also @ TechSpot: MessageMe chat app grows to 5 million users in just 75 days

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Malware sirefef.y and similar found in MSE on Vista HP x86

Discussion in 'Virus and Malware Removal' started by Johnny270268, Jul 13, 2012.

Post New Reply

Page 4 of 5

Broni Malware Annihilator Posts: 39,349 +175

Cool beans

Broni, Jul 15, 2012

#61
Johnny270268 Newcomer, in training Posts: 81

Combo Fix scan log for your perusal Broni

ComboFix 12-07-14.01 - Greg 16/07/2012 6:31.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3070.1735 [GMT 10:00]
Running from: c:\users\Greg\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20100807.txt
c:\cflog\CrashLog_20100810.txt
c:\cflog\CrashLog_20100811.txt
c:\cflog\CrashLog_20100821.txt
c:\cflog\CrashLog_20100826.txt
c:\cflog\CrashLog_20100827.txt
c:\cflog\CrashLog_20100830.txt
c:\cflog\CrashLog_20100902.txt
c:\cflog\CrashLog_20100907.txt
c:\cflog\CrashLog_20100909.txt
c:\cflog\CrashLog_20100911.txt
c:\cflog\CrashLog_20100912.txt
c:\cflog\CrashLog_20100913.txt
c:\cflog\CrashLog_20100921.txt
c:\cflog\CrashLog_20100924.txt
c:\cflog\CrashLog_20100925.txt
c:\cflog\CrashLog_20100926.txt
c:\cflog\CrashLog_20100927.txt
c:\cflog\CrashLog_20100930.txt
c:\cflog\CrashLog_20101010.txt
c:\cflog\CrashLog_20101011.txt
c:\cflog\CrashLog_20101016.txt
c:\cflog\CrashLog_20101017.txt
c:\cflog\CrashLog_20101018.txt
c:\cflog\CrashLog_20101023.txt
c:\cflog\CrashLog_20101024.txt
c:\cflog\CrashLog_20101030.txt
c:\cflog\CrashLog_20101103.txt
c:\cflog\CrashLog_20101104.txt
c:\cflog\CrashLog_20101106.txt
c:\cflog\CrashLog_20101107.txt
c:\cflog\CrashLog_20101108.txt
c:\cflog\CrashLog_20101114.txt
c:\cflog\CrashLog_20101201.txt
c:\cflog\CrashLog_20101204.txt
c:\cflog\CrashLog_20101208.txt
c:\cflog\CrashLog_20101209.txt
c:\cflog\CrashLog_20101211.txt
c:\cflog\CrashLog_20101214.txt
c:\cflog\CrashLog_20101215.txt
c:\cflog\CrashLog_20101218.txt
c:\cflog\CrashLog_20101220.txt
c:\cflog\CrashLog_20101221.txt
c:\cflog\CrashLog_20101225.txt
c:\cflog\CrashLog_20101227.txt
c:\cflog\CrashLog_20101230.txt
c:\cflog\CrashLog_20101231.txt
c:\cflog\CrashLog_20110101.txt
c:\cflog\CrashLog_20110103.txt
c:\cflog\CrashLog_20110104.txt
c:\cflog\CrashLog_20110105.txt
c:\cflog\CrashLog_20110106.txt
c:\cflog\CrashLog_20110108.txt
c:\cflog\CrashLog_20110113.txt
c:\cflog\CrashLog_20110115.txt
c:\cflog\CrashLog_20110116.txt
c:\cflog\CrashLog_20110118.txt
c:\cflog\CrashLog_20110217.txt
c:\cflog\CrashLog_20110218.txt
c:\cflog\CrashLog_20110304.txt
c:\cflog\CrashLog_20110305.txt
c:\cflog\CrashLog_20110328.txt
c:\cflog\CrashLog_20110426.txt
c:\cflog\CrashLog_20110427.txt
c:\cflog\CrashLog_20110428.txt
c:\cflog\CrashLog_20110429.txt
c:\cflog\CrashLog_20111119.txt
c:\cflog\CrashLog_20111122.txt
c:\cflog\CrashLog_20111124.txt
c:\cflog\CrashLog_20111125.txt
c:\cflog\CrashLog_20111129.txt
c:\cflog\CrashLog_20111130.txt
c:\cflog\CrashLog_20111201.txt
c:\cflog\CrashLog_20111213.txt
c:\cflog\CrashLog_20111214.txt
c:\cflog\CrashLog_20111216.txt
c:\cflog\CrashLog_20111218.txt
c:\cflog\CrashLog_20111219.txt
c:\cflog\CrashLog_20111221.txt
c:\cflog\CrashLog_20120411.txt
c:\cflog\CrashLog_20120416.txt
c:\cflog\CrashLog_20120502.txt
c:\program files\Automated Content Enhancer
c:\program files\Automated Content Enhancer\4.2.0.5360\ACEIeaddon.dll
c:\program files\Automated Content Enhancer\4.2.0.5360\Data\config.md
c:\program files\Automated Content Enhancer\4.2.0.5360\FF\chrome.manifest
c:\program files\Automated Content Enhancer\4.2.0.5360\FF\chrome\ACEAddOn.jar
c:\program files\Automated Content Enhancer\4.2.0.5360\FF\chrome\content\ACEAddOn.js
c:\program files\Automated Content Enhancer\4.2.0.5360\FF\chrome\content\ACEAddOn.xul
c:\program files\Automated Content Enhancer\4.2.0.5360\FF\components\ACEFFAddOn.dll
c:\program files\Automated Content Enhancer\4.2.0.5360\FF\components\ACEFFAddOn.xpt
c:\program files\Automated Content Enhancer\4.2.0.5360\FF\components\ACEFFHelperComponent.js
c:\program files\Automated Content Enhancer\4.2.0.5360\FF\install.rdf
c:\program files\Automated Content Enhancer\4.2.0.5360\unins000.dat
c:\program files\Automated Content Enhancer\4.2.0.5360\unins000.exe
c:\program files\BasicScan
c:\program files\BasicScan\uninstall.exe
c:\program files\Content Management Wizard
c:\program files\Content Management Wizard\1.2.0.2080\CMWIe.dll
c:\program files\Content Management Wizard\1.2.0.2080\cmwsh.dll
c:\program files\Content Management Wizard\1.2.0.2080\config.mx
c:\program files\Content Management Wizard\1.2.0.2080\data.mx
c:\program files\Content Management Wizard\1.2.0.2080\exclude.mx
c:\program files\Content Management Wizard\1.2.0.2080\MatchingData.zd5
c:\program files\Content Management Wizard\1.2.0.2080\pxtmpdata.mx
c:\program files\Content Management Wizard\1.2.0.2080\unins000.dat
c:\program files\Content Management Wizard\1.2.0.2080\unins000.exe
c:\program files\Customized Platform Advancer
c:\program files\Customized Platform Advancer\4.2.0.2050\CPACommon.dll
c:\program files\Customized Platform Advancer\4.2.0.2050\CPAIEAddOn.dll
c:\program files\Customized Platform Advancer\4.2.0.2050\Data\config.md
c:\program files\Customized Platform Advancer\4.2.0.2050\FF\chrome.manifest
c:\program files\Customized Platform Advancer\4.2.0.2050\FF\chrome\content\CPAAddOn.js
c:\program files\Customized Platform Advancer\4.2.0.2050\FF\chrome\content\CPAAddOn.xul
c:\program files\Customized Platform Advancer\4.2.0.2050\FF\chrome\CPAAddOn.jar
c:\program files\Customized Platform Advancer\4.2.0.2050\FF\components\CPAFFAddOn.dll
c:\program files\Customized Platform Advancer\4.2.0.2050\FF\components\CPAFFAddOn.xpt
c:\program files\Customized Platform Advancer\4.2.0.2050\FF\components\CPAFFHelperComponent.js
c:\program files\Customized Platform Advancer\4.2.0.2050\FF\install.rdf
c:\program files\Customized Platform Advancer\4.2.0.2050\unins000.dat
c:\program files\Customized Platform Advancer\4.2.0.2050\unins000.exe
c:\program files\FunWebProducts
c:\program files\HyperCam Toolbar\tbHElper.dll
c:\program files\Internet Today
c:\program files\Internet Today\1.2.0.1420\InternetToday.ico
c:\program files\Internet Today\1.2.0.1420\InternetToday.skf
c:\program files\Internet Today\1.2.0.1420\mfc80.dll
c:\program files\Internet Today\1.2.0.1420\Microsoft.VC80.CRT.manifest
c:\program files\Internet Today\1.2.0.1420\Microsoft.VC80.MFC.manifest
c:\program files\Internet Today\1.2.0.1420\msvcr80.dll
c:\program files\Internet Today\1.2.0.1420\SkinCrafterDll.dll
c:\program files\Internet Today\1.2.0.1420\unins000.dat
c:\program files\Internet Today\1.2.0.1420\unins000.exe
c:\program files\IObitBar\toolbar\1.bin\i0SRcas.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\2.bin\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\2.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\2.bin\F3DTactl.dll
c:\program files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HTmlmu.dll
c:\program files\MyWebSearch\bar\2.bin\F3HTtpct.dll
c:\program files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\2.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\2.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\2.bin\F3SCrctr.dll
c:\program files\MyWebSearch\bar\2.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\2.bin\INSTALL.RDF
c:\program files\MyWebSearch\bar\2.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\2.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\2.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\2.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSMLBTN.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSUABTN.DLL
c:\program files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\Textual Content Provider
c:\program files\Textual Content Provider\1.2.0.2040\data\pxtmpdata.mx
c:\program files\Textual Content Provider\1.2.0.2040\data\TP_Config.mx
c:\program files\Textual Content Provider\1.2.0.2040\data\TP_Data.mx
c:\program files\Textual Content Provider\1.2.0.2040\data\TP_DomainExcludeList.mx
c:\program files\Textual Content Provider\1.2.0.2040\data\TP_DomainInterval.mx
