 . 2013-07-09 06:56 -------- d-----w- c:\program files\NVIDIA Corporation

2013-07-09 00:47 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-07-08 08:41 . 2013-07-08 08:41 -------- d-----w- c:\users\josh\AppData\Local\Unity

2013-07-07 01:18 . 2013-07-07 01:23 193 ----a-w- c:\windows\DeleteOnReboot.bat

2013-07-07 01:12 . 2013-07-07 01:12 -------- d-----w- c:\windows\ERUNT

2013-07-07 01:11 . 2013-07-07 01:11 -------- d-----w- C:\JRT

2013-07-06 23:28 . 2013-07-06 23:28 -------- d-----w- c:\users\josh\AppData\Roaming\Uniblue

2013-07-03 21:49 . 2013-07-03 21:49 -------- d-----w- c:\programdata\McAfee Security Scan

2013-07-03 21:47 . 2013-07-03 21:47 -------- d-----w- c:\program files\LogMeIn Hamachi

2013-07-03 07:44 . 2013-07-03 07:44 -------- d-----w- c:\users\josh\AppData\Roaming\HPAppData

2013-07-03 07:43 . 2013-07-03 07:43 -------- d-----w- c:\program files\AMD APP

2013-07-03 07:36 . 2013-07-03 07:36 -------- d-----w- c:\program files\ATI

2013-07-03 07:35 . 2013-07-03 07:35 -------- d-----w- C:\AMD

2013-07-03 06:50 . 2013-07-04 01:23 -------- d-----w- C:\@RestoreQuarantine

2013-07-03 03:20 . 2013-07-03 03:20 -------- d-----w- C:\BackSys

2013-07-02 22:59 . 2013-07-02 22:59 40208 ----a-w- c:\windows\system32\Partizan.exe

2013-07-02 22:59 . 2013-07-02 22:59 24416 ----a-w- c:\windows\system32\drivers\regguard.sys

2013-07-02 22:24 . 2013-07-10 07:09 -------- d-----w- c:\programdata\RegRun

2013-07-02 22:24 . 2013-07-02 22:24 32290 ----a-w- c:\windows\system32\drivers\Partizan.sys

2013-07-02 22:24 . 2013-07-02 22:24 2 --shatr- c:\windows\winstart.bat

2013-07-02 22:24 . 2013-06-04 02:23 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys

2013-07-02 22:24 . 2013-07-03 05:53 -------- d-----w- c:\program files\UnHackMe

2013-07-02 09:36 . 2013-07-02 09:40 -------- d-----w- c:\program files\BreakingNews

2013-07-02 09:34 . 2013-07-02 09:34 -------- d-----w- c:\users\josh\AppData\Local\TopArcadeHits

2013-07-01 15:35 . 2013-07-01 12:44 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{54B1D383-4166-46AA-8AAC-D9BC7625F866}\gapaengine.dll

2013-07-01 12:12 . 2013-07-01 12:12 -------- d-----w- C:\9a65bd9af90ba97ce36c19

2013-07-01 12:05 . 2013-07-01 12:07 -------- d-----w- c:\program files\Microsoft Security Client

2013-07-01 11:25 . 2013-07-01 11:25 -------- d-----w- c:\users\josh\AppData\Roaming\Malwarebytes

2013-07-01 06:44 . 2013-07-01 06:44 -------- d-----w- c:\users\Williams\AppData\Roaming\Malwarebytes

2013-07-01 06:43 . 2013-07-01 06:43 -------- d-----w- c:\programdata\Malwarebytes

2013-07-01 06:43 . 2013-07-01 06:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-07-01 06:43 . 2013-04-04 04:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-07-01 06:42 . 2013-07-01 06:42 -------- d-----w- c:\programdata\1E1A5

2013-07-01 00:49 . 2013-07-01 00:49 -------- d-----w- c:\users\josh\AppData\Local\Macromedia

2013-07-01 00:48 . 2013-07-01 00:48 -------- d-----w- c:\users\josh\AppData\Local\Mozilla

2013-06-29 05:26 . 2013-06-29 05:26 -------- d-----w- c:\users\josh\AppData\Roaming\MotioninJoy

2013-06-29 05:26 . 2009-11-24 05:29 61984 ----a-w- c:\windows\system32\drivers\xusb21.sys

2013-06-29 05:26 . 2009-09-11 02:47 255496 ----a-w- c:\windows\system32\MijFrc.dll

2013-06-29 05:26 . 2013-06-29 05:27 99400 ----a-w- c:\windows\system32\drivers\MijXfilt.sys

2013-06-28 23:40 . 2007-06-29 04:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys

2013-06-28 23:40 . 2013-06-28 23:40 -------- d-----w- c:\program files\AMD

2013-06-28 23:39 . 2013-07-09 06:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2013-06-25 06:31 . 2013-07-04 23:58 -------- d-----w- c:\program files\McAfee Security Scan

2013-06-25 06:28 . 2013-06-25 06:24 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-06-21 06:39 . 2013-06-21 06:39 -------- d-----w- c:\users\josh\AppData\Roaming\.StarMade

2013-06-18 11:43 . 2013-06-18 11:43 -------- d-----w- c:\users\josh\AppData\Roaming\3909 LLC

2013-06-17 12:00 . 2013-06-17 12:00 -------- d-----w- c:\users\josh\AppData\Local\IsolatedStorage

2013-06-15 09:10 . 2013-05-28 13:05 163328 ----a-w- c:\windows\system32\FlashPlayerUpdateService.exe

2013-06-11 21:13 . 2013-04-24 04:00 985600 ----a-w- c:\windows\system32\crypt32.dll

2013-06-11 21:13 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe

2013-06-11 21:13 . 2013-04-24 04:00 98304 ----a-w- c:\windows\system32\cryptnet.dll

2013-06-11 21:13 . 2013-04-24 04:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2013-06-11 21:13 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll

2013-06-11 21:13 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll

2013-06-11 21:13 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll

2013-06-11 21:13 . 2013-05-08 03:40 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-06-11 21:13 . 2013-05-08 01:58 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2013-06-11 21:12 . 2013-05-02 22:03 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-06-11 21:12 . 2013-05-02 22:03 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-06-11 21:12 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-25 06:24 . 2012-05-12 23:10 867240 ----a-w- c:\windows\system32\npdeployJava1.dll

2013-06-25 06:24 . 2011-11-05 20:14 789416 ----a-w- c:\windows\system32\deployJava1.dll

2013-06-13 07:39 . 2012-11-11 06:17 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-06-13 07:39 . 2012-11-11 06:17 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-06-12 01:43 . 2013-05-15 08:23 9089416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2013-05-28 07:58 . 2013-04-11 01:15 139424 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2013-05-28 07:58 . 2013-05-28 07:46 282104 ----a-w- c:\windows\system32\PnkBstrB.xtr

2013-05-28 07:58 . 2013-04-11 01:15 282104 ----a-w- c:\windows\system32\PnkBstrB.exe

2013-05-28 07:42 . 2013-04-11 01:15 138056 ----a-w- c:\users\josh\AppData\Roaming\PnkBstrK.sys

2013-05-28 07:41 . 2013-04-11 01:15 75136 ----a-w- c:\windows\system32\PnkBstrA.exe

2013-05-22 12:15 . 2013-05-22 12:16 18584 ----a-w- c:\windows\system32\drivers\evolve.sys

