Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess rootkit.


  • This topic is locked This topic is locked
51 replies to this topic

#1 Depraved

Depraved

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 30 July 2013 - 03:43 PM

I started over here http://www.bleepingcomputer.com/forums/t/502552/problem-with-windows-live-security-possible-infection/

My windows security essentials just disappeared one day, my laptop was a shared computer but it's now just being used by me. 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16496
Run by Sammi at 13:36:59 on 2013-07-30
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.8086.5325 [GMT -7:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files\Cypress\TrackPad\CyCpIo.exe
C:\Program Files\Cypress\TrackPad\CyHidWin.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {390C7E87-153C-12DB-2EA6-0BB301EB26E9} - C:\Windows\SysWOW64\D3DX9_400.dll
BHO: {491C440D-305E-0124-0099-0F3E390C7E87} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Facebook Update] "C:\Users\Sammi\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [DellSystemDetect] C:\Users\Sammi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Sammi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: dell.com
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
TCP: NameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{292D15AA-00AB-4CB8-9BFA-CAD18F841AA8} : DHCPNameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{292D15AA-00AB-4CB8-9BFA-CAD18F841AA8}\0556475627723702E4564777F627B6 : DHCPNameServer = 64.59.144.17 64.59.150.133
TCP: Interfaces\{292D15AA-00AB-4CB8-9BFA-CAD18F841AA8}\2656C6B696E6E2030303 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{292D15AA-00AB-4CB8-9BFA-CAD18F841AA8}\46C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{292D15AA-00AB-4CB8-9BFA-CAD18F841AA8}\935313435434 : DHCPNameServer = 64.59.144.19 64.59.150.135
TCP: Interfaces\{292D15AA-00AB-4CB8-9BFA-CAD18F841AA8}\C496E6B6379737 : DHCPNameServer = 64.59.144.18 64.59.144.19 64.59.150.133
TCP: Interfaces\{77E6676B-6D97-472C-809D-2FA4F3471A67} : DHCPNameServer = 64.59.144.17 64.59.150.133
TCP: Interfaces\{77E6676B-6D97-472C-809D-2FA4F3471A67}\0556475627723702E4564777F627B6 : DHCPNameServer = 64.59.144.17 64.59.150.133
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
x64-Run: [CyCpIo] C:\Program Files\Cypress\TrackPad\CyCpIo.exe
x64-Run: [CyHidWin] C:\Program Files\Cypress\TrackPad\CyHidWin.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-12-19 30056]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-9-22 55856]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2011-9-22 21616]
R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2012-12-19 284008]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-9-22 98208]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2013-4-11 772064]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-9-12 135984]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-12-14 13336]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-9-22 1692480]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-7-12 3289472]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-22 2656280]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-4-18 3388144]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2011-9-22 27760]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2013-4-11 164832]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-8-29 53760]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-10-10 327168]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-9-22 176096]
R3 cyhid;Cypress Input Device;C:\Windows\System32\drivers\cyhid.sys [2011-9-22 108032]
R3 cykbfltrService;Cypress Keyboard Filter Driver;C:\Windows\System32\drivers\cykbfltr.sys [2011-9-22 11264]
R3 cymfltrService;Cypress Trackpad Filter Driver;C:\Windows\System32\drivers\cymfltr.sys [2011-9-22 70656]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-10-11 60416]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-9-22 317440]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2013-1-28 25528]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-9-22 76912]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-9-13 95744]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-9-13 212992]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 usb3Hub;Intel UoIP Bus;C:\Windows\System32\drivers\usb3Hub.sys [2013-1-28 48024]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-5-17 42392]
R3 XHCIPort;Intel UoIP Host Controller;C:\Windows\System32\drivers\xHCIPort.sys [2013-1-28 194456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2013-4-11 164832]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2011-4-19 1254464]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-9-22 158976]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2013-1-28 35256]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-9-22 172632]
S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2012-1-10 34304]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-2-22 28160]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-4-18 273136]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\System32\drivers\nmwcdnsucx64.sys [2012-1-9 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2012-1-9 171008]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2012-1-12 16448]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-7 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-07-29 05:40:25 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-29 02:26:46 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-07-24 05:55:39 -------- d-----w- C:\Users\Sammi\AppData\Local\Artist Colony