c:\program files\Textual Content Provider\1.2.0.2040\data\TP_KeywordInterval.mx
c:\program files\Textual Content Provider\1.2.0.2040\unins000.dat
c:\program files\Textual Content Provider\1.2.0.2040\unins000.exe
c:\program files\Web Search Operator
c:\program files\Web Search Operator\4.2.0.2150\Data\config.md
c:\program files\Web Search Operator\4.2.0.2150\FF\chrome.manifest
c:\program files\Web Search Operator\4.2.0.2150\FF\chrome\content\WSOAddOn.js
c:\program files\Web Search Operator\4.2.0.2150\FF\chrome\content\WSOAddOn.xul
c:\program files\Web Search Operator\4.2.0.2150\FF\chrome\WSOAddOn.jar
c:\program files\Web Search Operator\4.2.0.2150\FF\components\WSOFFAddOn.dll
c:\program files\Web Search Operator\4.2.0.2150\FF\components\WSOFFAddOn.xpt
c:\program files\Web Search Operator\4.2.0.2150\FF\components\WSOFFHelperComponent.js
c:\program files\Web Search Operator\4.2.0.2150\FF\install.rdf
c:\program files\Web Search Operator\4.2.0.2150\unins000.dat
c:\program files\Web Search Operator\4.2.0.2150\unins000.exe
c:\program files\Web Search Operator\4.2.0.2150\WSOCommon.dll
c:\program files\YouTube Downloader Toolbar\SeARchsettings.dll
c:\programdata\17dc64539899890e926c4339ab349fa3_c
c:\programdata\SPL408C.tmp
c:\programdata\SPL442E.tmp
c:\programdata\SPL7CDC.tmp
c:\programdata\SPL9432.tmp
c:\programdata\SPL9A4B.tmp
c:\users\Greg\AppData\Local\hqopmya.exe
c:\users\Greg\AppData\Local\Internet Today
c:\users\Greg\AppData\Local\jkpcpukocn.exe
c:\users\Greg\AppData\Roaming\ac.exe
c:\users\Greg\AppData\Roaming\appdata
c:\users\Greg\AppData\Roaming\Greglog.dat
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\cb.sys
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\CLSV.dll
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\CLSV.sys
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.dll
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.drv
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.sys
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\ddv.exe
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\ddv.tmp
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\delfile.drv
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\delfile.sys
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\dudl.dll
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\eb.drv
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\eb.tmp
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\energy.dll
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\energy.sys
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\exec.sys
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\exec.tmp
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\fix.sys
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\FS.dll
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\kernel32.sys
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\pal.exe
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\pal.tmp
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\ppal.drv
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.tmp
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.exe
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.tmp
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\sld.dll
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\sld.exe
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\sld.tmp
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\SM.dll
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\std.drv
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\std.sys
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.dll
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
c:\users\Greg\AppData\Roaming\Poum
c:\users\Greg\AppData\Roaming\Poum\ulih.exe
c:\users\Greg\AppData\Roaming\rundll32.exe
c:\users\Greg\Favorites\actiontrip girls - Google Search.ur
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\DEBUG.log
c:\windows\system32\f3PSSavr.scr
.
.
((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))
.
.
2012-07-15 20:39 . 2012-07-15 20:46 -------- d-----w- c:\users\Greg\AppData\Local\temp
2012-07-15 20:39 . 2012-07-15 20:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-15 07:23 . 2012-07-15 07:23 -------- d-----w- C:\FRST
2012-07-10 11:31 . 2012-07-10 11:31 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-08 07:59 . 2012-07-08 07:59 -------- d-----w- c:\users\Greg\AppData\Local\etax2012
2012-07-07 06:08 . 2012-07-07 06:20 -------- d-----w- c:\users\Greg\AppData\Roaming\Ovwua
2012-07-04 08:46 . 2012-07-04 08:46 -------- d-----w- c:\program files\Lame For Audacity
2012-07-04 02:19 . 2012-07-04 02:19 -------- d-----w- c:\programdata\Sony
2012-07-03 07:37 . 2012-07-08 07:59 -------- d-----w- c:\program files\etax2012
2012-07-03 07:14 . 2012-07-03 07:14 -------- d-----w- c:\users\Greg\AppData\Roaming\Publish Providers
2012-07-03 07:11 . 2012-07-03 07:12 -------- d-----w- c:\users\Greg\AppData\Local\Sony
2012-07-03 07:11 . 2012-07-03 07:11 -------- d-----w- c:\program files\Sony
2012-07-03 07:10 . 2012-07-04 02:18 -------- d-----w- c:\users\Greg\AppData\Roaming\Sony
2012-07-02 10:36 . 2012-07-02 10:36 -------- d-----w- c:\program files\Ask.com
2012-07-02 10:34 . 2012-07-02 10:34 -------- d-----w- c:\program files\FreeTime
2012-06-27 00:12 . 2012-06-30 03:09 -------- d-----w- C:\Log
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-15 19:02 . 2012-04-04 07:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-15 19:02 . 2011-08-14 01:40 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-17 17:14 . 2012-07-15 18:11 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{300AB105-98E1-4012-879C-C5EC6F777073}\mpengine.dll
2012-06-02 22:19 . 2012-06-08 23:29 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-08 23:29 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-08 23:28 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-08 23:28 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-08 23:29 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-08 23:29 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-08 23:28 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:19 . 2012-06-08 23:28 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 05:12 . 2012-06-08 23:28 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 02:25 . 2010-04-11 09:16 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-17 22:45 . 2012-06-13 10:03 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35 . 2012-06-13 10:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35 . 2012-06-13 10:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29 . 2012-06-13 10:03 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24 . 2012-06-13 10:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-15 19:51 . 2012-06-13 05:15 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-05-03 02:54 . 2012-05-03 02:54 42392 ----a-w- c:\windows\system32\xfcodec.dll
2012-05-01 14:03 . 2012-06-13 05:15 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00 . 2012-06-13 05:15 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00 . 2012-06-13 05:15 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 16:00 . 2012-06-13 05:15 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-18 10:56 . 2012-04-18 10:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 10:56 . 2012-04-18 10:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}"= "c:\program files\Elf_1.15\tbElf_.dll" [2010-12-09 3911776]
"{6d8d66f3-14fc-4736-a096-fac0ea66289c}"= "c:\program files\midicase\prxtbmidi.dll" [2011-01-03 175400]
"{970a72ad-2603-4b4e-bb28-aff6ab80cccd}"= "c:\program files\CrazyForCricket_3k\bar\1.bin\3kSrcAs.dll" [2011-11-09 62864]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}]
.
[HKEY_CLASSES_ROOT\clsid\{6d8d66f3-14fc-4736-a096-fac0ea66289c}]
.
[HKEY_CLASSES_ROOT\clsid\{970a72ad-2603-4b4e-bb28-aff6ab80cccd}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-29 05:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-06-03 08:24 2736736 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2010-04-15 02:33 2515552 ----a-w- c:\program files\XfireXO\tbXfir.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64d23501-5195-4224-9446-e2b0fb64e859}]