2013-05-13 10:53 . 2009-08-18 01:24 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-02 15:28 . 2009-10-31 05:22 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-04-15 14:20 . 2013-05-15 00:13 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-04-13 10:56 . 2013-05-15 00:13 37376 ----a-w- c:\windows\system32\cdd.dll

2012-07-31 23:29 . 2011-12-25 07:52 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{BA3E58F7-60C6-485E-A775-0C1FD9C0E55E}]

2013-06-03 08:17 373904 ----a-w- c:\program files\BreakingNews\ScriptHost.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"Steam"="c:\program files\Steam\steam2\steam.exe" [2013-07-10 1672616]

"Desura"="c:\program files\Desura\desura.exe" [2012-11-24 2529096]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"Dxtory Update Checker 2.0"="c:\program files\Dxtory Software\Dxtory2.0\UpdateChecker.exe" [2010-10-17 93696]

"EvolveClient"="c:\program files\Echobit\Evolve\EvolveClient.exe" [2013-07-04 2708440]

"BreakingNews"="c:\program files\BreakingNews\BreakingNews\DesktopContainer.exe" [2013-06-26 572048]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-20 19875432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-13 6609440]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-19 3810304]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 641704]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]

"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-04-09 1762032]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]

"NetWorx"="c:\program files\NetWorx\networx.exe" [2009-08-23 1890304]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]

"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184]

.

c:\users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

.

c:\users\josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-2-27 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2009-07-01 15:54 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ   autocheck autochk *\0Partizan

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-01-13 81920]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - Partizan

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache

HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-06-18 21:23 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2011-06-18 21:02 114176 ----a-w- c:\windows\System32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2013-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-11 13:05]

.

2013-07-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3287801049-2637330249-1735968051-1000Core.job

- c:\users\Williams\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-18 23:55]

.

2013-07-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3287801049-2637330249-1735968051-1000UA.job

- c:\users\Williams\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-18 23:55]

.

2013-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-30 01:05]

.

2013-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-30 01:05]

.

2013-07-09 c:\windows\Tasks\Norton Security Scan for Williams.job

- c:\progra~1\NORTON~2\Engine\301~1.8\Nss.exe [2011-01-14 16:30]

.

2013-07-10 c:\windows\Tasks\TopArcadeHits.job

- c:\users\josh\AppData\Local\TopArcadeHits\updater.exe [2013-07-02 09:34]

.

.

------- Supplementary Scan -------

.




IE: {{45d8438c-b51d-47a8-aeea-9061535f25f1} - {b52d0735-ec19-448a-abde-e01b5bd275d2} -

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

FF - ProfilePath - c:\users\josh\AppData\Roaming\mozilla\firefox\Profiles\lxx114p3.default\

FF - prefs.js: browser.startup.homepage - 

FF - ExtSQL: 2013-05-17 18:16; {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}

FF - ExtSQL: 2013-06-30 10:51; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn

FF - ExtSQL: 2013-07-01 08:23; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-Exetender - c:\program files\Free Ride Games\GPlayer.exe

HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe

HKU-Default-Run-Exetender - c:\program files\Free Ride Games\GPlayer.exe

SafeBoot-64454901.sys

SafeBoot-81080568.sys

SafeBoot-WudfPf

SafeBoot-WudfRd

SafeBoot-mcmscsvc

SafeBoot-MCODS

AddRemove-BattlEye for A2 - c:\program files\Steam\steam2\steamapps\common\Arma 2BattlEye\UnInstallBE.exe

AddRemove-FarmingSimulator2013DemoEN_is1 - c:\program files\Farming Simulator 2013 Demo\unins000.exe

AddRemove-Fraps - c:\fraps\uninstall.exe

AddRemove-Picasa 3 - c:\users\josh\Desktop\Picasa3\Uninstall.exe

AddRemove-Steam App 42690 - c:\program files\Steam\steam.exe

AddRemove-Steam App 42910 - c:\program files\Steam\steam.exe

AddRemove-Xfire - c:\users\josh\Desktop\Xfire\uninst.exe

AddRemove-Zoom Downloader - c:\program files\Zoom Downloader\uninstall.exe

AddRemove-{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1 - c:\program files\MotioninJoy\unins000.exe

AddRemove-{cb6d194b-149b-4e28-9b6b-fd0bdaa2aa7c}_is1 - c:\program files\DownTangoLauncherToolbar\unins001.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-07-10 17:09

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...  

.

scanning hidden autostart entries ... 

.

scanning hidden files ...  

.

.

c:\users\josh\AppData\Roaming\Microsoft\Windows\Cookies\1UK7P2IU.txt

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]

"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\windows\system32\atiesrxx.exe

c:\program files\Dell\DellDock\DockLogin.exe

c:\windows\system32\atieclxx.exe

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\windows\system32\WLANExt.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\FreeWordHelper\FreeWordHelperUpdt.exe

c:\program files\LogMeIn Hamachi\hamachi-2.exe

c:\windows\system32\PnkBstrB.exe

c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\System32\WUDFHost.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Microsoft Office\Office12\ONENOTEM.EXE

c:\windows\ehome\ehmsas.exe

c:\program files\Windows Media Player\wmpnscfg.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

c:\program files\Common Files\Steam\SteamService.exe

c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.exe

c:\program files\Windows Media Player\wmpnscfg.exe

c:\program files\Windows Media Player\wmpnscfg.exe

.

**************************************************************************

.

Completion time: 2013-07-10  17:18:22 - machine was rebooted

ComboFix-quarantined-files.txt  2013-07-10 07:18

.

Pre-Run: 74,509,103,104 bytes free

Post-Run: 75,847,147,520 bytes free

.

- - End Of File - - 9FD560F6DC658FD0EDA919125AD5FC45

5C616939100B85E558DA92B899A0FC36

Share this post


Link to post
Share on other sites

Please uninstall this application: TopArcadeHits and next:

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Share this post


Link to post
Share on other sites

i turned my pc on and a message came up saying "The recycle bin on C:\ is corrupted. Do you want to empty bin for this drive?" i clicked yes and one file couldn't be deleted called Antimalwere and i did a scan on it with malwerebytes and this is the log. im not sure how to get rid of it. Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org
 
Database version: v2013.07.10.03
 
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
josh :: WILLIAMS-PC [administrator]
 
Protection: Enabled
 
10/07/2013 7:48:36 PM
mbam-log-2013-07-10 (19-48-36).txt
 
Scan type: Custom scan (C:\Users\josh\Desktop\Recycle Bin - Shortcut.lnk|)
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
Objects scanned: 1
Time elapsed: 3 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)

Share this post


Link to post
Share on other sites

and i cant get rid of a popup that pops up when i turn my pc on. in task manager its called DesktopContainer.exe

Share this post


Link to post
Share on other sites

Please uninstall this application: BreakingNews , reboot and let me know.

Share this post


Link to post
Share on other sites

i have tried to uninstall BreakingNews and i only have the option to change it i cant uninstall it.