2013-07-24 05:55:39 -------- d-----w- C:\ProgramData\Artist Colony
2013-07-22 00:18:06 -------- d-----w- C:\Users\Sammi\AppData\Roaming\Stand O'Food 3
2013-07-21 21:32:16 -------- d-----w- C:\e90942a14ac551ff4a4d
2013-07-21 17:38:02 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2013-07-21 17:21:06 -------- d-----w- C:\dacd1b4375d89bc20028c7
2013-07-21 08:04:25 -------- d-----w- C:\Users\Sammi\AppData\Roaming\Roxio Log Files
2013-07-21 07:54:10 -------- d-----w- C:\Users\Sammi\AppData\Local\Programs
2013-07-20 14:55:51 -------- d-----w- C:\Users\Sammi\AppData\Roaming\Elephant Games
2013-07-20 14:47:19 -------- d-----w- C:\Windows\Mystery Trackers 5 - Silent Hollow Collector's Edition
2013-07-16 10:00:33 -------- d-----w- C:\Windows\System32\MRT
2013-07-15 04:10:13 -------- d-----w- C:\Users\Sammi\AppData\Roaming\AlawarEntertainment
2013-07-15 04:03:04 -------- d-----w- C:\Windows\Stray Souls 2 - Stolen Memories Collector's Edition
2013-07-13 18:09:56 -------- d-----w- C:\Users\Sammi\AppData\Local\Chronicles of Albian 2
2013-07-13 18:07:49 -------- d-----w- C:\Windows\SysWow64\3056
2013-07-12 02:08:08 -------- d-----w- C:\Users\Sammi\AppData\Roaming\Eipix
2013-07-12 02:02:50 -------- d-----w- C:\Program Files (x86)\Chronicles of Albian 2 - The Wizbury School of Magic
2013-07-12 02:02:40 -------- d-----w- C:\Windows\SysWow64\3055
2013-07-12 01:57:53 -------- d-----w- C:\Windows\Final Cut 2 - Encore Collector's Edition
2013-07-10 22:57:31 -------- d-----w- C:\Users\Sammi\AppData\Roaming\Nekobolt
2013-07-10 22:54:29 -------- d-----w- C:\Windows\Baking Success
2013-07-10 22:54:29 -------- d-----w- C:\Program Files (x86)\Baking Success
2013-07-10 22:54:19 -------- d-----w- C:\Windows\SysWow64\3054
2013-07-10 22:31:48 -------- d-----w- C:\Users\Sammi\AppData\Roaming\SerpentOfIsis
2013-07-10 07:19:34 1545728 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-10 07:19:34 1077760 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-07-10 07:19:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-07-10 07:19:13 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-07-10 07:19:12 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-10 07:19:12 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-10 07:18:46 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-07-10 07:18:45 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 07:18:45 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-10 07:18:45 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-10 07:18:45 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-10 07:18:45 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-08 20:41:01 -------- d-----w- C:\Users\Sammi\AppData\Local\FairyIsland
2013-07-08 20:40:42 -------- d-----w- C:\Windows\Fairy Island
2013-07-07 20:22:35 -------- d-sh--w- C:\Users\Sammi\AppData\Roaming\.#
2013-07-07 20:22:10 -------- d-----w- C:\Windows\Burger Island 2
2013-07-07 20:22:10 -------- d-----w- C:\Program Files (x86)\Burger Island 2
2013-07-07 05:30:29 -------- d-----w- C:\Users\Sammi\AppData\Roaming\Sarah's Emergency Hospital
2013-07-07 05:30:00 -------- d-----w- C:\Windows\Emergency Hospital
2013-07-07 05:30:00 -------- d-----w- C:\Program Files (x86)\Emergency Hospital
2013-07-07 05:15:35 -------- d-----w- C:\ProgramData\rionix
2013-07-07 05:15:26 -------- d-----w- C:\Windows\Tropical Farm
2013-07-07 05:15:26 -------- d-----w- C:\Program Files (x86)\Tropical Farm
2013-07-07 02:57:09 -------- d-----w- C:\Windows\Cinema Tycoon 2  Movie Mania
2013-07-05 05:38:59 -------- d-----w- C:\Users\Sammi\AppData\Roaming\Jane s Hotel  Family Hero
2013-07-05 05:37:25 -------- d-----w- C:\Users\Sammi\AppData\Roaming\CasualForge
.
==================== Find3M  ====================
.
2013-07-21 07:34:21 71048 ------w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-21 07:34:21 692104 ------w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-20 14:49:11 328704 ----a-w- C:\Windows\System32\services.exe
2013-06-19 19:22:38 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-06-19 19:22:38 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-05-29 05:43:16 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-29 05:35:44 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-05-29 05:34:14 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-05-29 05:29:56 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-05-29 05:29:02 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-05-29 05:25:09 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-29 01:50:14 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-29 01:41:52 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-05-29 01:41:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-29 01:37:15 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-05-29 01:36:09 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-05-29 01:33:22 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 13:37:13.17 ===============
 