2010-03-25 06:56 2349080 ----a-w- c:\program files\HiGames\tbHiG1.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6d8d66f3-14fc-4736-a096-fac0ea66289c}]
2011-01-03 00:16 175400 ----a-w- c:\program files\midicase\prxtbmidi.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}]
2010-12-09 02:51 3911776 ----a-w- c:\program files\Elf_1.15\tbElf_.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-08-24 08:21 1299248 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{64d23501-5195-4224-9446-e2b0fb64e859}"= "c:\program files\HiGames\tbHiG1.dll" [2010-03-25 2349080]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-04-15 2515552]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]
"{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}"= "c:\program files\Elf_1.15\tbElf_.dll" [2010-12-09 3911776]
"{6d8d66f3-14fc-4736-a096-fac0ea66289c}"= "c:\program files\midicase\prxtbmidi.dll" [2011-01-03 175400]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
.
[HKEY_CLASSES_ROOT\clsid\{64d23501-5195-4224-9446-e2b0fb64e859}]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}]
.
[HKEY_CLASSES_ROOT\clsid\{6d8d66f3-14fc-4736-a096-fac0ea66289c}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{64D23501-5195-4224-9446-E2B0FB64E859}"= "c:\program files\HiGames\tbHiG1.dll" [2010-03-25 2349080]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{B9D63C58-90CC-428B-8D3B-CBB88EB07E7E}"= "c:\program files\Elf_1.15\tbElf_.dll" [2010-12-09 3911776]
"{6D8D66F3-14FC-4736-A096-FAC0EA66289C}"= "c:\program files\midicase\prxtbmidi.dll" [2011-01-03 175400]
.
[HKEY_CLASSES_ROOT\clsid\{64d23501-5195-4224-9446-e2b0fb64e859}]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}]
.
[HKEY_CLASSES_ROOT\clsid\{6d8d66f3-14fc-4736-a096-fac0ea66289c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-03 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528]
"Steam"="c:\program files\Steam\steam.exe" [2011-08-02 1242448]
"DeskSpace"="c:\users\Greg\Deskspace\deskspace.exe" [2002-01-01 1066496]
"Facebook Update"="c:\users\Greg\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-15 138096]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-05-02 17355912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-18 6246400]
"dldnmon.exe"="c:\program files\Dell V105\dldnmon.exe" [2008-03-17 668912]
"dldnamon"="c:\program files\Dell V105\dldnamon.exe" [2008-03-17 16624]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-10 30192]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]
"VX1000"="c:\windows\vVX1000.exe" [2009-07-24 762208]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"IObitBar Browser Plugin Loader"="c:\progra~1\IObitBar\toolbar\1.bin\i0brmon.exe" [2010-08-02 20480]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"CrazyForCricket Search Scope Monitor"="c:\progra~1\CRAZYF~2\bar\1.bin\3ksrchmn.exe" [2011-11-09 38440]
"CrazyForCricket_3k Browser Plugin Loader"="c:\progra~1\CRAZYF~2\bar\1.bin\3kbrmon.exe" [2011-11-09 30096]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
DeskSpace.lnk - l:\deskspace\deskspace.exe [N/A]
Facebook Messenger.lnk - c:\users\Greg\AppData\Local\Facebook\Messenger\2.1.4570.0\FacebookMessenger.exe [2012-7-6 217536]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2012-5-3 3553176]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 19:02]
.
2012-07-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2530732781-1678084383-3266196856-1000Core.job
- c:\users\Greg\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-03 18:09]
.
2012-07-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2530732781-1678084383-3266196856-1000UA.job
- c:\users\Greg\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-03 18:09]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2530732781-1678084383-3266196856-1000Core.job
- c:\users\Greg\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-02 10:13]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2530732781-1678084383-3266196856-1000UA.job
- c:\users\Greg\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-02 10:13]
.
2012-07-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 05:40]
.
2012-07-15 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2008-10-03 11:18]
.
2012-07-15 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 05:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/index.php?lh=c0eff49bfa52c6577d051ffa05300cc9&eu=XVUHAKl-eM-CZ8lbII58wQ
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 61.9.211.33 61.9.211.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\PageRage\tbPage.dll
BHO-{9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\PageRage\tbPage.dll
Toolbar-{9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\PageRage\tbPage.dll
WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - c:\program files\PageRage\tbPage.dll
HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-KamikazeKat - c:\program files\ScreenMates\kamikazekat.exe
HKCU-Run-Felix - c:\program files\ScreenMates\felix.exe
HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-hpqSRMon - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-Addictive Football Demo - c:\program files\Addictive Football Demo\Uninstal.exe
AddRemove-alotToolbar - c:\program files\alot\alotUninst.exe
AddRemove-Backyard Basketball 2007 - c:\program files\Backyard Basketball 2007\Uninstall.exe
AddRemove-CNXT_MODEM_PCI_HSF - c:\program files\CONEXANT\CNXT_MODEM_PCI_HSF\UIU32m.exe
AddRemove-Crossfire - c:\program files\cf-uninst.exe
AddRemove-PageRage Toolbar - c:\progra~1\PageRage\UNWISE.EXE
AddRemove-{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1 - c:\users\Greg\Desktop\Pokemon Online\unins000.exe
AddRemove-{C12A198C-E751-4729-839A-8FA07CF941C1}_is1 - c:\program files\EA Sports\Fifa Online 2\unins000.exe
AddRemove-Crossfire 1.7a - c:\program files\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-16 06:44
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2530732781-1678084383-3266196856-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{65D3B8F8-3D45-C03F-F0D7-2C3C92B5E16E}*]
"papldpmnaoaokohaemlpjfgiafpoaann"=hex:6a,61,6a,6d,6a,68,6d,6f,67,6a,64,6d,68,
61,62,6a,63,65,62,65,00,b9
"abflnpbnmhgfbbbjclgejpimilboigghfe"=hex:69,61,6b,6d,62,69,6c,64,69,6a,67,64,
6c,67,6d,67,6d,67,00,00
.
[HKEY_USERS\S-1-5-21-2530732781-1678084383-3266196856-1000\Software\SecuROM\License information*]
"datasecu"=hex:ca,17,21,f5,a4,ce,b8,3a,5a,b5,99,3f,ce,f0,13,82,df,1d,b6,f2,71,
fd,e5,c5,d2,17,b1,07,53,70,dc,1c,b7,d4,65,a8,3b,5b,0f,75,79,a2,22,a1,43,1c,\
"rkeysecu"=hex:d3,70,bf,92,47,4f,b0,52,8c,2f,3f,54,b3,70,9c,1c
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5304)
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\users\Greg\Deskspace\deskspace151.dll
c:\program files\CrazyForCricket_3k\bar\1.bin\3kbrstub.dll
c:\program files\IObitBar\toolbar\1.bin\i0brstub.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Dell\DellDock\DockLogin.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Application Updater\ApplicationUpdater.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\CRAZYF~2\bar\1.bin\3kbarsvc.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\system32\dldncoms.exe
c:\progra~1\IObitBar\toolbar\1.bin\i0barsvc.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RtHDVCpl.exe
c:\program files\IObitBar\toolbar\1.bin\i0brmon.exe
c:\program files\CrazyForCricket_3k\bar\1.bin\3kbrmon.exe
c:\program files\Digital Line Detect\DLG.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\Dell V105\dldnMsdMon.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\windows\system32\msiexec.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Common Files\Steam\SteamService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-07-16 06:56:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-15 20:56
.
Pre-Run: 192,126,926,848 bytes free
Post-Run: 205,086,515,200 bytes free
.
- - End Of File - - 75CC9DD810A7BBDD8109325250573E49