Share this post


Link to post
Share on other sites
C:\found.001\dir0000.chk\wajam_adknowledge[1].exe Win32/Wajam.A application cleaned by deleting - quarantined

C:\Program Files\Cheat Engine 6.2\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application cleaned by deleting - quarantined

C:\Program Files\Cheat Engine 6.2\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF application cleaned by deleting - quarantined

C:\Program Files\~Web Assistant\Extension32.dll a variant of Win32/Toolbar.Perion.A application cleaned by deleting - quarantined

C:\Program Files\~Web Assistant\ExtensionUpdaterService.exe a variant of Win32/Toolbar.Perion.C application cleaned by deleting - quarantined

C:\Program Files\~Web Assistant\InstallerHelper.dll a variant of Win32/Toolbar.Perion.B application cleaned by deleting - quarantined

C:\Program Files\~Web Assistant\source.crx Win32/Toolbar.Perion.D application deleted - quarantined

C:\Program Files\~Web Assistant\Firefox\chrome\content\main.js Win32/Toolbar.Perion.D application cleaned by deleting - quarantined

C:\Users\josh\Desktop\cbsidlm-tr1_13-UnHackMe-ORG-68786.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined

C:\Users\josh\Desktop\Minecraft Launcher by AnjoCaido.exe a variant of Win32/4Shared.D application cleaned by deleting - quarantined

C:\Users\josh\Desktop\my stuff\stuff stuff stuff\MY STUFF\PROGRAMS\mp3rocket.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined

C:\Users\josh\Downloads\bs_ScreenFlow.exe Win32/OpenCandy application cleaned by deleting - quarantined

C:\Users\josh\Downloads\Download.exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined

C:\Users\josh\Downloads\Hack-Dayz (1).exe a variant of MSIL/PSW.Agent.NID trojan cleaned by deleting - quarantined

C:\Users\josh\Downloads\Hack-Dayz (2).exe a variant of MSIL/PSW.Agent.NID trojan cleaned by deleting - quarantined

C:\Users\josh\Downloads\Hack-Dayz.exe a variant of MSIL/PSW.Agent.NID trojan cleaned by deleting - quarantined

C:\Users\josh\Downloads\installer_gta-sanandreas_English.exe a variant of Win32/Vittalia.E application cleaned by deleting - quarantined

C:\Users\josh\Downloads\SoftonicDownloader_for_farming-simulator-2013.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined

C:\Users\josh\Downloads\TIMMUR-HAX-Updated 1.7.4.4 be 1.185.exe a variant of MSIL/PSW.Agent.NID trojan cleaned by deleting - quarantined

C:\Users\josh\Downloads\xfire_installer_46071.exe Win32/OpenCandy application cleaned by deleting - quarantined

C:\Users\josh\Downloads\Terraria\Terraria.v1.0.4.cracked-THETA.rar a variant of Win32/HackTool.Crack.B application deleted - quarantined

C:\Users\Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_1\background.html JS/Adware.Yontoo.A application cleaned by deleting - quarantined

C:\Users\Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_1\yl.js JS/Adware.Yontoo.A application cleaned by deleting - quarantined

C:\Users\Williams\Desktop\CheatEngine62.exe multiple threats cleaned by deleting - quarantined

C:\Users\Williams\Desktop\SoftonicDownloader_for_slender.exe a variant of Win32/SoftonicDownloader.D application cleaned by deleting - quarantined

C:\Users\Williams\Desktop\computer stuff\ezLookerSilent_DDD_FTT_BG_BD_BVD.exe multiple threats cleaned by deleting - quarantined

C:\Users\Williams\Desktop\minecraft server al3\softonic_ggl_1.6.4.3.exe Win32/Toolbar.Funmoods application cleaned by deleting - quarantined

C:\Users\Williams\Downloads\ac3filter_app_1200.exe a variant of Win32/InstallIQ.A application cleaned by deleting - quarantined

C:\Users\Williams\Downloads\BandooV5.exe a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined

C:\Users\Williams\Downloads\dexpot_161_r2121.exe Win32/OpenCandy application cleaned by deleting - quarantined

C:\Users\Williams\Downloads\DownloadSetup.exe Win32/InstallMate.A application cleaned by deleting - quarantined

C:\Users\Williams\Downloads\FastDownload.exe Win32/InstallMate.A application cleaned by deleting - quarantined

C:\Users\Williams\Downloads\iLividSetupV1(1).exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined

C:\Users\Williams\Downloads\installer_7-zip.exe multiple threats cleaned by deleting - quarantined

C:\Users\Williams\Downloads\Installer_Regwork.exe a variant of Win32/Adware.RegRevive application cleaned by deleting - quarantined

C:\Users\Williams\Downloads\jenkatarcade.exe a variant of Win32/InstallIQ.A application cleaned by deleting - quarantined

C:\Users\Williams\Downloads\PCHealthDoc_Unzip.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined

C:\Users\Williams\Downloads\SoftonicDownloader_for_call-of-duty-4.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined

C:\Users\Williams\Downloads\SoftonicDownloader_for_steam.exe Win32/SoftonicDownloader.D application cleaned by deleting - quarantined

C:\Users\Williams\Downloads\SweetImSetup (1).exe a variant of Win32/SweetIM.B application cleaned by deleting - quarantined

C:\Users\Williams\Downloads\SweetImSetup (2).exe a variant of Win32/SweetIM.C application cleaned by deleting - quarantined

C:\Users\Williams\Downloads\SweetImSetup.exe a variant of Win32/SweetIM.B application cleaned by deleting - quarantined

C:\Users\Williams\Downloads\winzip160.exe Win32/OpenCandy application deleted - quarantined

C:\Windows\Installer\512167a.msi a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined

C:\Windows\Installer\89ad046.msi a variant of Win32/Toolbar.Linkury.A application deleted - quarantined

Share this post


Link to post
Share on other sites

How are things there after ESET Online Scanner?

Share this post


Link to post
Share on other sites

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Share this post


Link to post
Share on other sites

is it normal that my internet on the computer has gotten very slow 

Share this post


Link to post
Share on other sites

I don't know. There could be many reasons, both software and hardware

Share this post


Link to post
Share on other sites
OTL logfile created on: 11/07/2013 8:22:18 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\josh\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

 

3.25 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 57.23% Memory free

6.72 Gb Paging File | 4.52 Gb Available in Paging File | 67.23% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 581.11 Gb Total Space | 76.94 Gb Free Space | 13.24% Space Free | Partition Type: NTFS

Drive D: | 15.00 Gb Total Space | 9.74 Gb Free Space | 64.91% Space Free | Partition Type: NTFS

 

Computer Name: WILLIAMS-PC | User Name: josh | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013/07/11 19:44:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\josh\Desktop\OTL.exe

PRC - [2013/07/10 11:56:22 | 000,559,016 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe

PRC - [2013/07/10 11:56:20 | 001,672,616 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam2\Steam.exe

PRC - [2013/06/28 14:02:06 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe

PRC - [2013/06/28 14:02:04 | 001,440,080 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

PRC - [2013/05/28 23:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe

PRC - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2013/03/05 17:47:14 | 007,330,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgmfapx.exe

PRC - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe

PRC - [2013/01/27 11:11:46 | 000,284,304 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe

PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe

PRC - [2012/11/17 06:45:20 | 000,453,632 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe

PRC - [2012/11/17 06:44:46 | 000,217,088 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe

PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe

PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe

PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe

PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe

PRC - [2012/10/22 13:04:06 | 000,329,848 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcfgex.exe

PRC - [2012/10/22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe

PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe

PRC - [2012/06/11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE

PRC - [2011/12/16 16:51:54 | 001,778,176 | ---- | M] () -- C:\Program Files\FreeWordHelper\FreeWordHelperUpdt.exe

PRC - [2010/09/03 16:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe

PRC - [2009/08/24 08:43:18 | 001,890,304 | ---- | M] (SoftPerfect Research) -- C:\Program Files\NetWorx\networx.exe

