Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Crome infected with deal slider


  • This topic is locked This topic is locked
14 replies to this topic

#1 Uprightman

Uprightman

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 03 January 2014 - 03:35 PM

I have tried everything I could think of and a few things that I researched online to get deal slider out of my crome extensions. Nothing has worked so far.
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.45.2
Run by Philip at 14:23:54 on 2014-01-03
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.884 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
C:\Program Files\Intuit\QuickBooks Enterprise Solutions 13.0\QBW32.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = www.google.com
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe  startup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Nvtmru] "c:\program files\nvidia corporation\nvidia update core\nvtmru.exe"
mRun: [iSkysoft Helper Compact.exe] c:\program files\common files\iskysoft\iskysoft helper compact\ISHelper.exe
mRun: [Aimersoft Helper Compact.exe] c:\program files\common files\aimersoft\aimersoft helper compact\ASHelper.exe
StartupFolder: c:\documents and settings\philip\start menu\programs\startup\map drives.bat
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~3.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbwebconnector\QBWebConnector.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks enterprise solutions 13.0\QBW32.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.1.25 24.93.40.68 24.93.40.70 24.93.40.73
TCP: Interfaces\{A7C9B7FC-BC76-4A58-926A-0EE35A8723C6} : DHCPNameServer = 192.168.1.25 24.93.40.68 24.93.40.70 24.93.40.73
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - c:\program files\intuit\quickbooks enterprise solutions 13.0\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - 
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 54.204.28.26 ilfmkkncnbolkneogaadokmfjoihepgm
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\philip\application data\mozilla\firefox\profiles\0evfv4bp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxps://www.google.com/search
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: 2013-12-27 14:13; {4A627709-9DBB-44B0-A02C-BE049AE901AA}; c:\documents and settings\philip\application data\mozilla\firefox\profiles\0evfv4bp.default\extensions\{4A627709-9DBB-44B0-A02C-BE049AE901AA}.xpi
FF - ExtSQL: 2013-12-27 14:13; foxfilter@inspiredeffect.net; c:\documents and settings\philip\application data\mozilla\firefox\profiles\0evfv4bp.default\extensions\foxfilter@inspiredeffect.net.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-7-20 246072]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-7-20 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 182072]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-11-20 283136]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2012-8-18 1248256]
S0 cerc6;cerc6; [x]
S2 ADExchange;ArcSoft Exchange Service;c:\program files\common files\arcsoft\esinter\bin\eservutil.exe --> c:\program files\common files\arcsoft\esinter\bin\eservutil.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 efavdrv;efavdrv;\??\c:\windows\system32\drivers\efavdrv.sys --> c:\windows\system32\drivers\efavdrv.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=c:\windows\syswow64\WScript.exe "%1" %*
ShellExec: Foxit Reader.exe: print="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/p "%1" 
ShellExec: Foxit Reader.exe: printto="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/t "%1" "%2" "%3" "%4" 
.
=============== Created Last 30 ================
.
2014-01-02 19:25:06 -------- d-----w- C:\ForceByteDetector
2014-01-02 19:04:54 884736 ----a-w- c:\windows\system32\msimsg.dll
2014-01-02 19:04:54 78848 ----a-w- c:\windows\system32\msiexec.exe
2014-01-02 19:04:54 2843136 ------w- c:\windows\system32\msi.dll
2014-01-02 19:04:54 271360 ----a-w- c:\windows\system32\msihnd.dll
2014-01-02 19:04:54 15360 ----a-w- c:\windows\system32\msisip.dll
2014-01-02 15:29:52 -------- d-----w- c:\program files\Enigma Software Group
2014-01-02 15:29:16 -------- d-----w- c:\windows\220FB0354744483A9A0B41DF77061583.TMP
2014-01-02 15:29:04 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2014-01-02 15:21:11 -------- d-----w- c:\documents and settings\philip\local settings\application data\Google
2013-12-31 16:11:21 -------- d-----w- c:\documents and settings\all users\application data\Canon
2013-12-31 16:10:42 82432 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNWFDPAI.DLL
2013-12-31 16:10:41 61551 ----a-w- c:\windows\system32\CNWILMNT.DLL
2013-12-31 16:08:52 -------- d-----w- c:\program files\CanonLPESPInstallKit
2013-12-31 16:08:32 -------- d-----w- c:\program files\Canon
2013-12-30 17:13:11 -------- d-----w- c:\program files\Photo!
2013-12-26 21:54:33 24064 ----a-w- c:\windows\zoek-delete.exe
2013-12-26 21:42:14 -------- d-----w- C:\zoek_backup
2013-12-26 20:24:09 -------- d-----w- C:\FRST
2013-12-26 17:45:19 -------- d-----w- c:\documents and settings\philip\local settings\application data\VS Revo Group
2013-12-26 17:44:57 -------- d-----w- c:\documents and settings\all users\application data\VS Revo Group
2013-12-26 17:35:41 -------- d-----w- c:\program files\Anvisoft
2013-12-26 16:08:59 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-12-26 16:08:59 -------- d-----w- c:\windows\system32\wbem\Repository
2013-12-26 16:00:01 -------- d-----w- c:\windows\ERUNT
2013-12-26 15:50:30 -------- d-----w- C:\AdwCleaner
2013-12-20 20:40:17 -------- d--h--w- c:\windows\system32\GroupPolicy
.
==================== Find3M  ====================
.
2013-12-27 15:05:17 692616 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-27 15:05:16 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-25 07:48:36 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57:34 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57:33 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:57:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-29 00:45:02 385024 ----a-w- c:\windows\system32\html.iec
2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-23 07:05:20 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-10-23 07:05:10 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-10-21 14:29:00 1125540 ----a-w- c:\windows\system32\nvdrsdb0.bin
2013-10-21 14:29:00 1 ----a-w- c:\windows\system32\nvdrssel.bin
2013-10-21 14:28:57 1125540 ----a-w- c:\windows\system32\nvdrsdb1.bin
2013-10-21 14:22:41 94632 -c--a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-21 14:22:40 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-16 00:32:54 9498624 ----a-w- c:\windows\system32\nvcuda.dll
2013-10-16 00:32:54 9457664 ----a-w- c:\windows\system32\nvopencl.dll
2013-10-16 00:32:54 893728 -c--a-w- c:\windows\system32\nvdispgenco3233158.dll
2013-10-16 00:32:54 57344 ----a-w- c:\windows\system32\OpenCL.dll
2013-10-16 00:32:54 4077440 ----a-w- c:\windows\system32\nv4_disp.dll
2013-10-16 00:32:54 2951968 -c--a-w- c:\windows\system32\nvcuvid.dll
2013-10-16 00:32:54 2747168 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-10-16 00:32:54 2631680 ----a-w- c:\windows\system32\nvapi.dll
2013-10-16 00:32:54 22171648 ----a-w- c:\windows\system32\nvoglnt.dll
2013-10-16 00:32:54 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2013-10-16 00:32:54 12627104 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2013-10-16 00:32:54 1049888 -c--a-w- c:\windows\system32\nvdispco3233158.dll
2013-10-15 22:26:39 54272 ----a-w- c:\windows\system32\nvwddi.dll
2013-10-15 22:26:38 156960 ----a-w- c:\windows\system32\nvsvc32.exe
2013-10-15 22:26:37 15709984 ----a-w- c:\windows\system32\nvcpl.dll
2013-10-15 22:26:36 209184 ----a-w- c:\windows\system32\nvmctray.dll
2013-10-15 22:26:36 144160 -c--a-w- c:\windows\system32\nvcolor.exe
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 14:24:03.95 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:30 AM