Johnny270268, Jul 15, 2012

#62
Broni Malware Annihilator Posts: 39,349 +175
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

RegNull:: [HKEY_USERS\S-1-5-21-2530732781-1678084383-3266196856-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{65D3B8F8-3D45-C03F-F0D7-2C3C92B5E16E}*] ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
Broni, Jul 15, 2012

#63
Johnny270268 Newcomer, in training Posts: 81

Hi Broni,

I'm getting the following window

"C:\Users\Greg\Desktop\ComboFix.exe
Illegal operation attempted on a registry key marked for deletion"

All I have is the "OK" radio button to select. ????

I've actually deleted MSE a few threads back. Don't know if that info helps. I know windows firewall is operational.

Johnny270268, Jul 15, 2012

#64
Johnny270268 Newcomer, in training Posts: 81

I should have mentioned that this occured when I tried to drag and drop. Haven't selected OK however. Will wait for your reply in case it is malware :-(

Johnny270268, Jul 15, 2012

#65

Broni Malware Annihilator Posts: 39,349 +175

Illegal operation attempted on a registry key marked for deletion"

Restart computer to fix the issue..

Then reinstall MSE.
Update, run full scan.

Next....

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Broni, Jul 15, 2012

#66

Johnny270268 Newcomer, in training Posts: 81

Wow, don't I feel like a heel

Completing instructions now

Johnny270268, Jul 15, 2012

#67
Johnny270268 Newcomer, in training Posts: 81

Should I drag and drop again or just continue on?? Just want to be sure.

Johnny270268, Jul 15, 2012

#68
Broni Malware Annihilator Posts: 39,349 +175

If you didn't complete Combofix fix yet do it now.
If you did post the log.

Broni, Jul 15, 2012

#69
Johnny270268 Newcomer, in training Posts: 81

Running Combo Fix successfully will post results ASAP

Johnny270268, Jul 15, 2012

#70
Johnny270268 Newcomer, in training Posts: 81

Hi again Broni,

Combo Fix latest log. I'll wait for your reply.

ComboFix 12-07-14.01 - Greg 16/07/2012 8:07.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3070.1935 [GMT 10:00]
Running from: c:\users\Greg\Desktop\ComboFix.exe
Command switches used :: c:\users\Greg\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))
.
.
2012-07-15 22:13 . 2012-07-15 22:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-15 20:39 . 2012-07-15 22:13 -------- d-----w- c:\users\Greg\AppData\Local\temp
2012-07-15 18:11 . 2012-06-17 17:14 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{300AB105-98E1-4012-879C-C5EC6F777073}\mpengine.dll
2012-07-15 07:23 . 2012-07-15 07:23 -------- d-----w- C:\FRST
2012-07-10 11:31 . 2012-07-10 11:31 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-08 07:59 . 2012-07-08 07:59 -------- d-----w- c:\users\Greg\AppData\Local\etax2012
2012-07-07 06:08 . 2012-07-07 06:20 -------- d-----w- c:\users\Greg\AppData\Roaming\Ovwua
2012-07-04 08:46 . 2012-07-04 08:46 -------- d-----w- c:\program files\Lame For Audacity
2012-07-04 02:19 . 2012-07-04 02:19 -------- d-----w- c:\programdata\Sony
2012-07-03 07:37 . 2012-07-08 07:59 -------- d-----w- c:\program files\etax2012
2012-07-03 07:14 . 2012-07-03 07:14 -------- d-----w- c:\users\Greg\AppData\Roaming\Publish Providers
2012-07-03 07:11 . 2012-07-03 07:12 -------- d-----w- c:\users\Greg\AppData\Local\Sony
2012-07-03 07:11 . 2012-07-03 07:11 -------- d-----w- c:\program files\Sony
2012-07-03 07:10 . 2012-07-04 02:18 -------- d-----w- c:\users\Greg\AppData\Roaming\Sony
2012-07-02 10:36 . 2012-07-02 10:36 -------- d-----w- c:\program files\Ask.com
2012-07-02 10:34 . 2012-07-02 10:34 -------- d-----w- c:\program files\FreeTime
2012-06-27 00:12 . 2012-06-30 03:09 -------- d-----w- C:\Log
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-15 19:02 . 2012-04-04 07:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-15 19:02 . 2011-08-14 01:40 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-08 23:29 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-08 23:29 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-08 23:28 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-08 23:28 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-08 23:29 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-08 23:29 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-08 23:28 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:19 . 2012-06-08 23:28 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 05:12 . 2012-06-08 23:28 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 02:25 . 2010-04-11 09:16 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-17 22:45 . 2012-06-13 10:03 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35 . 2012-06-13 10:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35 . 2012-06-13 10:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29 . 2012-06-13 10:03 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24 . 2012-06-13 10:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-15 19:51 . 2012-06-13 05:15 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-05-03 02:54 . 2012-05-03 02:54 42392 ----a-w- c:\windows\system32\xfcodec.dll
2012-05-01 14:03 . 2012-06-13 05:15 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00 . 2012-06-13 05:15 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00 . 2012-06-13 05:15 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 16:00 . 2012-06-13 05:15 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-18 10:56 . 2012-04-18 10:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 10:56 . 2012-04-18 10:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}"= "c:\program files\Elf_1.15\tbElf_.dll" [2010-12-09 3911776]
"{6d8d66f3-14fc-4736-a096-fac0ea66289c}"= "c:\program files\midicase\prxtbmidi.dll" [2011-01-03 175400]
"{970a72ad-2603-4b4e-bb28-aff6ab80cccd}"= "c:\program files\CrazyForCricket_3k\bar\1.bin\3kSrcAs.dll" [2011-11-09 62864]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}]
.
[HKEY_CLASSES_ROOT\clsid\{6d8d66f3-14fc-4736-a096-fac0ea66289c}]
.
[HKEY_CLASSES_ROOT\clsid\{970a72ad-2603-4b4e-bb28-aff6ab80cccd}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-29 05:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-06-03 08:24 2736736 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2010-04-15 02:33 2515552 ----a-w- c:\program files\XfireXO\tbXfir.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64d23501-5195-4224-9446-e2b0fb64e859}]
2010-03-25 06:56 2349080 ----a-w- c:\program files\HiGames\tbHiG1.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6d8d66f3-14fc-4736-a096-fac0ea66289c}]
2011-01-03 00:16 175400 ----a-w- c:\program files\midicase\prxtbmidi.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}]
2010-12-09 02:51 3911776 ----a-w- c:\program files\Elf_1.15\tbElf_.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-08-24 08:21 1299248 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{64d23501-5195-4224-9446-e2b0fb64e859}"= "c:\program files\HiGames\tbHiG1.dll" [2010-03-25 2349080]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-04-15 2515552]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]
"{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}"= "c:\program files\Elf_1.15\tbElf_.dll" [2010-12-09 3911776]
"{6d8d66f3-14fc-4736-a096-fac0ea66289c}"= "c:\program files\midicase\prxtbmidi.dll" [2011-01-03 175400]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
.
[HKEY_CLASSES_ROOT\clsid\{64d23501-5195-4224-9446-e2b0fb64e859}]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}]
.
[HKEY_CLASSES_ROOT\clsid\{6d8d66f3-14fc-4736-a096-fac0ea66289c}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{64D23501-5195-4224-9446-E2B0FB64E859}"= "c:\program files\HiGames\tbHiG1.dll" [2010-03-25 2349080]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{B9D63C58-90CC-428B-8D3B-CBB88EB07E7E}"= "c:\program files\Elf_1.15\tbElf_.dll" [2010-12-09 3911776]
"{6D8D66F3-14FC-4736-A096-FAC0EA66289C}"= "c:\program files\midicase\prxtbmidi.dll" [2011-01-03 175400]
.
[HKEY_CLASSES_ROOT\clsid\{64d23501-5195-4224-9446-e2b0fb64e859}]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}]
.
[HKEY_CLASSES_ROOT\clsid\{6d8d66f3-14fc-4736-a096-fac0ea66289c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-03 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528]
"Steam"="c:\program files\Steam\steam.exe" [2011-08-02 1242448]
"DeskSpace"="c:\users\Greg\Deskspace\deskspace.exe" [2002-01-01 1066496]
"Facebook Update"="c:\users\Greg\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-15 138096]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-05-02 17355912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-18 6246400]
"dldnmon.exe"="c:\program files\Dell V105\dldnmon.exe" [2008-03-17 668912]
"dldnamon"="c:\program files\Dell V105\dldnamon.exe" [2008-03-17 16624]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-10 30192]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]
"VX1000"="c:\windows\vVX1000.exe" [2009-07-24 762208]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"IObitBar Browser Plugin Loader"="c:\progra~1\IObitBar\toolbar\1.bin\i0brmon.exe" [2010-08-02 20480]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"CrazyForCricket Search Scope Monitor"="c:\progra~1\CRAZYF~2\bar\1.bin\3ksrchmn.exe" [2011-11-09 38440]
"CrazyForCricket_3k Browser Plugin Loader"="c:\progra~1\CRAZYF~2\bar\1.bin\3kbrmon.exe" [2011-11-09 30096]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
DeskSpace.lnk - l:\deskspace\deskspace.exe [N/A]
Facebook Messenger.lnk - c:\users\Greg\AppData\Local\Facebook\Messenger\2.1.4570.0\FacebookMessenger.exe [2012-7-6 217536]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2012-5-3 3553176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-10-3 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 19:02]
.
2012-07-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2530732781-1678084383-3266196856-1000Core.job
- c:\users\Greg\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-03 18:09]
.
2012-07-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2530732781-1678084383-3266196856-1000UA.job
- c:\users\Greg\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-03 18:09]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2530732781-1678084383-3266196856-1000Core.job
- c:\users\Greg\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-02 10:13]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2530732781-1678084383-3266196856-1000UA.job
- c:\users\Greg\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-02 10:13]
.
2012-07-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 05:40]
.
2012-07-15 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2008-10-03 11:18]
.
2012-07-15 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 05:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/index.php?lh=c0eff49bfa52c6577d051ffa05300cc9&eu=XVUHAKl-eM-CZ8lbII58wQ
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 61.9.211.33 61.9.211.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-16 08:13
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2530732781-1678084383-3266196856-1000\Software\SecuROM\License information*]
"datasecu"=hex:ca,17,21,f5,a4,ce,b8,3a,5a,b5,99,3f,ce,f0,13,82,df,1d,b6,f2,71,
fd,e5,c5,d2,17,b1,07,53,70,dc,1c,b7,d4,65,a8,3b,5b,0f,75,79,a2,22,a1,43,1c,\
"rkeysecu"=hex:d3,70,bf,92,47,4f,b0,52,8c,2f,3f,54,b3,70,9c,1c
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4408)
c:\program files\IObitBar\toolbar\1.bin\i0brstub.dll
c:\program files\CrazyForCricket_3k\bar\1.bin\3kbrstub.dll
.
Completion time: 2012-07-16 08:15:18
ComboFix-quarantined-files.txt 2012-07-15 22:15
ComboFix2.txt 2012-07-15 20:56
.
Pre-Run: 204,952,776,704 bytes free
Post-Run: 204,909,309,952 bytes free
.
- - End Of File - - 1AFDD56523ACF2FE72D99C14FC964837