PRC - [2009/06/03 13:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe

PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/04/09 18:29:00 | 001,762,032 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe

PRC - [2009/01/30 02:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe

PRC - [2009/01/13 20:32:52 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe

PRC - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

PRC - [2008/03/18 02:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

PRC - [2008/01/21 12:24:43 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe

PRC - [2008/01/21 12:23:43 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/07/10 11:56:22 | 001,121,704 | ---- | M] () -- C:\Program Files\Steam\steam2\bin\chromehtml.dll

MOD - [2013/07/10 07:45:48 | 020,625,832 | ---- | M] () -- C:\Program Files\Steam\steam2\bin\libcef.dll

MOD - [2013/07/02 02:20:48 | 000,652,800 | ---- | M] () -- C:\Program Files\Steam\steam2\SDL2.dll

MOD - [2013/06/15 09:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files\Steam\steam2\bin\avcodec-53.dll

MOD - [2013/06/15 09:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files\Steam\steam2\bin\avformat-53.dll

MOD - [2013/06/15 09:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files\Steam\steam2\bin\avutil-51.dll

MOD - [2013/05/17 07:53:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3da65115bf9debbf564861f6b123a2e4\System.Configuration.ni.dll

MOD - [2013/05/17 07:49:42 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e9ea3e70247b4aa4a8b260426db3aa6b\System.Windows.Forms.ni.dll

MOD - [2013/05/17 07:49:21 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2673a8a481ae675588349b79b521cec1\PresentationFramework.ni.dll

MOD - [2013/05/17 07:49:03 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a3968930e9e2ae833447b0a280082073\PresentationCore.ni.dll

MOD - [2013/05/17 07:48:40 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fe2a238282c6fedc2a21b3dd25885437\WindowsBase.ni.dll

MOD - [2013/02/16 16:33:59 | 011,820,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll

MOD - [2013/02/16 16:33:49 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\d186bf251ae14af93b3a943d472ee9f5\System.Web.Services.ni.dll

MOD - [2013/01/11 02:39:53 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll

MOD - [2013/01/11 02:37:48 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9b2eef59d0cfc5aff182d0951de5f040\Accessibility.ni.dll

MOD - [2013/01/11 02:37:44 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll

MOD - [2013/01/11 02:37:20 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll

MOD - [2013/01/11 02:36:52 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll

MOD - [2013/01/11 02:35:36 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll

MOD - [2013/01/11 02:35:24 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll

MOD - [2012/11/17 05:37:32 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll

MOD - [2012/11/16 15:09:18 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

MOD - [2011/11/01 22:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/11/01 22:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2009/07/02 01:50:31 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3331.38812__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll

MOD - [2009/07/02 01:50:31 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3331.38896__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll

MOD - [2009/07/02 01:50:31 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3331.38795__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll

MOD - [2009/07/02 01:50:31 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3331.38814__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll

MOD - [2009/07/02 01:50:31 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3331.38897__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll

MOD - [2009/07/02 01:50:31 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3331.38802__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll

MOD - [2009/07/02 01:50:31 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3331.38809__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll

MOD - [2009/07/02 01:50:31 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3331.38838__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll

MOD - [2009/07/02 01:50:31 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3331.38803__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll

MOD - [2009/07/02 01:50:30 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3331.38841__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll

MOD - [2009/07/02 01:50:30 | 000,712,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3331.38804__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll

MOD - [2009/07/02 01:50:30 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3331.38869__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll

MOD - [2009/07/02 01:50:30 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3331.38859__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll

MOD - [2009/07/02 01:50:30 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3331.38814__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll

MOD - [2009/07/02 01:50:30 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3331.38850__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll

MOD - [2009/07/02 01:50:30 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3331.38860__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll

MOD - [2009/07/02 01:50:30 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3331.38840__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll

MOD - [2009/07/02 01:50:30 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3331.38839__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll

MOD - [2009/07/02 01:50:30 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3331.38858__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll

MOD - [2009/07/02 01:50:30 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3331.38818__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll

MOD - [2009/07/02 01:50:30 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3331.38850__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll

MOD - [2009/07/02 01:50:29 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll

MOD - [2009/07/02 01:50:29 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll

MOD - [2009/07/02 01:50:29 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3331.38840__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll

MOD - [2009/07/02 01:50:29 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll

MOD - [2009/07/02 01:50:29 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll

MOD - [2009/07/02 01:50:29 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll

MOD - [2009/07/02 01:50:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll

MOD - [2009/07/02 01:50:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll

MOD - [2009/07/02 01:50:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll

MOD - [2009/07/02 01:50:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll

MOD - [2009/07/02 01:50:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll

MOD - [2009/07/02 01:50:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll

MOD - [2009/07/02 01:50:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll

MOD - [2009/07/02 01:50:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll

MOD - [2009/07/02 01:50:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll

MOD - [2009/07/02 01:50:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll

MOD - [2009/07/02 01:50:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll

MOD - [2009/07/02 01:50:29 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll

MOD - [2009/07/02 01:50:28 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3331.38890__90ba9c70f846762e\MOM.Implementation.dll

MOD - [2009/07/02 01:50:28 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3331.38888__90ba9c70f846762e\LOG.Foundation.Implementation.dll

MOD - [2009/07/02 01:50:28 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3309.28647__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3331.38906__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll

MOD - [2009/07/02 01:50:28 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll

MOD - [2009/07/02 01:50:28 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll

MOD - [2009/07/02 01:50:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll

MOD - [2009/07/02 01:50:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll

MOD - [2009/07/02 01:50:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll

MOD - [2009/07/02 01:50:28 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll

MOD - [2009/07/02 01:50:28 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll

MOD - [2009/07/02 01:50:28 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3331.38791__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll

MOD - [2009/07/02 01:50:27 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3331.38799__90ba9c70f846762e\CLI.Component.Dashboard.dll

MOD - [2009/07/02 01:50:27 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3331.38808__90ba9c70f846762e\CLI.Component.Wizard.dll

MOD - [2009/07/02 01:50:27 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3331.38793__90ba9c70f846762e\CLI.Component.Runtime.dll

MOD - [2009/07/02 01:50:27 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3331.38793__90ba9c70f846762e\ATIDEMOS.dll

MOD - [2009/07/02 01:50:27 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3331.38792__90ba9c70f846762e\APM.Server.dll

MOD - [2009/07/02 01:50:27 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3331.38794__90ba9c70f846762e\CLI.Component.SkinFactory.dll

MOD - [2009/07/02 01:50:27 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll

MOD - [2009/07/02 01:50:27 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3331.38791__90ba9c70f846762e\AEM.Server.dll

MOD - [2009/07/02 01:50:27 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll

MOD - [2009/07/02 01:50:27 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll

MOD - [2009/07/02 01:50:27 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll

MOD - [2009/07/02 01:50:27 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3331.38889__90ba9c70f846762e\CCC.Implementation.dll

MOD - [2009/07/02 01:50:27 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll

MOD - [2009/07/02 01:50:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll

MOD - [2009/07/02 01:50:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll

MOD - [2009/06/28 00:29:34 | 000,439,296 | ---- | M] () -- C:\Program Files\NetWorx\sqlite.dll