Posted 04 January 2014 - 02:59 PM

Good evening. :)

Download OTL by OldTimer from here and save it to your Desktop.
 

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

 

 


So long, and thanks for all the fish.

 

 


#3 Uprightman

Uprightman
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 06 January 2014 - 08:46 AM

OTL logfile created on: 1/6/2014 7:37:54 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Philip\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.77% Memory free
3.85 Gb Paging File | 2.86 Gb Available in Paging File | 74.49% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 133.43 Gb Free Space | 89.55% Space Free | Partition Type: NTFS
Drive E: | 7.82 Gb Total Space | 6.85 Gb Free Space | 87.70% Space Free | Partition Type: FAT32
Drive P: | 910.87 Gb Total Space | 897.75 Gb Free Space | 98.56% Space Free | Partition Type: NTFS
Drive Q: | 33.14 Gb Total Space | 25.60 Gb Free Space | 77.24% Space Free | Partition Type: NTFS
Drive S: | 74.52 Gb Total Space | 66.83 Gb Free Space | 89.68% Space Free | Partition Type: NTFS
 
Computer Name: PHILIP-ACF5D5BE | User Name: Philip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/01/06 07:37:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Philip\My Documents\Downloads\OTL.exe
PRC - [2013/12/16 03:09:22 | 004,180,256 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe
PRC - [2013/12/16 03:09:22 | 002,849,056 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\UI\bin\cltmngui.exe
PRC - [2013/12/16 03:09:22 | 002,251,552 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
PRC - [2013/12/03 20:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/11/20 01:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/11/20 01:54:00 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/10/23 01:06:16 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/10/23 01:05:52 | 000,799,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013/10/21 08:22:41 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/09/19 14:42:01 | 001,028,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/09/19 14:34:46 | 002,155,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/07/10 00:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 14:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/05/29 14:50:52 | 001,734,144 | ---- | M] (AimerSoft) -- C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
PRC - [2013/05/29 14:50:30 | 001,734,144 | ---- | M] (iSkySoft) -- C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
PRC - [2012/08/18 21:58:12 | 001,180,560 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2012/08/18 21:57:22 | 001,184,656 | ---- | M] (Intuit Inc.) -- C:\Program Files\Intuit\QuickBooks Enterprise Solutions 13.0\QBW32.EXE
PRC - [2012/08/18 21:15:12 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2012/08/18 18:55:30 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2012/03/28 14:48:30 | 002,938,736 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
PRC - [2008/04/13 17:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/12/16 08:14:06 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\f4ea3ea9bbe98bbc32c6def83bd2962d\System.Runtime.Remoting.ni.dll
MOD - [2013/12/03 20:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/03 20:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013/12/03 20:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/03 20:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/03 20:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/03 20:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/10/15 18:32:54 | 002,056,480 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nView.dll
MOD - [2013/10/15 18:32:54 | 000,468,768 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nvShell.dll
MOD - [2013/10/09 02:30:33 | 001,079,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\226bf686752309b3a23a816fa9ee3c09\System.IdentityModel.ni.dll
MOD - [2013/10/09 02:30:31 | 018,109,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\1fcda1de189b146359ef01bc4a6ded4a\System.ServiceModel.ni.dll
MOD - [2013/10/09 02:26:11 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
MOD - [2013/10/09 02:24:38 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\02257c6b67db33c194fa3beccf977afb\System.Windows.Forms.ni.dll
MOD - [2013/10/09 02:14:32 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\46863d4abf7db3e009962abc8710c945\System.Runtime.Remoting.ni.dll
MOD - [2013/10/09 02:14:30 | 001,021,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\9c1d0ae97ff2771c17212cd15d8c9831\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/10/09 02:14:28 | 002,658,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\b5faab90a38802d89ccf6f9ac4bff440\System.Runtime.Serialization.ni.dll
MOD - [2013/10/09 02:04:24 | 018,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1934369c96e549961e8b10309e4d7123\PresentationFramework.ni.dll
MOD - [2013/10/09 02:04:04 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\c82e4e18d91c1cbf11342da73c7845a6\PresentationCore.ni.dll
MOD - [2013/10/09 02:03:41 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\75d88257b5bc5a5d15dd4c37d8bb18bd\System.Core.ni.dll
MOD - [2013/10/09 02:03:41 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MOD - [2013/10/09 02:03:38 | 013,199,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll
MOD - [2013/10/09 02:03:32 | 003,858,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\e85c48d2567765f4153ee2af6c50dba3\WindowsBase.ni.dll
MOD - [2013/09/06 10:07:13 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2013/09/06 10:07:13 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2013/09/06 10:07:13 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3693.42556__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2013/09/06 10:07:13 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2013/09/06 10:07:12 | 000,290,816 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3693.42442__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2013/09/06 10:07:12 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3693.42456__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2013/09/06 10:07:11 | 001,728,512 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3693.42460__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2013/09/06 10:07:11 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3693.42461__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2013/09/06 10:07:11 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3693.42451__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2013/09/06 10:07:08 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2013/09/06 10:07:07 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3693.42450__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2013/09/06 10:07:04 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2013/09/06 10:07:01 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2013/09/06 10:06:47 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2013/09/06 10:06:45 | 000,712,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3693.42452__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2013/09/06 10:06:36 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2013/09/06 10:06:36 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2013/09/06 10:06:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2013/09/06 10:06:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2013/09/06 10:06:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2013/09/06 10:06:35 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2013/09/06 10:06:35 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2013/09/06 10:06:35 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2013/09/06 10:06:32 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2013/09/06 10:06:32 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2013/09/06 10:06:32 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2013/09/06 10:06:31 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2013/09/06 10:06:31 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2013/09/06 10:06:31 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll
MOD - [2013/09/06 10:06:30 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2013/09/06 10:06:30 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2013/09/06 10:06:30 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2013/09/06 10:06:29 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2013/09/06 10:06:29 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2013/09/06 10:06:29 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2013/09/06 10:06:29 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2013/09/06 10:06:29 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2013/09/06 10:06:28 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2013/09/06 10:06:28 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2013/09/06 10:06:28 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2013/09/06 10:06:26 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2013/09/06 10:06:26 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2013/09/06 10:06:22 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2013/09/06 10:06:17 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2013/09/06 10:06:17 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll
MOD - [2013/09/06 10:06:17 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2013/09/06 10:06:16 | 000,503,808 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3693.42564__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2013/09/06 10:06:15 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3693.42545__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2013/09/06 10:06:14 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2013/09/06 10:06:14 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2013/09/06 10:06:14 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3693.42437__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2013/09/06 10:06:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2013/09/06 10:06:12 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3693.42531__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2013/09/06 10:06:11 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3693.42530__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2013/09/06 10:06:11 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2013/09/06 10:06:11 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2013/09/06 10:06:10 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2013/09/06 10:06:10 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2013/09/06 10:06:09 | 000,544,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3693.42525__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2013/09/06 10:06:09 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3693.42455__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2013/09/06 10:06:08 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3693.42441__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2013/09/06 10:06:08 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2013/09/06 10:06:07 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3693.42440__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2013/09/06 10:06:05 | 001,019,904 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Eeu\2.0.3693.42513__90ba9c70f846762e\CLI.Component.Eeu.dll
MOD - [2013/09/06 10:06:05 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2013/09/06 10:06:03 | 001,142,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3693.42446__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2013/09/06 10:06:02 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2013/09/06 10:06:01 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3693.42531__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2013/09/06 10:06:00 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3693.42440__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2013/09/06 10:06:00 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2013/09/06 10:05:59 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3693.42439__90ba9c70f846762e\APM.Server.dll
MOD - [2013/09/06 10:05:58 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3693.42438__90ba9c70f846762e\AEM.Server.dll
MOD - [2013/08/15 02:13:36 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7bf3e4deef4483205017aa7b13194845\System.ServiceProcess.ni.dll
MOD - [2013/08/15 02:13:17 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\d083ee23a4c0d8cf76ae9e95e52d0388\SMDiagnostics.ni.dll
MOD - [2013/08/15 02:12:46 | 001,801,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll
MOD - [2013/08/15 02:12:07 | 011,816,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\972dcf9830a64e9802aaca3a83cae24b\System.Web.ni.dll
MOD - [2013/08/15 02:07:44 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013/08/15 02:07:25 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
MOD - [2013/08/15 02:06:13 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/15 02:06:07 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/08/15 02:06:04 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/08/15 02:03:22 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/07/11 02:21:33 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\8f799a4688381624de3cfb1edbccb163\Accessibility.ni.dll
MOD - [2013/07/11 02:17:49 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/07/11 02:15:35 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2012/08/18 21:57:52 | 000,140,176 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks Enterprise Solutions 13.0\QBMAPILibrary.dll
MOD - [2012/08/18 21:57:48 | 000,021,392 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks Enterprise Solutions 13.0\QBCompressor.DLL
MOD - [2012/08/18 21:57:42 | 000,042,384 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks Enterprise Solutions 13.0\mbpopup.dll
MOD - [2012/08/18 21:57:36 | 000,505,232 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks Enterprise Solutions 13.0\FeaturesBridge.DLL
MOD - [2012/08/18 21:57:36 | 000,391,056 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks Enterprise Solutions 13.0\FtuEngine.dll
MOD - [2012/08/18 21:57:28 | 000,176,528 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks Enterprise Solutions 13.0\boost_serialization-vc90-mt-p-1_33.dll
MOD - [2012/08/18 21:57:26 | 000,388,496 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks Enterprise Solutions 13.0\BackupLib.dll
MOD - [2012/08/18 21:57:26 | 000,268,688 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks Enterprise Solutions 13.0\boost_regex-vc90-mt-p-1_33.dll
MOD - [2012/08/18 18:54:48 | 000,059,904 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks Enterprise Solutions 13.0\zlib1.dll
MOD - [2009/11/24 12:36:36 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2008/04/13 17:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/13 17:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe -- (ADExchange)
SRV - [2013/12/27 14:58:04 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/16 03:09:22 | 002,251,552 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/11/20 01:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/10/21 08:22:41 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/09/19 14:34:46 | 002,155,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/07/04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/08/18 21:15:12 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/08/18 18:55:30 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2012/08/18 18:55:02 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (TrueSight)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\efavdrv.sys -- (efavdrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] --  -- (cerc6)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Philip\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/11/25 01:48:36 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/10/23 01:05:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/10/23 01:05:10 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/20 00:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 00:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 00:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/01 00:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/03/21 02:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/02/11 01:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/06/06 11:51:04 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {466F643A-2736-4EB0-A20D-36BD0A76560E}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\..\SearchScopes,DefaultScope = {466F643A-2736-4EB0-A20D-36BD0A76560E}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: foxfilter%40inspiredeffect.net:7.6.4
FF - prefs.js..extensions.enabledAddons: imageblock%40hemantvats.com:2.1
FF - prefs.js..extensions.enabledAddons: %7B15312e9a-4905-48da-aae4-15b24bdc2a24%7D:1.0.5
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.17
FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7
FF - prefs.js..extensions.enabledAddons: %7Bb1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1%7D:0.87
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.10
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:3.1.1038
FF - prefs.js..extensions.enabledAddons: %7B57c20073-e24b-4b2a-aa91-70d1ad526cbf%7D:1.150
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..keyword.URL: "https://www.google.com/search"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/27 14:57:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{57c20073-e24b-4b2a-aa91-70d1ad526cbf}: C:\Program Files\PassShow\150.xpi [2014/01/04 09:21:59 | 000,011,866 | ---- | M] ()
 