 



BC AdBot (Login to Remove)

 


#2 Depraved

Depraved
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 30 July 2013 - 03:47 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 05/10/2011 5:04:58 PM
System Uptime: 29/07/2013 5:05:03 AM (32 hours ago)
.
Motherboard: Dell Inc. |  | 060G42
Processor: Intel® Core™ i7-2620M CPU @ 2.70GHz | CPU | 2701/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 679 GiB total, 223.28 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP303: 24/07/2013 3:00:17 AM - Windows Update
RP304: 25/07/2013 3:00:17 AM - Windows Update
RP305: 28/07/2013 7:25:05 PM - Windows Update
RP306: 28/07/2013 7:42:31 PM - Removed JavaFX 2.1.1
RP307: 28/07/2013 7:42:48 PM - Removed Java 7 Update 25
RP308: 28/07/2013 7:43:34 PM - Removed Java™ 6 Update 24 (64-bit)
RP309: 28/07/2013 7:47:22 PM - Windows Backup
RP310: 29/07/2013 3:00:20 AM - Windows Update
RP311: 30/07/2013 3:00:17 AM - Windows Update
.
==== Installed Programs ======================
.
AC3Filter 1.63b
AccelerometerP11
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 11.6
Advanced Audio FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Artist Colony 1.00
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Baking Success
Bonjour
Burger Island 2
Burger Shop
CCleaner
ConvertXtoDVD 2.2.3.258
Cooking Dash 2 DinerTown Studios 1.00
Cozi
Cypress TrackPad
D3DX10
Defraggler
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Edoc Viewer
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell System Detect
Dell VideoStage 
Dell Webcam Central
DivX Setup
Emergency Hospital
Escape From Paradise 2 - A Kingdom's Quest 1.00
Facebook Video Calling 1.2.0.287
Farm for your Life
Gemini Lost
Google Chrome
Google Earth Plug-in
Google Update Helper
GoToAssist Corporate
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless for Bluetooth® + High Speed
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® PROSet/Wireless WiFi Software Driver
Intel® Rapid Storage Technology
Intel® Turbo Boost Technology Monitor 2.0
Intel® Update Manager
Intel® WiDi
Intel® Wireless Display
Intel® PROSet/Wireless Software
Intel® PROSet/Wireless WiFi Software
iTunes
Jack of all Tribes 1.00
Janes Hotel  Family Hero 1.00
Junk Mail filter update
Magic Farm Ultimate Flower 1.00
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Mouse and Keyboard Center
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Security Client
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC100_CRT_SP1_x64
Microsoft_VC100_CRT_SP1_x86
Mobipocket Reader 6.2
MSVC80_x64_v2
MSVC80_x86_v2
MSVC90_x64
MSVC90_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
My Dell
Next Generation Visualisations
Nokia Connectivity Cable Driver
NVIDIA 3D Vision Driver 310.70
NVIDIA Control Panel 310.70
NVIDIA Graphics Driver 310.70
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA Optimus 1.11.3
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
PC Connectivity Solution
Pet Shop Hop
Pet Store Panic
Plant Tycoon
Quickset64
RAMMon V1.0
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
RuneScape Launcher 1.2.2
Sally's Studio Collector's Edition 1.00
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Shared C Run-time for x64
Shop it Up 1.00
Skype Click to Call
Skype™ 6.3
SUPERAntiSpyware
Supermarket Mania 2 1.00
swMSM
System Requirements Lab for Intel
Terrafirma
The Fifth Gate .
The Sims Medieval.v 1.0.286.00001
Tropical Farm
TrustedID
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
VC80CRTRedist - 8.0.50727.6195
VLC media player 2.0.7
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR 4.10 beta 1 (64-bit)
Zoo Tycoon 2 - Extinct Animals
.
==== Event Viewer Messages From Past Week ========
.
30/07/2013 3:01:17 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 10 for Windows 7 for x64-based Systems.
28/07/2013 10:38:04 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
28/07/2013 10:38:03 PM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
28/07/2013 10:38:03 PM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
28/07/2013 10:35:15 PM, Error: Service Control Manager [7023]  - The WinDefend service terminated with the following error:  Access is denied.
23/07/2013 7:47:11 AM, Error: Service Control Manager [7034]  - The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================


#3 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:03:48 AM

Posted 01 August 2013 - 05:34 PM

Hello Depraved and welcome to Bleeping Computer!

I am D-FRED-BROWN and I will be helping you. smile.png

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.


----------Step 1----------------
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------
Please download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

----------Step 3----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


----------Step 4----------------
Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 5----------------
In your next reply, please include the following:

  • TDSSKiller's logfile
  • MBAR mbar-log.txt and system-log.txt
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. smile.png

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"
 

-------> Your topic will be closed if you haven't replied within 3 days! <--------
(If I don't respond within 24 hours, please send me a PM)



-DFB



#4 Depraved

Depraved
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 01 August 2013 - 11:36 PM