MOD - [2009/04/09 18:29:00 | 001,762,032 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe

MOD - [2009/04/09 18:29:00 | 000,263,920 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.dll

MOD - [2009/04/09 18:29:00 | 000,132,336 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.XmlSerializers.dll

MOD - [2009/04/09 18:29:00 | 000,095,472 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbUI.dll

MOD - [2009/04/09 18:29:00 | 000,058,608 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\BalloonWindow.dll

MOD - [2009/04/09 18:29:00 | 000,017,648 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\CppUtils.dll

MOD - [2009/01/19 19:41:52 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll

 

 

========== Services (SafeList) ==========

 

SRV - [2013/07/10 11:56:22 | 000,559,016 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2013/07/05 09:44:46 | 001,495,512 | ---- | M] (Echobit LLC) [On_Demand | Stopped] -- C:\Program Files\Echobit\Evolve\EvoSvc.exe -- (EvoSvc)

SRV - [2013/06/28 14:02:04 | 001,440,080 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2013/05/28 23:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2012/12/10 11:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgfws.exe -- (avgfws)

SRV - [2012/11/24 11:18:02 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files\Common Files\Desura\desura_service.exe -- (Desura Install Service)

SRV - [2012/11/17 06:44:46 | 000,217,088 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)

SRV - [2012/08/01 09:29:15 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/06/11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)

SRV - [2012/06/11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)

SRV - [2011/12/16 16:51:54 | 001,778,176 | ---- | M] () [Auto | Running] -- C:\Program Files\FreeWordHelper\FreeWordHelperUpdt.exe -- (FreeWordHelper)

SRV - [2010/09/03 16:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/07/02 01:54:16 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)

SRV - [2009/01/30 02:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)

SRV - [2009/01/13 20:32:52 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)

SRV - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV - [2008/01/21 12:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\Free Ride Games\X6XSEx_Pr143.Sys -- (X6XSEx_Pr143)

DRV - File not found [Kernel | Boot | Unknown] -- system32\drivers\Partizan.sys -- (Partizan)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\kkhlafex.sys -- (kkhlafex)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - [2013/07/11 15:27:19 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68AECD3A-7458-4361-B541-A3A96671453F}\MpKsl5a67bc44.sys -- (MpKsl5a67bc44)

DRV - [2013/06/29 15:27:11 | 000,099,400 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)

DRV - [2013/05/22 22:15:28 | 000,018,584 | ---- | M] (Echobit, LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\evolve.sys -- (EvolveVirtualAdapter)

DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2012/11/17 07:07:06 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2012/11/17 07:07:06 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2012/11/17 07:07:06 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)

DRV - [2012/11/17 05:38:48 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)

DRV - [2012/11/15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)

DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)

DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)

DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)

DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)

DRV - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)

DRV - [2012/02/23 22:31:36 | 000,083,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)

DRV - [2011/08/02 16:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)

DRV - [2009/08/29 12:51:51 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\pssdk42.sys -- (PSSDK42)

DRV - [2009/03/18 15:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)

DRV - [2009/01/19 19:40:58 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)

DRV - [2009/01/13 22:39:40 | 000,138,240 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2008/11/05 09:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})

DRV - [2008/04/03 22:36:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)

DRV - [2008/01/21 12:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)

DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope = 

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com

IE - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com

IE - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\..\SearchScopes\{52AC9703-45DB-48CB-A233-DFB87D488AF3}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox

IE - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\..\SearchScopes\{54C213C6-A9BA-4FA8-8613-A96262987179}: "URL" = http://delicious.com/search?p={searchTerms}

IE - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\..\SearchScopes\{65478155-B43B-4152-9DB2-D9029124ED8C}: "URL" = http://www.flickr.com/search/?q={searchTerms}

IE - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\..\SearchScopes\{A085142A-1794-4EBD-991E-894EEC4E13B8}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\..\SearchScopes\{EED74EFB-6793-4D8C-867D-875B47980146}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9

IE - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: 

FF - prefs.js..browser.search.defaultenginename: "Google" 

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll File not found

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Users\josh\Desktop\Picasa3\npPicasa3.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@news.net/npapi: C:\Program Files\BreakingNews\npapi.dll (news.net)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\www.exent.com/GameTreatWidget: C:\Program Files\Free Ride Games\NPGameTreatPlugin.dll File not found

FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\josh\AppData\Local\Roblox\Versions\version-bac2ef28b67142d0\\NPRobloxProxy.dll ()

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\josh\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/01 19:23:00 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/07 09:22:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/07 09:22:58 | 000,000,000 | ---D | M]

 

[2013/07/02 19:34:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\josh\AppData\Roaming\mozilla\Extensions

[2013/07/10 20:00:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\josh\AppData\Roaming\mozilla\firefox\Profiles\lxx114p3.default\Extensions

[2013/07/02 19:40:14 | 000,000,000 | ---D | M] (news.net) -- C:\Users\josh\AppData\Roaming\mozilla\firefox\Profiles\lxx114p3.default\Extensions\news@news.net

[2013/07/03 16:51:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2013/06/15 11:33:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012/09/18 19:38:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2013/05/17 18:16:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}

[2013/06/15 11:33:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions

[2013/06/15 11:33:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012/08/01 09:29:16 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/12/07 23:57:20 | 000,075,776 | ---- | M] (Free Word Help) -- C:\Program Files\mozilla firefox\plugins\npFreeWordHelper.dll

[2012/04/24 17:20:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/04/24 17:20:42 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

[2009/04/07 12:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober703666315.gif

[2009/12/18 05:46:46 | 000,000,202 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober703666315.src

 

========== Chrome  ==========

 

CHR - default_search_provider: Mixi.DJ Search (Enabled)

CHR - default_search_provider: search_url = http://mixidj.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=669D0000A1F8C1A8&affID=121136&tsp=4931

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: 

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll

CHR - plugin: Norton Confidential (Enabled) = C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\npcoplgn.dll

CHR - plugin: widdit (Enabled) = C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdabpabkmacjiiooccecnpakonoibah\1.4_0\npwiddit.dll

CHR - plugin: Free Word Help (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\npFreeWordHelper.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Adobe Acrobat (Enabled) = c:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 6 U35 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\system32\npdeployJava1.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Users\josh\AppData\Local\Roblox\Versions\version-470c28140c5148c2\\NPRobloxProxy.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: news.net = C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmbbgcooaabknohabmoaikiakkoignai\1.0.12_0\

 

O1 HOSTS File: ([2013/07/10 17:07:33 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (news.net) - {BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} - C:\Program Files\BreakingNews\ScriptHost.dll ()

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (&NetWorx Desk Band) - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\Program Files\NetWorx\deskband.dll (SoftPerfect Research)

O3 - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()

O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [NetWorx] C:\Program Files\NetWorx\networx.exe (SoftPerfect Research)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002..\Run: [breakingNews] C:\Program Files\BreakingNews\BreakingNews\DesktopContainer.exe (International News Network Limited)

O4 - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002..\Run: [Desura] C:\Program Files\Desura\desura.exe (Desura Pty Ltd)

O4 - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002..\Run: [Dxtory Update Checker 2.0] C:\Program Files\Dxtory Software\Dxtory2.0\UpdateChecker.exe (Dxtory Software)

O4 - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002..\Run: [EvolveClient] C:\Program Files\Echobit\Evolve\EvolveClient.exe (Echobit LLC)