[2012/07/23 14:31:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Extensions
[2014/01/04 09:20:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\0evfv4bp.default\extensions
[2013/04/16 07:14:51 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\0evfv4bp.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2014/01/04 09:20:43 | 000,000,000 | ---D | M] (Connect DLC 5) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\0evfv4bp.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}
[2014/01/03 15:12:45 | 000,000,000 | ---D | M] (DoNotTrackMe: Online Privacy Protection) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\0evfv4bp.default\extensions\donottrackplus@abine.com
[2013/12/27 14:13:34 | 000,092,840 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\0evfv4bp.default\extensions\foxfilter@inspiredeffect.net.xpi
[2013/12/27 14:13:34 | 000,022,560 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\0evfv4bp.default\extensions\gmailnoads@mywebber.com.xpi
[2013/04/29 08:24:06 | 000,018,146 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\0evfv4bp.default\extensions\imageblock@hemantvats.com.xpi
[2013/06/12 13:00:09 | 000,169,613 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\0evfv4bp.default\extensions\jid0-AocRXUCRsLTCYvn6bgJERnwfuqw@jetpack.xpi
[2013/04/29 08:16:45 | 000,122,054 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\0evfv4bp.default\extensions\{15312e9a-4905-48da-aae4-15b24bdc2a24}.xpi
[2013/04/26 07:22:02 | 000,013,345 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\0evfv4bp.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2014/01/02 09:42:55 | 000,535,529 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\0evfv4bp.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/04/29 08:22:43 | 000,039,512 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\0evfv4bp.default\extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi
[2013/10/10 12:18:08 | 000,915,554 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\0evfv4bp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/01/02 13:22:15 | 000,002,808 | ---- | M] () -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\0evfv4bp.default\searchplugins\Google.xml
[2013/12/27 14:57:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/27 14:58:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/01/04 09:21:59 | 000,011,866 | ---- | M] () (No name found) -- C:\PROGRAM FILES\PASSSHOW\150.XPI
 