19:13:29.0240 7300  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
19:13:29.0744 7300  ============================================================
19:13:29.0744 7300  Current date / time: 2013/08/01 19:13:29.0744
19:13:29.0744 7300  SystemInfo:
19:13:29.0744 7300  
19:13:29.0744 7300  OS Version: 6.1.7601 ServicePack: 1.0
19:13:29.0744 7300  Product type: Workstation
19:13:29.0744 7300  ComputerName: SAMMI-PC
19:13:29.0744 7300  UserName: Sammi
19:13:29.0744 7300  Windows directory: C:\Windows
19:13:29.0744 7300  System windows directory: C:\Windows
19:13:29.0744 7300  Running under WOW64
19:13:29.0744 7300  Processor architecture: Intel x64
19:13:29.0744 7300  Number of processors: 4
19:13:29.0744 7300  Page size: 0x1000
19:13:29.0744 7300  Boot type: Normal boot
19:13:29.0744 7300  ============================================================
19:13:30.0199 7300  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:13:30.0207 7300  ============================================================
19:13:30.0207 7300  \Device\Harddisk0\DR0:
19:13:30.0208 7300  MBR partitions:
19:13:30.0208 7300  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000
19:13:30.0208 7300  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x54E01EF0
19:13:30.0208 7300  ============================================================
19:13:30.0239 7300  C: <-> \Device\Harddisk0\DR0\Partition2
19:13:30.0239 7300  ============================================================
19:13:30.0239 7300  Initialize success
19:13:30.0239 7300  ============================================================
19:13:47.0081 7852  ============================================================
19:13:47.0081 7852  Scan started
19:13:47.0081 7852  Mode: Manual; 
19:13:47.0081 7852  ============================================================
19:13:47.0290 7852  ================ Scan system memory ========================
19:13:47.0290 7852  System memory - ok
19:13:47.0290 7852  ================ Scan services =============================
19:13:47.0358 7852  [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
19:13:47.0360 7852  !SASCORE - ok
19:13:47.0502 7852  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:13:47.0502 7852  1394ohci - ok
19:13:47.0533 7852  [ E0065CBF1A25C015C218457D2CD522B9 ] Acceler         C:\Windows\system32\DRIVERS\Accelern.sys
19:13:47.0533 7852  Acceler - ok
19:13:47.0565 7852  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:13:47.0565 7852  ACPI - ok
19:13:47.0580 7852  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:13:47.0596 7852  AcpiPmi - ok
19:13:47.0674 7852  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:13:47.0689 7852  AdobeARMservice - ok
19:13:47.0783 7852  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:13:47.0783 7852  AdobeFlashPlayerUpdateSvc - ok
19:13:47.0815 7852  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:13:47.0831 7852  adp94xx - ok
19:13:47.0862 7852  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:13:47.0878 7852  adpahci - ok
19:13:47.0909 7852  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:13:47.0909 7852  adpu320 - ok
19:13:47.0924 7852  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:13:47.0924 7852  AeLookupSvc - ok
19:13:47.0971 7852  [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
19:13:47.0971 7852  AERTFilters - ok
19:13:48.0019 7852  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
19:13:48.0031 7852  AFD - ok
19:13:48.0068 7852  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:13:48.0069 7852  agp440 - ok
19:13:48.0093 7852  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:13:48.0096 7852  ALG - ok
19:13:48.0119 7852  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:13:48.0120 7852  aliide - ok
19:13:48.0131 7852  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:13:48.0132 7852  amdide - ok
19:13:48.0166 7852  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:13:48.0167 7852  AmdK8 - ok
19:13:48.0183 7852  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
19:13:48.0185 7852  AmdPPM - ok
19:13:48.0204 7852  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:13:48.0206 7852  amdsata - ok
19:13:48.0217 7852  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:13:48.0219 7852  amdsbs - ok
19:13:48.0233 7852  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:13:48.0233 7852  amdxata - ok
19:13:48.0269 7852  [ 9C385432C11AECC647E8D0BC7663AB48 ] AMPPAL          C:\Windows\system32\DRIVERS\AMPPAL.sys
19:13:48.0270 7852  AMPPAL - ok
19:13:48.0282 7852  [ 9C385432C11AECC647E8D0BC7663AB48 ] AMPPALP         C:\Windows\system32\DRIVERS\amppal.sys
19:13:48.0283 7852  AMPPALP - ok
19:13:48.0353 7852  [ CCB61487A9D9416EC8985279E37608BF ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
19:13:48.0364 7852  AMPPALR3 - ok
19:13:48.0389 7852  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
19:13:48.0390 7852  AppID - ok
19:13:48.0421 7852  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:13:48.0422 7852  AppIDSvc - ok
19:13:48.0447 7852  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
19:13:48.0450 7852  Appinfo - ok
19:13:48.0520 7852  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:13:48.0524 7852  Apple Mobile Device - ok
19:13:48.0574 7852  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
19:13:48.0576 7852  arc - ok
19:13:48.0599 7852  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:13:48.0602 7852  arcsas - ok
19:13:48.0701 7852  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:13:48.0704 7852  aspnet_state - ok
19:13:48.0744 7852  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:13:48.0745 7852  AsyncMac - ok
19:13:48.0798 7852  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
19:13:48.0800 7852  atapi - ok
19:13:48.0842 7852  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:13:48.0848 7852  AudioEndpointBuilder - ok
19:13:48.0857 7852  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:13:48.0861 7852  AudioSrv - ok