Johnny270268, Jul 15, 2012

#71
Broni Malware Annihilator Posts: 39,349 +175

Good
Go on...

Broni, Jul 15, 2012

#72
Johnny270268 Newcomer, in training Posts: 81

Here goes

Johnny270268, Jul 15, 2012

#73
Johnny270268 Newcomer, in training Posts: 81

Hi again Boni,

MSE is currently doing the full scan but it's going to take some considerable time to complete. I imagine the OTL log is going to take some time to do as well. I need to get some shuteye man! I've been awake for two days. Do you mind terribly if I let these scans do their magic and report back to you in about 6- 7 hours ?? It's around 10;18 am here on the south east of Queensland Australia. If I don't here anything I'll know you're OK with this. I'll very briefly report on the result of MSE full scan and post MBAM log for you then.

Johnny270268, Jul 15, 2012

#74
Broni Malware Annihilator Posts: 39,349 +175

Not a problem

Broni, Jul 15, 2012

#75
Johnny270268 Newcomer, in training Posts: 81

OK, feel rested now Sorry I had to do that to you Broni but I'm back now,

Initial MSE Quick scan (no issues detected)
MSE Full Scan 5 Potential Threats

Rogue: Win32/Winwebsec
Virus: Win32/Sirefef.R
Trojan: Win32/Sirefef.AH
Trojan: Win32/Sirefef.AB
PWS: Win32/Zbot.gen!Y

I'll remove these, reboot (if it asks) and install MBAM and continue on if there are no issues.