========== Chrome  ==========
 
CHR - default_search_provider: Yahoo (Enabled)
CHR - default_search_provider: suggest_url = ,
CHR - Extension: Deal Slider = C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ilfmkkncnbolkneogaadokmfjoihepgm\1.0_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
 
O1 HOSTS File: ([2013/12/20 14:40:17 | 000,000,074 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 54.204.28.26 ilfmkkncnbolkneogaadokmfjoihepgm
O2 - BHO: (PassShow) - {2d661e5b-7d7a-417c-b5b5-6479017bb314} - C:\Program Files\PassShow\150.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe (AimerSoft)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [iSkysoft Helper Compact.exe] C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe (iSkySoft)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Web Connector.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks Enterprise Solutions 13.0\QBW32.EXE (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\Philip\Start Menu\Programs\Startup\map drives.bat ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.25 24.93.40.68 24.93.40.70 24.93.40.73
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7C9B7FC-BC76-4A58-926A-0EE35A8723C6}: DhcpNameServer = 192.168.1.25 24.93.40.68 24.93.40.70 24.93.40.73
O18 - Protocol\Handler\intu-help-qb6 {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 13.0\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Conduit)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Philip\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/23 14:09:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/04 09:29:52 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2014/01/04 09:22:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\SearchProtect
[2014/01/04 09:22:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philip\Local Settings\Application Data\SearchProtect
[2014/01/04 09:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\PassShow
[2014/01/04 09:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2014/01/04 09:21:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Conduit
[2014/01/04 09:21:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philip\Local Settings\Application Data\CRE
[2014/01/04 09:21:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philip\Local Settings\Application Data\Conduit
[2014/01/04 09:20:50 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
[2014/01/02 14:34:10 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys.bak
[2014/01/02 14:34:03 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys.bak
[2014/01/02 14:33:57 | 000,182,072 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys.bak
[2014/01/02 14:33:57 | 000,039,224 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys.bak
[2014/01/02 14:33:56 | 000,246,072 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avglogx.sys.bak
[2014/01/02 14:33:56 | 000,208,184 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys.bak
[2014/01/02 14:33:56 | 000,171,320 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys.bak
[2014/01/02 14:33:56 | 000,096,568 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys.bak
[2014/01/02 14:33:56 | 000,060,216 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidshx.sys.bak
[2014/01/02 14:33:56 | 000,022,328 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys.bak
[2014/01/02 13:25:06 | 000,000,000 | ---D | C] -- C:\ForceByteDetector
[2014/01/02 13:12:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2014/01/02 13:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2014/01/02 09:29:52 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/01/02 09:29:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2014/01/02 09:22:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2014/01/02 09:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/01/02 09:21:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philip\Local Settings\Application Data\Google
[2013/12/31 10:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon iPF765
[2013/12/31 10:11:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon Printer Uninstaller
[2013/12/31 10:11:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canon
[2013/12/31 10:11:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\imagePROGRAF Printer Driver Extra Kit
[2013/12/31 10:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\CanonLPESPInstallKit
[2013/12/31 10:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2013/12/30 11:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\Photo!
[2013/12/27 14:57:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/12/27 09:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philip\Application Data\Macromedia
[2013/12/26 16:00:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/12/26 15:54:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2013/12/26 15:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis
[2013/12/26 15:42:14 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2013/12/26 14:24:09 | 000,000,000 | ---D | C] -- C:\FRST
[2013/12/26 11:45:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philip\Local Settings\Application Data\VS Revo Group
[2013/12/26 11:44:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VS Revo Group
[2013/12/26 11:35:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Anvisoft
[2013/12/26 11:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\Anvisoft
[2013/12/26 10:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/12/26 10:01:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013/12/26 10:00:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/12/26 09:50:30 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/23 10:45:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Philip\Recent
[2013/12/20 14:40:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2013/12/16 08:09:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BlueStacks
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/06 07:38:58 | 000,006,986 | ---- | M] () -- C:\WINDOWS\System32\nvAppTimestamps
[2014/01/06 07:32:38 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\PassShow Update.job