19:13:48.0873 7852  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:13:48.0875 7852  AxInstSV - ok
19:13:48.0890 7852  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
19:13:48.0900 7852  b06bdrv - ok
19:13:48.0932 7852  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:13:48.0932 7852  b57nd60a - ok
19:13:48.0979 7852  [ 6FA3557EA5FA09BA705298CC6B0E9F5A ] BCMH43XX        C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
19:13:49.0010 7852  BCMH43XX - ok
19:13:49.0026 7852  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:13:49.0026 7852  BDESVC - ok
19:13:49.0041 7852  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:13:49.0041 7852  Beep - ok
19:13:49.0072 7852  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
19:13:49.0088 7852  BFE - ok
19:13:49.0119 7852  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
19:13:49.0169 7852  BITS - ok
19:13:49.0178 7852  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:13:49.0179 7852  blbdrive - ok
19:13:49.0271 7852  [ 0F46D2845BD7DDACA52340ECC2B65DA3 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
19:13:49.0285 7852  Bluetooth Device Monitor - ok
19:13:49.0334 7852  [ 3341DE556EC28252D603277609EEF8BF ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
19:13:49.0342 7852  Bluetooth Media Service - ok
19:13:49.0387 7852  [ 5D5C3EC9BE1107DEDF0FEB55B7F3BD77 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
19:13:49.0392 7852  Bluetooth OBEX Service - ok
19:13:49.0418 7852  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:13:49.0424 7852  Bonjour Service - ok
19:13:49.0441 7852  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:13:49.0441 7852  bowser - ok
19:13:49.0457 7852  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
19:13:49.0457 7852  BrFiltLo - ok
19:13:49.0472 7852  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
19:13:49.0472 7852  BrFiltUp - ok
19:13:49.0519 7852  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
19:13:49.0535 7852  BridgeMP - ok
19:13:49.0566 7852  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
19:13:49.0566 7852  Browser - ok
19:13:49.0722 7852  [ BD2D29BAF273E029BBAC627AACA37594 ] BrowserDefendert C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
19:13:49.0831 7852  BrowserDefendert - ok
19:13:49.0862 7852  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:13:49.0862 7852  Brserid - ok
19:13:49.0878 7852  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:13:49.0878 7852  BrSerWdm - ok
19:13:49.0909 7852  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:13:49.0909 7852  BrUsbMdm - ok
19:13:49.0925 7852  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:13:49.0925 7852  BrUsbSer - ok
19:13:49.0971 7852  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
19:13:49.0971 7852  BthEnum - ok
19:13:50.0003 7852  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:13:50.0003 7852  BTHMODEM - ok
19:13:50.0034 7852  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
19:13:50.0034 7852  BthPan - ok
19:13:50.0081 7852  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
19:13:50.0096 7852  BTHPORT - ok
19:13:50.0127 7852  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
19:13:50.0127 7852  bthserv - ok
19:13:50.0175 7852  [ D30286FF3C7B6318C024D2BC2955C1BF ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
19:13:50.0177 7852  BTHSSecurityMgr - ok
19:13:50.0191 7852  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
19:13:50.0192 7852  BTHUSB - ok
19:13:50.0200 7852  btmaudio - ok
19:13:50.0225 7852  [ AB0A33001FE7EBB209D9D52CED11BE1A ] btmaux          C:\Windows\system32\DRIVERS\btmaux.sys
19:13:50.0228 7852  btmaux - ok
19:13:50.0255 7852  [ 40C6FEC49D1CC4D112368A2BCD2BCBB7 ] btmhsf          C:\Windows\system32\DRIVERS\btmhsf.sys
19:13:50.0259 7852  btmhsf - ok
19:13:50.0277 7852  catchme - ok
19:13:50.0314 7852  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:13:50.0315 7852  cdfs - ok
19:13:50.0354 7852  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:13:50.0356 7852  cdrom - ok
19:13:50.0381 7852  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:13:50.0382 7852  CertPropSvc - ok
19:13:50.0418 7852  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
19:13:50.0421 7852  circlass - ok
19:13:50.0440 7852  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:13:50.0440 7852  CLFS - ok
19:13:50.0487 7852  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:13:50.0487 7852  clr_optimization_v2.0.50727_32 - ok
19:13:50.0549 7852  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:13:50.0549 7852  clr_optimization_v2.0.50727_64 - ok
19:13:50.0612 7852  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:13:50.0612 7852  clr_optimization_v4.0.30319_32 - ok
19:13:50.0627 7852  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:13:50.0627 7852  clr_optimization_v4.0.30319_64 - ok
19:13:50.0659 7852  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:13:50.0659 7852  CmBatt - ok
19:13:50.0674 7852  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:13:50.0674 7852  cmdide - ok
19:13:50.0721 7852  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
19:13:50.0721 7852  CNG - ok
19:13:50.0768 7852  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:13:50.0768 7852  Compbatt - ok
19:13:50.0783 7852  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:13:50.0783 7852  CompositeBus - ok
19:13:50.0783 7852  COMSysApp - ok
19:13:50.0799 7852  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:13:50.0799 7852  crcdisk - ok
19:13:50.0846 7852  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:13:50.0861 7852  CryptSvc - ok
19:13:50.0877 7852  [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
19:13:50.0893 7852  CtClsFlt - ok
19:13:50.0971 7852  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:13:50.0986 7852  cvhsvc - ok
19:13:51.0049 7852  [ 6833D267DB7E18E0044D5FFEF872738B ] cyhid           C:\Windows\system32\DRIVERS\cyhid.sys