Will post results ASAP

Johnny270268, Jul 16, 2012

#76
Johnny270268 Newcomer, in training Posts: 81

Posting Mbam log. Removed and rebooted as requested by program

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.16.03
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Greg :: GREG-PC [administrator]
16/07/2012 5:03:50 PM
mbam-log-2012-07-16 (17-03-50).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223985
Time elapsed: 9 minute(s), 53 second(s)
Memory Processes Detected: 1
C:\Program Files\CrazyForCricket_3k\bar\1.bin\3kbrmon.exe (PUP.MyWebSearch) -> 4040 -> Delete on reboot.
Memory Modules Detected: 1
C:\Program Files\CrazyForCricket_3k\bar\1.bin\3kbrstub.dll (PUP.MyWebSearch) -> Delete on reboot.
Registry Keys Detected: 21
HKLM\SYSTEM\CurrentControlSet\Services\CrazyForCricket_3kService (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{2A743834-05F4-4ED4-8A1C-41332B10AC0C} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKCR\Interface\{1081D532-7DE4-40BD-B912-388FA6B27C78} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKCR\Typelib\{883DFC00-8A21-411D-956C-73A4E4B7D16F} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKCR\Interface\{480098C6-F6AD-4C61-9B5C-2BAE228A34D1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Explorer\Bars\{B72681C0-A222-4b21-A0E2-53A5A5CA3D411} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Explorer\Bars\{CAC89FF9-34A9-4431-8CFE-292A47F843BC} (Adware.Agent) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649} (Adware.Zwangi) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BDD39FFE-DDB5-4566-BF35-373698DDEE55} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKCU\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Customized Platform Advancer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\AppDataLow\SOFTWARE\Internet Today (Adware.DoubleD) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Detected: 11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|CrazyForCricket_3k Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~1\CRAZYF~2\bar\1.bin\3kbrmon.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|CrazyForCricket Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~1\CRAZYF~2\bar\1.bin\3ksrchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{E63605FC-D583-4C81-867F-9457BDB3EA1B} (Adware.DoubleD) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{E63605FC-D583-4C81-867F-9457BDB3EA1B} (Adware.DoubleD) -> Data: C:\Program Files\Web Search Operator\4.2.0.2150\FF -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{8141440E-08F0-4339-9959-5C31C6A69F23} (Adware.DoubleD) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{8141440E-08F0-4339-9959-5C31C6A69F23} (Adware.DoubleD) -> Data: C:\Program Files\Automated Content Enhancer\4.2.0.5360\FF -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{E889F097-B0BE-471B-89AD-B86B6F04B506} (Adware.DoubleD) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{E889F097-B0BE-471B-89AD-B86B6F04B506} (Adware.DoubleD) -> Data: C:\Program Files\Customized Platform Advancer\4.2.0.2050\FF -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:5577 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (PUP.MyWebSearch) -> Data: C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Data: http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> Quarantined and deleted successfully.
Registry Data Items Detected: 2
HKCR\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={sea...startIndex={startIndex?}&startPage={startPage}) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&ext=%s) Good: (http://shell.windows.com/fileassoc/x/xml/redir.asp?Ext=%s) -> Quarantined and repaired successfully.
Folders Detected: 4
C:\Users\Greg\Local Settings\Application Data\RavenBleuSA (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
C:\Users\Greg\Local Settings\Application Data\RavenBleuSA\bin (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
C:\Users\Greg\Local Settings\Application Data\RavenBleuSA\bin\1.0.11.0 (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
C:\Users\Greg\Local Settings\Application Data\RavenBleuSA\data (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
Files Detected: 10
C:\Program Files\CrazyForCricket_3k\bar\1.bin\3kbrstub.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\CrazyForCricket_3k\bar\1.bin\3kbarsvc.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\CrazyForCricket_3k\bar\1.bin\3kbrmon.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\CrazyForCricket_3k\bar\1.bin\3kSrchMn.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\ProgramData\{8ED303BF-E542-46DC-8C8C-CC5D61E6EF91}\Setup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\Greg\Favorites\MyKeySearch.url (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\Greg\Local Settings\Application Data\RavenBleuSA\bin\1.0.11.0\copyright.txt (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
C:\Users\Greg\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSA.dat (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
C:\Users\Greg\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSAau.dat (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
C:\Users\Greg\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSA_kyf_update.dat (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
(end)

Johnny270268, Jul 16, 2012

#77
Johnny270268 Newcomer, in training Posts: 81

Now preparing for OTL. Will post results ASAP

Johnny270268, Jul 16, 2012

#78
Johnny270268 Newcomer, in training Posts: 81

OK

OTL Log (Part 1) first,

OTL logfile created on: 16/07/2012 5:54:48 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Greg\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 57.97% Memory free
6.22 Gb Paging File | 4.66 Gb Available in Paging File | 74.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.70 Gb Total Space | 189.40 Gb Free Space | 42.02% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 6.25 Gb Free Space | 41.68% Space Free | Partition Type: NTFS
Drive K: | 3.73 Gb Total Space | 3.53 Gb Free Space | 94.59% Space Free | Partition Type: FAT32