[2014/01/06 07:32:31 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/06 07:32:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/06 07:31:16 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/06 07:31:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/04 09:21:58 | 000,000,009 | ---- | M] () -- C:\END
[2014/01/02 16:16:47 | 000,134,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/01/02 16:08:04 | 004,121,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Philip\Desktop\TDSSKiller.exe
[2014/01/02 14:37:34 | 000,027,064 | ---- | M] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys.bak
[2014/01/02 14:37:27 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys.bak
[2014/01/02 14:37:21 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avglogx.sys.bak
[2014/01/02 14:37:21 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys.bak
[2014/01/02 14:37:21 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys.bak
[2014/01/02 14:37:21 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys.bak
[2014/01/02 14:37:21 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidshx.sys.bak
[2014/01/02 14:37:21 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys.bak
[2014/01/02 14:37:21 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys.bak
[2014/01/02 14:37:20 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys.bak
[2014/01/02 13:53:36 | 000,000,079 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2014/01/02 09:40:54 | 000,001,404 | ---- | M] () -- C:\Documents and Settings\Philip\Application Data\Microsoft\Internet Explorer\Quick Launch\XPS Viewer EP.lnk
[2014/01/02 09:40:40 | 000,001,386 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\XPS Viewer EP.lnk
[2014/01/02 09:23:01 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Philip\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/02 09:22:34 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/12/31 10:11:58 | 000,001,947 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iPF765 Support.lnk
[2013/12/30 11:12:57 | 008,161,357 | ---- | M] (                                                            ) -- C:\Documents and Settings\Philip\Desktop\peditor11inst.exe
[2013/12/27 10:04:22 | 000,352,832 | ---- | M] () -- C:\WINDOWS\System32\IP_192.168.1.241
[2013/12/26 10:59:36 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/12/26 10:10:50 | 000,000,640 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2013/12/23 10:46:05 | 000,066,736 | ---- | M] () -- C:\Documents and Settings\Philip\My Documents\cc_20131223_104558.reg
[2013/12/16 22:39:52 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/01/04 09:21:59 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\PassShow Update.job
[2014/01/04 09:20:25 | 000,000,009 | ---- | C] () -- C:\END
[2014/01/02 16:16:47 | 000,134,872 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/01/02 13:53:34 | 000,000,079 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2014/01/02 09:22:34 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\Philip\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/02 09:22:34 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/01/02 09:21:26 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/02 09:21:25 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/31 10:11:58 | 000,001,947 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iPF765 Support.lnk
[2013/12/30 11:12:51 | 008,161,357 | ---- | C] (                                                            ) -- C:\Documents and Settings\Philip\Desktop\peditor11inst.exe
[2013/12/27 10:04:21 | 000,352,832 | ---- | C] () -- C:\WINDOWS\System32\IP_192.168.1.241
[2013/12/26 15:54:33 | 000,024,064 | ---- | C] () -- C:\WINDOWS\zoek-delete.exe
[2013/12/23 10:46:01 | 000,066,736 | ---- | C] () -- C:\Documents and Settings\Philip\My Documents\cc_20131223_104558.reg
[2013/12/20 14:40:17 | 000,000,640 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2013/10/30 08:13:29 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Philip\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/30 08:10:19 | 000,214,528 | ---- | C] () -- C:\WINDOWS\System32\ISCM32.dll
[2013/10/21 07:49:32 | 001,125,540 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/10/21 07:49:32 | 001,125,540 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/10/21 07:49:32 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/09/06 10:08:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2013/08/09 00:17:02 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/04/23 09:54:42 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\KOAYXS_L.DLL
[2013/04/23 09:54:38 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\KOAYXJ_L.DLL
[2013/03/23 00:22:30 | 003,555,144 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2013/02/18 12:17:47 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/02/18 12:17:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/02/18 12:17:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/02/18 12:17:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/02/18 12:17:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/01/23 13:46:20 | 000,026,900 | ---- | C] () -- C:\Documents and Settings\Philip\Local Settings\Application Data\dt.dat
[2013/01/14 10:41:43 | 000,288,434 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1275210071-1993962763-1801674531-1003-0.dat
[2013/01/14 10:41:43 | 000,144,354 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/01/14 10:17:17 | 000,000,116 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2012/08/18 18:49:04 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2012/08/18 18:49:04 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2012/08/18 18:49:04 | 000,000,186 | ---- | C] () -- C:\WINDOWS\System32\Gsw32.exe.config
[2012/07/23 14:52:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/07/23 14:20:57 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2012/07/23 14:16:06 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/07/23 14:11:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/07/23 14:07:40 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/07/23 09:02:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
 