19:13:51.0049 7852  cyhid - ok
19:13:51.0064 7852  [ F4D88AD8FB26A239F5C9E9BE40BA3C09 ] cykbfltrService C:\Windows\system32\DRIVERS\cykbfltr.sys
19:13:51.0064 7852  cykbfltrService - ok
19:13:51.0095 7852  [ 182978565CE806829F9A8164CE9F159B ] cymfltrService  C:\Windows\system32\DRIVERS\cymfltr.sys
19:13:51.0095 7852  cymfltrService - ok
19:13:51.0127 7852  [ BA25D4B9B067248F7CAC416E855D706B ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
19:13:51.0127 7852  dc3d - ok
19:13:51.0173 7852  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:13:51.0189 7852  DcomLaunch - ok
19:13:51.0228 7852  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
19:13:51.0231 7852  defragsvc - ok
19:13:51.0241 7852  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:13:51.0242 7852  DfsC - ok
19:13:51.0272 7852  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:13:51.0281 7852  Dhcp - ok
19:13:51.0311 7852  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:13:51.0312 7852  discache - ok
19:13:51.0335 7852  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
19:13:51.0337 7852  Disk - ok
19:13:51.0371 7852  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:13:51.0374 7852  Dnscache - ok
19:13:51.0400 7852  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:13:51.0408 7852  dot3svc - ok
19:13:51.0431 7852  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
19:13:51.0433 7852  DPS - ok
19:13:51.0458 7852  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:13:51.0459 7852  drmkaud - ok
19:13:51.0516 7852  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:13:51.0532 7852  DXGKrnl - ok
19:13:51.0579 7852  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
19:13:51.0579 7852  EapHost - ok
19:13:51.0719 7852  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
19:13:51.0844 7852  ebdrv - ok
19:13:51.0875 7852  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
19:13:51.0875 7852  EFS - ok
19:13:51.0922 7852  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:13:51.0953 7852  ehRecvr - ok
19:13:51.0969 7852  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
19:13:51.0969 7852  ehSched - ok
19:13:52.0000 7852  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:13:52.0016 7852  elxstor - ok
19:13:52.0047 7852  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:13:52.0047 7852  ErrDev - ok
19:13:52.0078 7852  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
19:13:52.0094 7852  EventSystem - ok
19:13:52.0172 7852  [ E7ECD510AED32C19477976310173FAC3 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
19:13:52.0187 7852  EvtEng - ok
19:13:52.0219 7852  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
19:13:52.0222 7852  exfat - ok
19:13:52.0245 7852  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:13:52.0247 7852  fastfat - ok
19:13:52.0282 7852  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
19:13:52.0301 7852  Fax - ok
19:13:52.0326 7852  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
19:13:52.0329 7852  fdc - ok
19:13:52.0336 7852  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:13:52.0339 7852  fdPHost - ok
19:13:52.0365 7852  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:13:52.0366 7852  FDResPub - ok
19:13:52.0372 7852  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:13:52.0373 7852  FileInfo - ok
19:13:52.0389 7852  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:13:52.0392 7852  Filetrace - ok
19:13:52.0445 7852  [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:13:52.0471 7852  FLEXnet Licensing Service - ok
19:13:52.0502 7852  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
19:13:52.0502 7852  flpydisk - ok
19:13:52.0549 7852  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:13:52.0549 7852  FltMgr - ok
19:13:52.0611 7852  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
19:13:52.0627 7852  FontCache - ok
19:13:52.0674 7852  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:13:52.0674 7852  FontCache3.0.0.0 - ok
19:13:52.0689 7852  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:13:52.0689 7852  FsDepends - ok
19:13:52.0705 7852  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:13:52.0705 7852  Fs_Rec - ok
19:13:52.0752 7852  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:13:52.0767 7852  fvevol - ok
19:13:52.0798 7852  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:13:52.0798 7852  gagp30kx - ok
19:13:52.0846 7852  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:13:52.0846 7852  GEARAspiWDM - ok
19:13:52.0877 7852  [ 8F6AE606EB0CC884EE12C41948424422 ] GoToAssist      C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe
19:13:52.0877 7852  GoToAssist - ok
19:13:52.0924 7852  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
19:13:52.0955 7852  gpsvc - ok
19:13:53.0033 7852  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:13:53.0033 7852  gupdate - ok
19:13:53.0033 7852  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:13:53.0033 7852  gupdatem - ok
19:13:53.0049 7852  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:13:53.0049 7852  hcw85cir - ok
19:13:53.0080 7852  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:13:53.0096 7852  HDAudBus - ok
19:13:53.0127 7852  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
19:13:53.0127 7852  HidBatt - ok
19:13:53.0143 7852  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:13:53.0143 7852  HidBth - ok
19:13:53.0158 7852  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
19:13:53.0158 7852  HidIr - ok
19:13:53.0205 7852  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
19:13:53.0207 7852  hidserv - ok
19:13:53.0214 7852  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:13:53.0216 7852  HidUsb - ok
19:13:53.0248 7852  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:13:53.0250 7852  hkmsvc - ok
19:13:53.0266 7852  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:13:53.0269 7852  HomeGroupListener - ok