Computer Name: GREG-PC | User Name: Greg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/16 17:50:48 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Greg\Desktop\OTL.exe
PRC - [2012/07/06 11:53:20 | 000,217,536 | ---- | M] (Facebook) -- C:\Users\Greg\AppData\Local\Facebook\Messenger\2.1.4570.0\FacebookMessenger.exe
PRC - [2012/06/19 15:10:59 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,258,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/08/02 15:06:36 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2011/08/01 14:35:42 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe
PRC - [2010/08/02 20:14:17 | 000,028,766 | ---- | M] (IObit) -- C:\Program Files\IObitBar\toolbar\1.bin\i0barsvc.exe
PRC - [2010/08/02 20:14:17 | 000,020,480 | ---- | M] (IObit) -- C:\Program Files\IObitBar\toolbar\1.bin\i0brmon.exe
PRC - [2010/02/19 19:43:34 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2009/07/24 15:05:24 | 000,762,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2009/07/24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/03 18:36:38 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2008/07/18 22:42:10 | 006,246,400 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/07/18 22:42:08 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2008/07/15 13:12:48 | 001,226,024 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/05/23 16:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/05/02 16:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/03/17 18:29:52 | 000,025,840 | ---- | M] () -- C:\Program Files\Dell V105\dldnmsdmon.exe
PRC - [2008/03/17 18:29:48 | 000,668,912 | ---- | M] () -- C:\Program Files\Dell V105\dldnmon.exe
PRC - [2008/03/04 19:42:40 | 000,595,184 | ---- | M] ( ) -- C:\Windows\System32\dldncoms.exe
PRC - [2008/01/21 12:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2006/03/08 10:56:00 | 000,278,528 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
PRC - [2002/01/01 22:19:00 | 001,066,496 | ---- | M] (OtakuSoftware) -- C:\Users\Greg\Deskspace\deskspace.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/05 20:58:56 | 021,015,488 | ---- | M] () -- C:\Users\Greg\AppData\Local\Facebook\Messenger\2.1.4570.0\libcef.dll
MOD - [2012/07/05 20:58:16 | 000,284,096 | ---- | M] () -- C:\Users\Greg\AppData\Local\Facebook\Messenger\2.1.4570.0\CefSharp.WinForms.dll
MOD - [2012/07/05 20:56:24 | 000,456,128 | ---- | M] () -- C:\Users\Greg\AppData\Local\Facebook\Messenger\2.1.4570.0\CefSharp.dll
MOD - [2012/06/19 15:10:57 | 020,313,384 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2012/06/19 15:10:42 | 000,895,312 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2012/06/19 15:10:41 | 001,099,576 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-53.dll
MOD - [2012/06/19 15:10:41 | 000,190,776 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-53.dll
MOD - [2012/06/19 15:10:41 | 000,123,192 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-51.dll
MOD - [2012/06/14 07:42:59 | 015,881,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\35d5c990de9a4f3960faa37e2cc1f50f\MenuSkinning.ni.dll
MOD - [2012/06/14 07:42:46 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012/06/14 07:42:34 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\1802136e1ae5bc81fb17204ea694bc00\VistaBridgeLibrary.ni.dll
MOD - [2012/06/14 07:42:33 | 002,261,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\e510ac58495dd599fac0176a996c793b\DellDock.ni.exe
MOD - [2012/06/14 07:42:30 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\d47ab8d1043612fbc28fd67ff61e15cb\MyDock.Util.ni.dll
MOD - [2012/06/14 07:40:43 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 07:40:34 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/05/10 22:23:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 22:23:02 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/10 22:22:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/10 19:54:12 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll
MOD - [2012/05/09 21:54:48 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/09 21:54:06 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\81983f051a8a49dabc8bcacc3b814189\System.Data.ni.dll
MOD - [2012/05/09 21:52:32 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/09 21:51:11 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/08/10 17:27:55 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2009/04/11 16:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009/03/30 14:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/10/03 18:42:24 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3021.38476__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008/10/03 18:42:24 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3021.38434__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008/10/03 18:42:24 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3021.38488__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008/10/03 18:42:24 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3021.38664__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008/10/03 18:42:24 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3021.38629__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008/10/03 18:42:24 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3021.38468__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008/10/03 18:42:24 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3021.38587__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008/10/03 18:42:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3021.38455__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008/10/03 18:42:23 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3021.38696__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008/10/03 18:42:15 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3021.38720__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2008/10/03 18:42:15 | 000,348,160 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3021.38636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2008/10/03 18:42:15 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3021.38702__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008/10/03 18:42:15 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3021.38643__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008/10/03 18:42:15 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3021.38448__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008/10/03 18:42:15 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3021.38636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2008/10/03 18:42:15 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3021.38695__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2008/10/03 18:42:14 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3021.38595__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2008/10/03 18:42:14 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3021.38501__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2008/10/03 18:42:14 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3021.38588__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008/10/03 18:42:14 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3021.38581__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2008/10/03 18:42:14 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3021.38456__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008/10/03 18:42:14 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3021.38656__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2008/10/03 18:42:14 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3021.38495__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008/10/03 18:42:14 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3021.38608__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2008/10/03 18:42:14 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3021.38595__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2008/10/03 18:42:14 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3021.38719__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2008/10/03 18:42:14 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3021.38587__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008/10/03 18:42:14 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3021.38507__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2008/10/03 18:42:14 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3021.38608__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2008/10/03 18:42:14 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3021.38622__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008/10/03 18:42:13 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3021.38594__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008/10/03 18:42:13 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3005.17465__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008/10/03 18:42:13 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3005.17466__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008/10/03 18:42:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3005.17518__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008/10/03 18:42:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3005.17490__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008/10/03 18:42:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3005.17473__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008/10/03 18:42:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3005.17510__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008/10/03 18:42:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3005.17517__90ba9c70f846762e\DEM.OS.dll
MOD - [2008/10/03 18:42:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3005.17516__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2008/10/03 18:42:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3005.17562__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008/10/03 18:42:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3005.17512__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008/10/03 18:42:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3005.17563__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008/10/03 18:42:13 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008/10/03 18:42:12 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3005.17541__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008/10/03 18:42:12 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3005.17553__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2008/10/03 18:42:12 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3005.17468__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008/10/03 18:42:12 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3005.17493__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008/10/03 18:42:12 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3005.17540__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008/10/03 18:42:12 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3005.17535__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008/10/03 18:42:12 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3005.17536__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2008/10/03 18:42:12 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008/10/03 18:42:12 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3005.17535__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008/10/03 18:42:12 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3005.17556__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008/10/03 18:42:12 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3005.17539__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008/10/03 18:42:12 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3005.17506__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008/10/03 18:42:12 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3005.17608__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008/10/03 18:42:12 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3005.17556__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2008/10/03 18:42:12 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3005.17531__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2008/10/03 18:42:12 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3005.17521__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008/10/03 18:42:12 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3005.17537__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2008/10/03 18:42:12 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3005.17514__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008/10/03 18:42:12 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2008/10/03 18:42:12 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3005.17496__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008/10/03 18:42:12 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3005.17491__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008/10/03 18:42:12 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3005.17479__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008/10/03 18:42:12 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3005.17522__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008/10/03 18:42:12 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3005.17511__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008/10/03 18:42:12 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2008/10/03 18:42:12 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3005.17519__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008/10/03 18:42:12 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008/10/03 18:42:12 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3005.17488__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008/10/03 18:42:12 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3005.17530__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008/10/03 18:42:12 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3005.17521__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008/10/03 18:42:11 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008/10/03 18:42:11 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3005.17489__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008/10/03 18:42:09 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3021.38463__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008/10/03 18:42:09 | 000,417,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3021.38678__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2008/10/03 18:42:09 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3021.38687__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008/10/03 18:42:09 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3021.38686__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008/10/03 18:42:09 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3005.17514__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008/10/03 18:42:09 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3021.38712__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008/10/03 18:42:09 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3005.17475__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008/10/03 18:42:09 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3005.17484__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008/10/03 18:42:09 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3005.17513__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008/10/03 18:42:09 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3005.17511__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008/10/03 18:42:09 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3005.17481__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2008/10/03 18:42:09 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3021.38723__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2008/10/03 18:42:09 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3021.38426__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008/10/03 18:42:08 | 001,511,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3021.38442__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008/10/03 18:42:08 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3021.38426__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008/10/03 18:42:08 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3021.38426__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008/10/03 18:42:08 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3021.38424__90ba9c70f846762e\APM.Server.dll
MOD - [2008/10/03 18:42:08 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3021.38425__90ba9c70f846762e\AEM.Server.dll
MOD - [2008/10/03 18:42:08 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3005.17499__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008/10/03 18:42:08 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3021.38686__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008/10/03 18:42:08 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008/10/03 18:42:08 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3005.17508__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008/10/03 18:42:08 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3005.17542__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008/05/21 16:11:06 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008/03/17 18:29:52 | 000,025,840 | ---- | M] () -- C:\Program Files\Dell V105\dldnmsdmon.exe
MOD - [2008/03/17 18:29:48 | 000,668,912 | ---- | M] () -- C:\Program Files\Dell V105\dldnmon.exe
MOD - [2008/03/14 15:59:28 | 000,782,336 | ---- | M] () -- C:\Program Files\Dell V105\dldndrs.dll
MOD - [2008/03/14 15:58:48 | 000,380,928 | ---- | M] () -- C:\Program Files\Dell V105\dldnscw.dll
MOD - [2008/02/19 10:05:38 | 000,036,864 | ---- | M] () -- C:\Program Files\Dell V105\app4r.monitor.core.dll
MOD - [2008/02/19 10:05:38 | 000,028,672 | ---- | M] () -- C:\Program Files\Dell V105\app4r.monitor.common.dll
MOD - [2008/02/19 10:04:38 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell V105\app4r.devmons.mcmdevmon.dll
MOD - [2008/02/12 14:50:40 | 000,688,128 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
MOD - [2008/01/23 09:08:22 | 000,081,920 | ---- | M] () -- C:\Program Files\Dell V105\dldncaps.dll
MOD - [2008/01/23 08:59:20 | 000,151,552 | ---- | M] () -- C:\Program Files\Dell V105\dldnmonr.dll
MOD - [2008/01/21 23:05:56 | 000,077,906 | ---- | M] () -- C:\Program Files\Dell V105\dldncfg.dll
MOD - [2007/11/22 05:55:48 | 000,011,776 | ---- | M] () -- C:\Program Files\Dell V105\app4r.devmons.mcmdevmon.autoplayutil.dll
MOD - [2007/10/02 11:51:10 | 000,069,632 | ---- | M] () -- C:\Program Files\Dell V105\dldncnv4.dll
MOD - [2007/05/29 04:39:08 | 000,589,824 | ---- | M] () -- C:\Program Files\Dell V105\dldndatr.dll
MOD - [2002/01/01 22:18:58 | 000,049,152 | ---- | M] () -- C:\Users\Greg\Deskspace\deskspace151.dll