========== ZeroAccess Check ==========
 
[2013/04/12 13:38:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 17:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/10/15 08:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/10/31 09:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aimersoft Video Converter Ultimate
[2013/07/25 12:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Algoma
[2013/01/21 07:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
[2013/08/12 07:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/12/16 08:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BlueStacksSetup
[2013/12/31 10:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon
[2013/01/14 10:17:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/01/04 09:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Conduit
[2014/01/02 13:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2013/08/22 14:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Informer Technologies, Inc
[2013/10/31 09:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iSkysoft Video Converter Ultimate
[2014/01/06 07:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/09/04 14:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2013/10/15 08:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2013/01/14 10:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2013/01/29 12:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2013/10/31 09:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2013/12/26 11:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VS Revo Group
[2013/10/31 09:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xml_param
[2013/10/31 09:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\Aura4You
[2013/08/12 07:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\AVG2013
[2012/07/23 14:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\OpenOffice.org
[2012/08/28 11:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\Sony Online Entertainment
[2013/08/13 10:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\TibiaME
[2013/08/12 07:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\TuneUp Software
[2013/10/30 08:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
 
========== Purity Check ==========
 
 
 
< End of report >


#4 Uprightman

Uprightman
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 06 January 2014 - 08:47 AM

OTL Extras logfile created on: 1/6/2014 7:37:54 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Philip\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.77% Memory free
3.85 Gb Paging File | 2.86 Gb Available in Paging File | 74.49% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 133.43 Gb Free Space | 89.55% Space Free | Partition Type: NTFS
Drive E: | 7.82 Gb Total Space | 6.85 Gb Free Space | 87.70% Space Free | Partition Type: FAT32
Drive P: | 910.87 Gb Total Space | 897.75 Gb Free Space | 98.56% Space Free | Partition Type: NTFS
Drive Q: | 33.14 Gb Total Space | 25.60 Gb Free Space | 77.24% Space Free | Partition Type: NTFS
Drive S: | 74.52 Gb Total Space | 66.83 Gb Free Space | 89.68% Space Free | Partition Type: NTFS
 
Computer Name: PHILIP-ACF5D5BE | User Name: Philip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe "%1" %*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsefile [edit] -- C:\Windows\SysWow64\Notepad.exe %1
jsefile [open] -- C:\Windows\SysWow64\WScript.exe "%1" %*
jsefile [print] -- C:\Windows\SysWow64\Notepad.exe /p %1
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"7939:TCP" = 7939:TCP:*:Enabled:PlanSwift
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Intuit\QuickBooks Enterprise Solutions 13.0\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks Enterprise Solutions 13.0\QBDBMgrN.exe:*:Enabled:QuickBooks Enterprise 13.0 Data Manager -- (Intuit, Inc.)
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Personal Email Scanner -- (AVG Technologies CZ, s.r.o.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish
"{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard
"{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish
"{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English
"{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation
"{31566BB1-C43D-4D96-9504-57E42B1FD86D}" = QuickBooks
"{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins
"{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French
"{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F322F60-E535-4F91-BAD9-70B5555685BA}" = QuickBooks Enterprise Solutions: Contractor Edition 13.0
"{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian
"{48431125-4A39-44A6-9172-BA6B74BD35D5}" = QuickOrder2012
"{49603CBF-8861-4D94-AD85-E4854AD366CA}" = AVG 2013
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean
"{51071D66-D034-4239-94E0-723FCA10B6FE}" = OpenOffice.org 3.4
"{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional
"{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek
"{6280C3D1-00A3-4E79-BDF6-98332A29B706}" = AVG 2013
"{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full
"{6A69D94E-C569-4154-9643-72E94D1DDFDA}" = XPS Essentials Pack
"{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{81FAD5EA-19B2-4A06-89EC-D65CD23AAD55}" = AVG 2013
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New
"{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2FF9286-F7D9-43B9-8CA2-11D48A08810B}" = imagePROGRAF Printer Driver Extra Kit
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian
"{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish
"{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 331.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 331.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.6.1.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 140.75
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 8.3.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All
"{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish
"{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static
"{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light
"{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"1efa552d-e5a6-4610-a9d1-8cd285646842" = PassShow
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2013
"CCleaner" = CCleaner
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"KONICA MINOLTA 423Series Installer" = KONICA MINOLTA 423Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"SearchProtect" = Search Protect
"VLC media player" = VLC media player 2.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEP" = XPS Essentials Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 1/2/2014 6:20:09 PM | Computer Name = PHILIP-ACF5D5BE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
 Hand
 
Error - 1/4/2014 11:06:14 AM | Computer Name = PHILIP-ACF5D5BE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
 Hand
 
Error - 1/4/2014 11:06:14 AM | Computer Name = PHILIP-ACF5D5BE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
 Hand
 
Error - 1/4/2014 11:06:14 AM | Computer Name = PHILIP-ACF5D5BE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
 Hand
 
Error - 1/4/2014 11:21:29 AM | Computer Name = PHILIP-ACF5D5BE | Source = Application Error | ID = 1000
Description = Faulting application chlogic.exe, version 10.24.3.3, faulting module
 omnibox.dll, version 2.0.4.1, fault address 0x000010b3.
 
Error - 1/4/2014 11:21:51 AM | Computer Name = PHILIP-ACF5D5BE | Source = CltMngSvc | ID = 1000
Description = 
 
Error - 1/4/2014 11:23:10 AM | Computer Name = PHILIP-ACF5D5BE | Source = CltMngSvc | ID = 1000
Description = 
 
Error - 1/6/2014 9:33:44 AM | Computer Name = PHILIP-ACF5D5BE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
 Hand
 
Error - 1/6/2014 9:33:44 AM | Computer Name = PHILIP-ACF5D5BE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
 Hand
 
Error - 1/6/2014 9:33:44 AM | Computer Name = PHILIP-ACF5D5BE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
 Hand
 
[ System Events ]
Error - 1/2/2014 1:48:13 PM | Computer Name = PHILIP-ACF5D5BE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
 period.
 
Error - 1/2/2014 3:05:54 PM | Computer Name = PHILIP-ACF5D5BE | Source = NtServicePack | ID = 921883
Description = Windows XP Hotfix KB942288-v3 installation failed. KB942288-v3 installation
 did not complete.
 
Error - 1/2/2014 3:19:43 PM | Computer Name = PHILIP-ACF5D5BE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
 Center Service service to connect.
 
Error - 1/2/2014 3:19:43 PM | Computer Name = PHILIP-ACF5D5BE | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Security Center Service service failed to start due
 to the following error:   %%1053
 
Error - 1/2/2014 3:42:40 PM | Computer Name = PHILIP-ACF5D5BE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner 
Service service to connect.
 