19:13:53.0285 7852  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:13:53.0288 7852  HomeGroupProvider - ok
19:13:53.0307 7852  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:13:53.0311 7852  HpSAMD - ok
19:13:53.0353 7852  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:13:53.0362 7852  HTTP - ok
19:13:53.0370 7852  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:13:53.0370 7852  hwpolicy - ok
19:13:53.0388 7852  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:13:53.0389 7852  i8042prt - ok
19:13:53.0418 7852  [ D469B77687E12FE43E344806740B624D ] iaStor          C:\Windows\system32\drivers\iaStor.sys
19:13:53.0421 7852  iaStor - ok
19:13:53.0456 7852  [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
19:13:53.0458 7852  IAStorDataMgrSvc - ok
19:13:53.0487 7852  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:13:53.0487 7852  iaStorV - ok
19:13:53.0518 7852  [ FC47F5CF561BF0FD897EFD1A9604DCCF ] iBtFltCoex      C:\Windows\system32\DRIVERS\iBtFltCoex.sys
19:13:53.0518 7852  iBtFltCoex - ok
19:13:53.0596 7852  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:13:53.0596 7852  IDriverT - ok
19:13:53.0643 7852  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:13:53.0674 7852  idsvc - ok
19:13:53.0923 7852  [ 66DC0CE2D1867B8178EAA0E11930DBD7 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
19:13:54.0189 7852  igfx - ok
19:13:54.0204 7852  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:13:54.0220 7852  iirsp - ok
19:13:54.0266 7852  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:13:54.0275 7852  IKEEXT - ok
19:13:54.0295 7852  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\Windows\system32\drivers\Impcd.sys
19:13:54.0297 7852  Impcd - ok
19:13:54.0340 7852  [ 314285071F7117263BD246E35C17FD82 ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
19:13:54.0343 7852  intaud_WaveExtensible - ok
19:13:54.0408 7852  [ A3C9367A02B2A1FC22536ADD3601B64F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:13:54.0427 7852  IntcAzAudAddService - ok
19:13:54.0445 7852  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
19:13:54.0448 7852  IntcDAud - ok
19:13:54.0472 7852  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:13:54.0474 7852  intelide - ok
19:13:54.0502 7852  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:13:54.0502 7852  intelppm - ok
19:13:54.0534 7852  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:13:54.0534 7852  IPBusEnum - ok
19:13:54.0565 7852  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:13:54.0565 7852  IpFilterDriver - ok
19:13:54.0596 7852  [ 08C2957BB30058E663720C5606885653 ] IpHlpSvc        C:\Windows\System32\iphlpsvc.dll
19:13:54.0612 7852  IpHlpSvc - ok
19:13:54.0627 7852  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:13:54.0627 7852  IPMIDRV - ok
19:13:54.0658 7852  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:13:54.0658 7852  IPNAT - ok
19:13:54.0721 7852  [ 0FF335D687C85097725A53458160E81E ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:13:54.0752 7852  iPod Service - ok
19:13:54.0783 7852  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:13:54.0783 7852  IRENUM - ok
19:13:54.0799 7852  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:13:54.0799 7852  isapnp - ok
19:13:54.0846 7852  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:13:54.0846 7852  iScsiPrt - ok
19:13:54.0877 7852  [ 4487AD9C070D3973FE28AB4406555FC6 ] iwdbus          C:\Windows\system32\DRIVERS\iwdbus.sys
19:13:54.0877 7852  iwdbus - ok
19:13:54.0924 7852  [ 43F319DE026E04B9CF9219A14BF24FE8 ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
19:13:54.0924 7852  JMCR - ok
19:13:54.0955 7852  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:13:54.0955 7852  kbdclass - ok
19:13:54.0955 7852  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:13:54.0955 7852  kbdhid - ok
19:13:54.0970 7852  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:13:54.0970 7852  KeyIso - ok
19:13:55.0002 7852  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:13:55.0002 7852  KSecDD - ok
19:13:55.0017 7852  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:13:55.0033 7852  KSecPkg - ok
19:13:55.0033 7852  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:13:55.0048 7852  ksthunk - ok
19:13:55.0111 7852  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:13:55.0111 7852  KtmRm - ok
19:13:55.0158 7852  [ 0219F13AB1664005ADCBA884C0EB975E ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
19:13:55.0158 7852  L1C - ok
19:13:55.0189 7852  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
19:13:55.0189 7852  LanmanServer - ok
19:13:55.0229 7852  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:13:55.0236 7852  LanmanWorkstation - ok
19:13:55.0252 7852  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:13:55.0253 7852  lltdio - ok
19:13:55.0286 7852  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:13:55.0296 7852  lltdsvc - ok
19:13:55.0321 7852  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:13:55.0323 7852  lmhosts - ok
19:13:55.0354 7852  [ 7F32D4C47A50E7223491E8FB9359907D ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
19:13:55.0362 7852  LMS - ok
19:13:55.0383 7852  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:13:55.0384 7852  LSI_FC - ok
19:13:55.0403 7852  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:13:55.0405 7852  LSI_SAS - ok
19:13:55.0421 7852  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
19:13:55.0422 7852  LSI_SAS2 - ok
19:13:55.0438 7852  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:13:55.0440 7852  LSI_SCSI - ok
19:13:55.0456 7852  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:13:55.0458 7852  luafv - ok
19:13:55.0506 7852  [ 922CBAC7B992B9614CAB7122F4BF9406 ] ManyCam         C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
19:13:55.0506 7852  ManyCam - ok
19:13:55.0553 7852  [ 34A42DD7CF525D0D2C5232916496E4B8 ] mcaudrv_simple  C:\Windows\system32\drivers\mcaudrv_x64.sys