O4 - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002..\Run: [steam] C:\Program Files\Steam\steam2\steam.exe (Valve Corporation)

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

O4 - Startup: C:\Users\josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

O4 - Startup: C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

O4 - Startup: C:\Users\Williams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002\..Trusted Domains: sony.com ([]* in Trusted sites)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.25.2)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)

O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.25.2)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{478B4304-BA1B-4DBB-BEC8-D3389FCF3CB6}: DhcpNameServer = 10.143.147.147 10.143.147.148

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB062B98-9986-4F2B-9B17-5EC7862F454C}: DhcpNameServer = 10.0.0.138

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O24 - Desktop WallPaper: C:\Users\josh\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\josh\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (MACHINE BootExecut)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013/07/11 19:43:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\josh\Desktop\OTL.exe

[2013/07/10 21:46:23 | 000,000,000 | ---D | C] -- C:\Users\josh\Desktop\key changer

[2013/07/10 20:39:19 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Roaming\AVG2013

[2013/07/10 20:37:16 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Roaming\TuneUp Software

[2013/07/10 20:37:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

[2013/07/10 20:35:34 | 000,000,000 | ---D | C] -- C:\Windows\LastGood

[2013/07/10 20:33:46 | 000,000,000 | -H-D | C] -- C:\$AVG

[2013/07/10 20:33:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013

[2013/07/10 20:31:01 | 000,000,000 | ---D | C] -- C:\Program Files\AVG

[2013/07/10 20:21:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2013/07/10 20:21:02 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Local\MFAData

[2013/07/10 20:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2013/07/10 20:21:02 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Local\Avg2013

[2013/07/10 20:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2013/07/10 20:11:18 | 002,347,384 | ---- | C] (ESET) -- C:\Users\josh\Desktop\esetsmartinstaller_enu.exe

[2013/07/10 19:25:55 | 000,000,000 | ---D | C] -- C:\Users\josh\Desktop\New Folder (5)

[2013/07/10 17:24:24 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013/07/10 17:24:23 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Local\temp

[2013/07/10 16:39:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/07/09 16:58:16 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Roaming\Quest3D

[2013/07/09 16:58:15 | 000,000,000 | ---D | C] -- C:\Users\josh\Documents\ShipSimExtremesDemo Userdata

[2013/07/09 16:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation

[2013/07/08 18:41:56 | 000,643,592 | ---- | C] (Unity Technologies ApS) -- C:\Users\josh\Desktop\UnityWebPlayer.exe

[2013/07/08 18:41:34 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Local\Unity

[2013/07/07 11:35:07 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\josh\Desktop\tdsskiller (1).exe

[2013/07/07 11:12:06 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013/07/07 11:11:19 | 000,000,000 | ---D | C] -- C:\JRT

[2013/07/07 11:11:10 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\josh\Desktop\JRT.exe

[2013/07/07 09:28:50 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Roaming\Uniblue

[2013/07/05 09:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

[2013/07/05 09:43:51 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\josh\Desktop\dds.com

[2013/07/04 15:21:58 | 001,492,584 | ---- | C] (Skype Technologies S.A.) -- C:\Users\josh\Desktop\SkypeSetup (1).exe

[2013/07/04 09:34:38 | 000,000,000 | ---D | C] -- C:\Users\josh\Desktop\malwerebytes logs

[2013/07/04 07:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan

[2013/07/04 07:47:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

[2013/07/04 07:47:39 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi

[2013/07/03 17:44:05 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Roaming\HPAppData

[2013/07/03 17:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP

[2013/07/03 17:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

[2013/07/03 17:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\ATI

[2013/07/03 17:35:08 | 000,000,000 | ---D | C] -- C:\AMD

[2013/07/03 17:23:29 | 000,792,704 | ---- | C] (AMD) -- C:\Users\josh\Desktop\amddriverdownloader.exe

[2013/07/03 16:50:44 | 000,000,000 | ---D | C] -- C:\@RestoreQuarantine

[2013/07/03 13:20:14 | 000,000,000 | ---D | C] -- C:\BackSys

[2013/07/03 08:24:47 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun

[2013/07/03 08:24:37 | 000,000,000 | ---D | C] -- C:\Users\josh\Documents\RegRun2

[2013/07/03 08:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe

[2013/07/02 19:40:31 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BreakingNews

[2013/07/02 19:36:06 | 000,000,000 | ---D | C] -- C:\Program Files\BreakingNews

[2013/07/02 07:59:58 | 000,000,000 | ---D | C] -- C:\Users\josh\Desktop\new minecraft

[2013/07/01 22:12:03 | 000,000,000 | ---D | C] -- C:\9a65bd9af90ba97ce36c19

[2013/07/01 22:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2013/07/01 21:25:32 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Roaming\Malwarebytes

[2013/07/01 16:43:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/07/01 16:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/07/01 16:43:47 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2013/07/01 16:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013/07/01 16:42:30 | 000,000,000 | ---D | C] -- C:\ProgramData\1E1A5

[2013/07/01 10:49:30 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Local\Macromedia

[2013/07/01 10:48:36 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Local\Mozilla

[2013/06/29 15:26:06 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Roaming\MotioninJoy

[2013/06/29 15:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy

[2013/06/29 15:26:05 | 000,099,400 | ---- | C] (MotioninJoy) -- C:\Windows\System32\drivers\MijXfilt.sys

[2013/06/29 09:40:12 | 000,034,304 | ---- | C] (AMD, Inc.) -- C:\Windows\System32\drivers\AmdLLD.sys

[2013/06/29 09:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\AMD

[2013/06/29 09:39:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2013/06/26 15:47:06 | 000,000,000 | ---D | C] -- C:\Users\josh\Documents\Euro Truck Simulator 2

[2013/06/25 16:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan

[2013/06/25 07:51:17 | 000,000,000 | ---D | C] -- C:\Users\josh\Documents\DeadIsland

[2013/06/23 10:31:31 | 000,000,000 | ---D | C] -- C:\Users\josh\Desktop\New Folder (4)

[2013/06/21 16:48:31 | 000,000,000 | ---D | C] -- C:\Users\josh\Desktop\StarMade

[2013/06/21 16:48:21 | 000,000,000 | ---D | C] -- C:\Users\josh\Desktop\Slendytubbies V2 Beta

[2013/06/21 16:39:14 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Roaming\.StarMade

[2013/06/18 21:43:54 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Roaming\3909 LLC

[2013/06/18 21:38:50 | 000,000,000 | ---D | C] -- C:\Users\josh\Desktop\papers please

[2013/06/17 22:00:11 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Local\IsolatedStorage

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2013/07/11 20:28:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/07/11 20:21:08 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/07/11 19:59:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013/07/11 19:59:54 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013/07/11 19:44:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\josh\Desktop\OTL.exe

[2013/07/11 19:00:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3287801049-2637330249-1735968051-1000UA.job

[2013/07/11 16:12:00 | 000,000,408 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Williams.job

[2013/07/11 14:28:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/07/11 09:59:59 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3287801049-2637330249-1735968051-1000Core.job

[2013/07/10 20:37:16 | 000,000,844 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk

[2013/07/10 20:11:39 | 002,347,384 | ---- | M] (ESET) -- C:\Users\josh\Desktop\esetsmartinstaller_enu.exe

[2013/07/10 19:57:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/07/10 19:57:23 | 3487,748,096 | -HS- | M] () -- C:\hiberfil.sys