Error - 1/2/2014 3:42:40 PM | Computer Name = PHILIP-ACF5D5BE | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Scanner Service service failed to start due to the
 following error:   %%1053
 
Error - 1/2/2014 3:42:40 PM | Computer Name = PHILIP-ACF5D5BE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
 Center Service service to connect.
 
Error - 1/2/2014 3:42:40 PM | Computer Name = PHILIP-ACF5D5BE | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Security Center Service service failed to start due
 to the following error:   %%1053
 
Error - 1/2/2014 3:53:34 PM | Computer Name = PHILIP-ACF5D5BE | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_ESGIGUARD\0000 disappeared from the system 
without first being prepared for removal.
 
Error - 1/4/2014 11:05:06 AM | Computer Name = PHILIP-ACF5D5BE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the QBCFMonitorService service
 to connect.
 
 
< End of report >


#5 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:30 AM

Posted 06 January 2014 - 02:46 PM

Good evening. :)

Have you tried removing the Deal Slider Extension from Chrome as instructed here?


So long, and thanks for all the fish.

 

 


#6 Uprightman

Uprightman
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 06 January 2014 - 03:14 PM

Yes, there is no recycle bin beside deal slider and the disable button is grayed out.



#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:30 AM

Posted 06 January 2014 - 05:21 PM

Run OTL.exe.
 

  • Copy and paste the following bold text into the Custom Scans/Fixes box at the bottom:

    :Files
    ipconfig /flushdns /c
    C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ilfmkkncnbolkneogaadokmfjoihepgm\1.0_0

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

     
  • Click the Run Fix button at the top.
  • Let the program run until it has completed and then reboot the PC when it is done.

Please let me have a copy of the log that appears once OTL has completed it's run.

Note: Copies of the logs can be found in the  C:\_OTL\MovedFiles folder - open the newest .log file present, and copy/paste the contents of that document back here in your next post. The name of the log will in the following format: xxxxxxxx_xxxxxx. x representing the month, date, year and time the log was created. Eg: 03062009_170403

 

 


So long, and thanks for all the fish.

 

 


#8 Uprightman

Uprightman
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 07 January 2014 - 09:12 AM

 All processes killed

========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Philip\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Philip\My Documents\Downloads\cmd.txt deleted successfully.
C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ilfmkkncnbolkneogaadokmfjoihepgm\1.0_0\includes folder moved successfully.
C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ilfmkkncnbolkneogaadokmfjoihepgm\1.0_0\icons folder moved successfully.
C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ilfmkkncnbolkneogaadokmfjoihepgm\1.0_0\framework-ui folder moved successfully.
C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ilfmkkncnbolkneogaadokmfjoihepgm\1.0_0\framework folder moved successfully.
C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ilfmkkncnbolkneogaadokmfjoihepgm\1.0_0\CanvasFramework folder moved successfully.
C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ilfmkkncnbolkneogaadokmfjoihepgm\1.0_0\AppFramework folder moved successfully.
C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ilfmkkncnbolkneogaadokmfjoihepgm\1.0_0 folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: backups
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33559 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Philip
->Temp folder emptied: 238027026 bytes
->Temporary Internet Files folder emptied: 9790240 bytes
->FireFox cache emptied: 90013308 bytes
->Google Chrome cache emptied: 82521525 bytes
->Flash cache emptied: 506 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65938 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1500272 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 615846 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 403.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: backups
 
User: Default User
 
User: LocalService
 
User: NetworkService
 
User: Philip
->Flash cache emptied: 0 bytes
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0.00 mb
 
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 01072014_075854
 
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Philip\Local Settings\Temp\tmp18C.tmp not found!
File\Folder C:\Documents and Settings\Philip\Local Settings\Temp\tmp19C.tmp not found!
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...


#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:30 AM

Posted 07 January 2014 - 02:35 PM

Good evening. :)

Has this resolved the issue?


So long, and thanks for all the fish.

 

 


#10 Uprightman

Uprightman
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 07 January 2014 - 05:18 PM

The deal slider extension is still there but I am not noticing any more popups



#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:30 AM

Posted 07 January 2014 - 05:21 PM

What I hopefully have done is to remove the files that were causing the issue - what you are seeing is a leftover rather than an indicator of infection. Will you run the PC as normal for 24 hours and then let me know how it is behaving and i'll address any problems that you have then.


So long, and thanks for all the fish.

 

 


#12 Uprightman

Uprightman
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 07 January 2014 - 05:59 PM

Ok, will do. Thx



#13 Uprightman

Uprightman
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 09 January 2014 - 08:55 AM

Everything seems to be running smooth now. Tyvm for the help.



#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:30 AM

Posted 09 January 2014 - 03:06 PM

Good evening. :)

I'd like you to work through the following, when you get some spare time, just as a final look-see and post accordingly:

 

Pay a visit to the ESET Online Scanner.
 

  • Click the Run ESET Online Scanner button.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:
    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

Will you also throw in a fresh DDS log.

 


So long, and thanks for all the fish.

 

 


#15 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:30 AM

Posted 14 January 2014 - 03:20 PM

As there has been no response for five days this thread is now closed.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users