Johnny270268, Jul 16, 2012

#79
Johnny270268 Newcomer, in training Posts: 81

OTL Log File (Part 2),

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2012/07/16 05:02:10 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/19 15:10:59 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/05/16 01:50:00 | 004,135,800 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/08/02 20:14:17 | 000,028,766 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObitBar\toolbar\1.bin\i0barsvc.exe -- (IObitBarService)
SRV - [2010/02/19 19:43:34 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009/07/24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/10/03 18:36:38 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2008/07/18 22:42:08 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2008/05/02 16:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/04/01 15:55:42 | 000,099,568 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldnserv.exe -- (dldnCATSCustConnectService)
SRV - [2008/03/04 19:42:40 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldncoms.exe -- (dldn_device)
SRV - [2008/01/21 12:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/21 12:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/21 12:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva397.sys -- (XDva397)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva394.sys -- (XDva394)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva392.sys -- (XDva392)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva391.sys -- (XDva391)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva390.sys -- (XDva390)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva388.sys -- (XDva388)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva386.sys -- (XDva386)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva385.sys -- (XDva385)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva384.sys -- (XDva384)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva383.sys -- (XDva383)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva382.sys -- (XDva382)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva380.sys -- (XDva380)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva379.sys -- (XDva379)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva377.sys -- (XDva377)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva375.sys -- (XDva375)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva374.sys -- (XDva374)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva372.sys -- (XDva372)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva370.sys -- (XDva370)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva368.sys -- (XDva368)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva367.sys -- (XDva367)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva366.sys -- (XDva366)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva362.sys -- (XDva362)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva361.sys -- (XDva361)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva359.sys -- (XDva359)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva358.sys -- (XDva358)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva352.sys -- (XDva352)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva349.sys -- (XDva349)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva348.sys -- (XDva348)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva347.sys -- (XDva347)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva346.sys -- (XDva346)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva345.sys -- (XDva345)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva344.sys -- (XDva344)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva342.sys -- (XDva342)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva341.sys -- (XDva341)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva337.sys -- (XDva337)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva336.sys -- (XDva336)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Greg\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/07/16 17:36:33 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{62D9B805-39BF-439B-8A95-F7261A964B5A}\MpKsl345317f0.sys -- (MpKsl345317f0)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/07/01 17:12:26 | 000,012,096 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mv2.sys -- (mv2)
DRV - [2009/08/25 15:46:36 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/07/24 15:05:24 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2009/04/11 14:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/07/21 21:18:20 | 000,027,648 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/07/10 21:28:50 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/07/02 16:43:50 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/07/02 16:43:46 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/21 16:11:00 | 003,591,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/05/21 16:11:00 | 003,591,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/01/21 12:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {64d23501-5195-4224-9446-e2b0fb64e859} - C:\Program Files\HiGames\tbHiG1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {6d8d66f3-14fc-4736-a096-fac0ea66289c} - C:\Program Files\midicase\prxtbmidi.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - No CLSID value found
IE - HKLM\..\URLSearchHook: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Program Files\Elf_1.15\tbElf_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...&oe={outputEncoding}&sourceid=ie7&rlz=1I7DAAU
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2795637

IE - HKU\.DEFAULT\..\URLSearchHook: {7757CBCC-0975-4b79-A519-90B142CA3A23} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:53153

IE - HKU\S-1-5-18\..\URLSearchHook: {7757CBCC-0975-4b79-A519-90B142CA3A23} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:53153

IE - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/index.php?lh=c0eff49bfa52c6577d051ffa05300cc9&eu=XVUHAKl-eM-CZ8lbII58wQ
IE - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\..\URLSearchHook: {6d8d66f3-14fc-4736-a096-fac0ea66289c} - C:\Program Files\midicase\prxtbmidi.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\..\URLSearchHook: {970a72ad-2603-4b4e-bb28-aff6ab80cccd} - No CLSID value found
IE - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\..\URLSearchHook: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Program Files\Elf_1.15\tbElf_.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\..\SearchScopes,DefaultScope = {AB6949AA-9BE6-42BE-A363-96816267F568}
IE - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=gFZv3yHKFEghNH7s70KtIlaQCN0?q={searchTerms}
IE - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\..\SearchScopes\{AB6949AA-9BE6-42BE-A363-96816267F568}: "URL" = http://findgala.com/?&uid=5606&q={searchTerms}
IE - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2795637
IE - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\..\SearchScopes\Live Search: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@CrazyForCricket_3k.com/Plugin: C:\Program Files\CrazyForCricket_3k\bar\1.bin\NP3kStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@ei.CrazyForCricket_3k.com/Plugin: C:\Program Files\CrazyForCricket_3kEI\Installr\2.bin\NP3kEISB.dll (CrazyForCricket)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@IObitBar.com/Plugin: C:\Program Files\IObitBar\toolbar\1.bin\NPi0Stub.dll (IObit Pty Ltd)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@powerchallenge.com/PowerLoader: C:\Users\Greg\AppData\LocalLow\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Greg\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Greg\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Greg\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Greg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Greg\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Greg\AppData\Local\Facebook\Messenger\2.1.4570.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/12 18:43:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\i0ffxtbr@IObitBar.com: C:\Program Files\IObitBar\toolbar\1.bin [2012/07/16 06:38:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\3kffxtbr@CrazyForCricket_3k.com: C:\Program Files\CrazyForCricket_3k\bar\1.bin [2012/07/16 17:31:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/12 18:43:36 | 000,000,000 | ---D | M]

[2010/11/20 14:52:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Extensions
[2010/05/10 20:06:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\extensions
[2010/05/10 20:06:08 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Greg\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Greg\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Greg\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: CrazyForCricket Installer Plugin Stub (Enabled) = C:\Program Files\CrazyForCricket_3kEI\Installr\2.bin\NP3kEISB.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\CrazyForCricket_3k\bar\1.bin\NP3kStub.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: IObit Toolbar Plugin Stub (Enabled) = C:\Program Files\IObitBar\toolbar\1.bin\NPi0Stub.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\2.bin\NPMyWebS.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Power Challenge Loader (Enabled) = C:\Users\Greg\AppData\LocalLow\POWERC~1\nppowerloader.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Greg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Greg\AppData\Local\Facebook\Messenger\2.1.4570.0\npFbDesktopPlugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Greg\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Greg\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Game Face Plugin (Enabled) = C:\Users\Greg\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Skype Click to Call = C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\

O1 HOSTS File: ([2012/07/16 06:43:17 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
O2 - BHO: (HiGames Toolbar) - {64d23501-5195-4224-9446-e2b0fb64e859} - C:\Program Files\HiGames\tbHiG1.dll (Conduit Ltd.)
O2 - BHO: (midicase Toolbar) - {6d8d66f3-14fc-4736-a096-fac0ea66289c} - C:\Program Files\midicase\prxtbmidi.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Elf 1.15 Toolbar) - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Program Files\Elf_1.15\tbElf_.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (HiGames Toolbar) - {64d23501-5195-4224-9446-e2b0fb64e859} - C:\Program Files\HiGames\tbHiG1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (midicase Toolbar) - {6d8d66f3-14fc-4736-a096-fac0ea66289c} - C:\Program Files\midicase\prxtbmidi.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Elf 1.15 Toolbar) - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Program Files\Elf_1.15\tbElf_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (HiGames Toolbar) - {64D23501-5195-4224-9446-E2B0FB64E859} - C:\Program Files\HiGames\tbHiG1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (HiGames Toolbar) - {64D23501-5195-4224-9446-E2B0FB64E859} - C:\Program Files\HiGames\tbHiG1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\..\Toolbar\WebBrowser: (HiGames Toolbar) - {64D23501-5195-4224-9446-E2B0FB64E859} - C:\Program Files\HiGames\tbHiG1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\..\Toolbar\WebBrowser: (midicase Toolbar) - {6D8D66F3-14FC-4736-A096-FAC0EA66289C} - C:\Program Files\midicase\prxtbmidi.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\..\Toolbar\WebBrowser: (Elf 1.15 Toolbar) - {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - C:\Program Files\Elf_1.15\tbElf_.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [dldnamon] C:\Program Files\Dell V105\dldnamon.exe ()
O4 - HKLM..\Run: [dldnmon.exe] C:\Program Files\Dell V105\dldnmon.exe ()
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [IObitBar Browser Plugin Loader] C:\Program Files\IObitBar\toolbar\1.bin\i0brmon.exe (IObit)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000..\Run: [DeskSpace] C:\Users\Greg\Deskspace\deskspace.exe (OtakuSoftware)
O4 - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000..\Run: [Facebook Update] C:\Users\Greg\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000..\Run: [MtdAcqu] C:\Program Files\Creative\MediaSource5\MtdAcqu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskSpace.lnk = File not found
O4 - Startup: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Greg\AppData\Local\Facebook\Messenger\2.1.4570.0\FacebookMessenger.exe (Facebook)
O4 - Startup: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2530732781-1678084383-3266196856-1000\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 61.9.211.33 61.9.211.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1F54933-DCC8-470B-B71B-D61CF1D46C06}: DhcpNameServer = 61.9.211.33 61.9.211.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Greg\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Greg\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

Johnny270268, Jul 16, 2012

#80

Page 4 of 5

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.