[2013/07/10 17:07:33 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2013/07/10 14:33:48 | 000,000,085 | ---- | M] () -- C:\Users\josh\Desktop\fun stuff.bat

[2013/07/09 16:09:16 | 000,000,222 | ---- | M] () -- C:\Users\josh\Desktop\Ship Simulator Extremes Demo.url

[2013/07/08 18:36:42 | 000,643,592 | ---- | M] (Unity Technologies ApS) -- C:\Users\josh\Desktop\UnityWebPlayer.exe

[2013/07/07 11:31:02 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\josh\Desktop\tdsskiller (1).exe

[2013/07/07 11:23:13 | 000,000,193 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat

[2013/07/07 11:14:04 | 000,650,027 | ---- | M] () -- C:\Users\josh\Desktop\AdwCleaner.exe

[2013/07/07 09:38:16 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\josh\Desktop\JRT.exe

[2013/07/06 15:17:02 | 000,000,221 | ---- | M] () -- C:\Users\josh\Desktop\Killing Floor.url

[2013/07/06 09:19:56 | 000,000,680 | ---- | M] () -- C:\Users\josh\AppData\Local\d3d9caps.dat

[2013/07/05 09:58:27 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

[2013/07/05 09:41:26 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\josh\Desktop\dds.com

[2013/07/04 15:20:44 | 001,492,584 | ---- | M] (Skype Technologies S.A.) -- C:\Users\josh\Desktop\SkypeSetup (1).exe

[2013/07/04 07:47:43 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk

[2013/07/03 17:21:18 | 000,792,704 | ---- | M] (AMD) -- C:\Users\josh\Desktop\amddriverdownloader.exe

[2013/07/03 13:28:41 | 000,632,170 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013/07/03 13:28:41 | 000,118,796 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013/07/03 08:24:42 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2013/07/03 08:24:42 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt

[2013/07/03 08:24:42 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat

[2013/07/01 22:08:45 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2013/07/01 16:43:58 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/07/01 16:25:38 | 000,000,557 | ---- | M] () -- C:\Windows\System32\MyDefrag.debuglog

[2013/06/29 21:01:28 | 011,181,219 | ---- | M] () -- C:\Users\josh\Desktop\ARMA2_OA_Build_105785.zip

[2013/06/29 15:38:45 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01009.Wdf

[2013/06/29 15:38:44 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_MijXfilt_01009.Wdf

[2013/06/29 15:27:11 | 000,099,400 | ---- | M] (MotioninJoy) -- C:\Windows\System32\drivers\MijXfilt.sys

[2013/06/29 15:26:10 | 000,000,937 | ---- | M] () -- C:\Users\josh\Application Data\Microsoft\Internet Explorer\Quick Launch\DS3 Tool.lnk

[2013/06/29 15:16:24 | 001,964,304 | ---- | M] () -- C:\Users\josh\Desktop\MotioninJoy_050002_x86.zip

[2013/06/29 14:59:33 | 000,000,223 | ---- | M] () -- C:\Users\josh\Desktop\Cry of Fear.url

[2013/06/29 08:44:44 | 000,000,222 | ---- | M] () -- C:\Users\josh\Desktop\Moonbase Alpha.url

[2013/06/25 22:35:17 | 000,000,223 | ---- | M] () -- C:\Users\josh\Desktop\Euro Truck Simulator 2 Demo.url

[2013/06/25 09:04:43 | 003,020,770 | ---- | M] () -- C:\Users\josh\Desktop\TechnicLauncher.exe

[2013/06/24 21:09:25 | 000,000,222 | ---- | M] () -- C:\Users\josh\Desktop\Dead Island.url

[2013/06/23 21:08:39 | 000,000,196 | ---- | M] () -- C:\Users\josh\Desktop\Gunpoint Demo.url

[2013/06/21 16:37:04 | 001,142,586 | ---- | M] () -- C:\Users\josh\Desktop\StarMade-starter.exe

[2013/06/18 17:07:05 | 000,007,380 | ---- | M] () -- C:\Users\josh\Desktop\minecraft- worst server ever.xej

[2013/06/18 17:00:02 | 000,001,284 | ---- | M] () -- C:\Users\josh\Desktop\minecraft-worst server ever.lnk

[2013/06/18 16:54:21 | 005,928,662 | ---- | M] () -- C:\Users\josh\Desktop\iDayzkilla intro.wmv

[2013/06/18 16:54:04 | 000,012,288 | ---- | M] () -- C:\Users\josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013/06/17 22:26:31 | 146,144,976 | ---- | M] () -- C:\Users\josh\Desktop\ScreenCapture_17-06-2013 10.25.00 PM.xesc

[2013/06/13 16:08:03 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2013/07/10 20:37:16 | 000,000,844 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk

[2013/07/10 14:35:50 | 000,000,085 | ---- | C] () -- C:\Users\josh\Desktop\fun stuff.bat

[2013/07/09 16:09:16 | 000,000,222 | ---- | C] () -- C:\Users\josh\Desktop\Ship Simulator Extremes Demo.url

[2013/07/07 11:18:14 | 000,000,193 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat

[2013/07/07 11:16:52 | 000,650,027 | ---- | C] () -- C:\Users\josh\Desktop\AdwCleaner.exe

[2013/07/06 15:17:02 | 000,000,221 | ---- | C] () -- C:\Users\josh\Desktop\Killing Floor.url

[2013/07/03 08:24:42 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat

[2013/07/01 22:07:50 | 000,001,828 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2013/07/01 16:43:58 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/06/29 21:03:10 | 011,181,219 | ---- | C] () -- C:\Users\josh\Desktop\ARMA2_OA_Build_105785.zip

[2013/06/29 15:38:45 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01009.Wdf

[2013/06/29 15:38:44 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_MijXfilt_01009.Wdf

[2013/06/29 15:26:10 | 000,000,937 | ---- | C] () -- C:\Users\josh\Application Data\Microsoft\Internet Explorer\Quick Launch\DS3 Tool.lnk

[2013/06/29 15:19:11 | 001,964,304 | ---- | C] () -- C:\Users\josh\Desktop\MotioninJoy_050002_x86.zip

[2013/06/29 14:59:33 | 000,000,223 | ---- | C] () -- C:\Users\josh\Desktop\Cry of Fear.url

[2013/06/29 08:44:43 | 000,000,222 | ---- | C] () -- C:\Users\josh\Desktop\Moonbase Alpha.url

[2013/06/25 22:35:16 | 000,000,223 | ---- | C] () -- C:\Users\josh\Desktop\Euro Truck Simulator 2 Demo.url

[2013/06/25 16:31:33 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

[2013/06/24 21:09:25 | 000,000,222 | ---- | C] () -- C:\Users\josh\Desktop\Dead Island.url

[2013/06/23 21:08:38 | 000,000,196 | ---- | C] () -- C:\Users\josh\Desktop\Gunpoint Demo.url

[2013/06/21 16:39:07 | 001,142,586 | ---- | C] () -- C:\Users\josh\Desktop\StarMade-starter.exe

[2013/06/18 17:07:04 | 000,007,380 | ---- | C] () -- C:\Users\josh\Desktop\minecraft- worst server ever.xej

[2013/06/18 17:00:02 | 000,001,284 | ---- | C] () -- C:\Users\josh\Desktop\minecraft-worst server ever.lnk

[2013/06/18 16:54:08 | 005,928,662 | ---- | C] () -- C:\Users\josh\Desktop\iDayzkilla intro.wmv

[2013/06/17 22:25:01 | 146,144,976 | ---- | C] () -- C:\Users\josh\Desktop\ScreenCapture_17-06-2013 10.25.00 PM.xesc

[2013/06/15 15:41:07 | 3487,748,096 | -HS- | C] () -- C:\hiberfil.sys

[2013/06/13 16:08:03 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2013/04/11 11:15:58 | 000,139,424 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2013/04/11 11:15:57 | 000,138,056 | ---- | C] () -- C:\Users\josh\AppData\Roaming\PnkBstrK.sys

[2013/04/11 11:15:46 | 000,282,104 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe

[2013/04/11 11:15:42 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe

[2013/04/11 11:15:40 | 002,793,768 | ---- | C] () -- C:\Windows\System32\pbsvc.exe

[2013/01/25 15:23:38 | 000,042,880 | ---- | C] () -- C:\Windows\System32\xfcodec.dll

[2013/01/07 10:31:38 | 000,000,552 | ---- | C] () -- C:\Users\josh\AppData\Local\d3d8caps.dat

[2012/11/17 05:37:32 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll

[2012/11/16 16:01:04 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe

[2012/11/13 16:25:00 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat

[2012/09/30 12:32:53 | 000,015,432 | ---- | C] () -- C:\Windows\Launcher.exe

[2012/09/08 18:48:16 | 000,000,680 | ---- | C] () -- C:\Users\josh\AppData\Local\d3d9caps.dat

[2012/09/08 09:09:52 | 001,145,382 | ---- | C] () -- C:\Users\josh\AppData\Local\Tempmusic.ogg

[2012/09/03 16:43:51 | 000,012,288 | ---- | C] () -- C:\Users\josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/04/20 08:14:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2012/03/07 03:59:32 | 000,618,823 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2011/09/13 08:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat

[2010/05/30 15:01:10 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

 

========== ZeroAccess Check ==========

 

[2006/11/02 22:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 03:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 16:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 16:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

========== LOP Check ==========

 

[2013/07/11 16:35:03 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\.minecraft

[2013/06/21 16:39:14 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\.StarMade

[2013/06/30 18:51:02 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\.technic

[2013/04/25 15:49:40 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\.techniclauncher

[2013/06/18 21:43:54 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\3909 LLC

[2013/01/20 08:07:16 | 000,000,000 | -H-D | M] -- C:\Users\josh\AppData\Roaming\669DCF4F

[2013/07/10 20:39:19 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\AVG2013

[2013/06/04 17:32:50 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Fox Dgital Copy

[2013/04/30 20:53:30 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\ftblauncher

[2012/12/13 15:25:37 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Java

[2013/06/05 19:25:19 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\LolClient

[2013/06/29 15:26:06 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\MotioninJoy

[2012/10/15 19:36:34 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Notepad++

[2012/12/10 20:14:56 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Play withSIX

[2013/07/09 16:58:16 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Quest3D

[2013/06/04 17:54:13 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Riot Games

[2012/09/17 20:13:45 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\six-zsync

[2013/05/20 21:52:39 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\SplitMediaLabs

[2012/12/25 16:58:29 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Stellarium

[2013/03/12 16:14:17 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\TechSmith

[2013/07/10 20:37:16 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\TuneUp Software

[2013/07/07 09:28:50 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\Uniblue

[2013/07/07 09:19:19 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\uTorrent

[2010/05/19 08:35:27 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Canon

[2011/08/06 08:00:28 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\go

[2011/11/23 12:52:59 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\MusicNet

[2011/04/03 18:40:22 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\NetMeter

[2011/11/22 14:09:38 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Template

[2013/07/02 11:26:52 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\.minecraft

[2012/06/14 20:59:51 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\.spoutcraft

[2013/07/05 12:30:11 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\.techniclauncher

[2011/05/01 19:22:32 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\Amazon

[2009/07/22 07:57:11 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\Canon

[2012/05/27 09:15:31 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2012/08/28 16:41:41 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\Dexpot

[2013/07/08 16:00:57 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\go

[2013/07/05 12:29:46 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\logs

[2013/06/06 20:04:34 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\LolClient

[2013/01/16 10:03:26 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\Media Get LLC

[2011/11/09 16:35:44 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\MusicNet

[2012/01/30 10:15:56 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\NetMeter

[2012/11/27 16:57:08 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\Notepad++

[2013/01/09 17:44:05 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\skyz

[2012/07/08 09:24:17 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\SPORE

[2009/07/12 16:06:39 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\Template

[2012/03/03 15:04:37 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\Uniblue

[2013/06/15 10:59:11 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\uTorrent

[2009/07/12 17:14:40 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\Windows Live Writer

[2011/11/05 12:42:23 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\WinZip

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:6D4F7F2B

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D1B5B4F1

 

< End of report >

Share this post


Link to post
Share on other sites

im going to try to restart my computer to try and get the internet working

Share this post


Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    CHR - default_search_provider: Mixi.DJ Search (Enabled)

    CHR - default_search_provider: search_url = http://mixidj.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=669D0000A1F8C1A8&affID=121136&tsp=4931

    CHR - plugin: widdit (Enabled) = C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdabpabkmacjiiooccecnpakonoibah\1.4_0\npwiddit.dll

    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

    O4 - HKU\S-1-5-21-3287801049-2637330249-1735968051-1002..\Run: [breakingNews] C:\Program Files\BreakingNews\BreakingNews\DesktopContainer.exe (International News Network Limited)

    O2 - BHO: (news.net) - {BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} - C:\Program Files\BreakingNews\ScriptHost.dll ()

    FF - HKLM\Software\MozillaPlugins\@news.net/npapi: C:\Program Files\BreakingNews\npapi.dll (news.net)

    [2013/07/02 19:40:14 | 000,000,000 | ---D | M] (news.net) -- C:\Users\josh\AppData\Roaming\mozilla\firefox\Profiles\lxx114p3.default\Extensions\news@news.net

    CHR - Extension: news.net = C:\Users\josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmbbgcooaabknohabmoaikiakkoignai\1.0.12_0\

    [2013/07/02 19:40:31 | 000,000,000 | ---D | C] -- C:\Users\josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BreakingNews

    [2013/07/02 19:36:06 | 000,000,000 | ---D | C] -- C:\Program Files\BreakingNews

    [2013/07/07 09:19:19 | 000,000,000 | ---D | M] -- C:\Users\josh\AppData\Roaming\uTorrent

    [2013/06/15 10:59:11 | 000,000,000 | ---D | M] -- C:\Users\Williams\AppData\Roaming\uTorrent

    :files

    C:\Program Files\BreakingNews

    ipconfig /flushdns /c

    :Commands

    [emptytemp]

    [clearallrestorepoints]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.
Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Share this post


Link to post
Share on other sites

for some reason the program is not responding at the end of it and im not sure what to do

Share this post


Link to post
Share on other sites

i still have the message coming up saying my recycle bin is corrupt and i went in and i found 2 folders in it saying the same thing:S-1-5-21-3287801049-2637330249-1735968051-1002 i cant get rid of any of them.

Share this post


Link to post
Share on other sites

it still didnt work it came up saying the directory is not empty 

Share this post


Link to post
Share on other sites

i keep getting network errors on the computer. what happens is i restart my computer and internet is fine and then after a while it just stops im not sure why. 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.