19:13:55.0553 7852  mcaudrv_simple - ok
19:13:55.0584 7852  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:13:55.0584 7852  Mcx2Svc - ok
19:13:55.0615 7852  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
19:13:55.0615 7852  megasas - ok
19:13:55.0646 7852  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
19:13:55.0646 7852  MegaSR - ok
19:13:55.0693 7852  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
19:13:55.0693 7852  MEIx64 - ok
19:13:55.0709 7852  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
19:13:55.0709 7852  MMCSS - ok
19:13:55.0724 7852  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
19:13:55.0724 7852  Modem - ok
19:13:55.0740 7852  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:13:55.0740 7852  monitor - ok
19:13:55.0755 7852  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:13:55.0755 7852  mouclass - ok
19:13:55.0771 7852  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:13:55.0771 7852  mouhid - ok
19:13:55.0771 7852  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:13:55.0771 7852  mountmgr - ok
19:13:55.0802 7852  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:13:55.0802 7852  mpio - ok
19:13:55.0833 7852  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:13:55.0833 7852  mpsdrv - ok
19:13:55.0911 7852  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:13:55.0927 7852  MpsSvc - ok
19:13:55.0958 7852  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:13:55.0958 7852  MRxDAV - ok
19:13:55.0989 7852  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:13:56.0005 7852  mrxsmb - ok
19:13:56.0036 7852  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:13:56.0036 7852  mrxsmb10 - ok
19:13:56.0052 7852  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:13:56.0052 7852  mrxsmb20 - ok
19:13:56.0083 7852  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:13:56.0083 7852  msahci - ok
19:13:56.0099 7852  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:13:56.0099 7852  msdsm - ok
19:13:56.0130 7852  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
19:13:56.0145 7852  MSDTC - ok
19:13:56.0161 7852  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:13:56.0161 7852  Msfs - ok
19:13:56.0177 7852  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:13:56.0177 7852  mshidkmdf - ok
19:13:56.0192 7852  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:13:56.0192 7852  msisadrv - ok
19:13:56.0234 7852  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:13:56.0237 7852  MSiSCSI - ok
19:13:56.0239 7852  msiserver - ok
19:13:56.0257 7852  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:13:56.0258 7852  MSKSSRV - ok
19:13:56.0280 7852  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:13:56.0282 7852  MSPCLOCK - ok
19:13:56.0298 7852  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:13:56.0300 7852  MSPQM - ok
19:13:56.0316 7852  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:13:56.0319 7852  MsRPC - ok
19:13:56.0330 7852  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:13:56.0330 7852  mssmbios - ok
19:13:56.0333 7852  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:13:56.0334 7852  MSTEE - ok
19:13:56.0350 7852  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
19:13:56.0351 7852  MTConfig - ok
19:13:56.0370 7852  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:13:56.0371 7852  Mup - ok
19:13:56.0410 7852  [ DF3D9BD8DE05798CE1D7C52C150FAC71 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
19:13:56.0418 7852  MyWiFiDHCPDNS - ok
19:13:56.0444 7852  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:13:56.0450 7852  napagent - ok
19:13:56.0471 7852  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:13:56.0474 7852  NativeWifiP - ok
19:13:56.0499 7852  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:13:56.0515 7852  NDIS - ok
19:13:56.0531 7852  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:13:56.0531 7852  NdisCap - ok
19:13:56.0562 7852  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:13:56.0562 7852  NdisTapi - ok
19:13:56.0577 7852  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:13:56.0577 7852  Ndisuio - ok
19:13:56.0577 7852  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:13:56.0577 7852  NdisWan - ok
19:13:56.0593 7852  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:13:56.0593 7852  NDProxy - ok
19:13:56.0609 7852  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:13:56.0609 7852  NetBIOS - ok
19:13:56.0624 7852  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:13:56.0640 7852  NetBT - ok
19:13:56.0655 7852  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:13:56.0655 7852  Netlogon - ok
19:13:56.0671 7852  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:13:56.0671 7852  Netman - ok
19:13:56.0687 7852  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:13:56.0687 7852  NetMsmqActivator - ok
19:13:56.0702 7852  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:13:56.0702 7852  NetPipeActivator - ok
19:13:56.0718 7852  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:13:56.0733 7852  netprofm - ok
19:13:56.0733 7852  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:13:56.0733 7852  NetTcpActivator - ok
19:13:56.0733 7852  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:13:56.0749 7852  NetTcpPortSharing - ok
19:13:56.0967 7852  [ 3184D1564F9970F4EC81AF0347AD42B7 ] NETwNs64        C:\Windows\system32\DRIVERS\Netwsw00.sys
19:13:57.0170 7852  NETwNs64 - ok
19:13:57.0201 7852  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:13:57.0201 7852  nfrd960 - ok
19:13:57.0249 7852  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:13:57.0252 7852  NisDrv - ok
19:13:57.0270 7852  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:13:57.0274 7852  NlaSvc - ok
19:13:57.0312 7852  [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd           C:\Windows\system32\drivers\ccdcmbx64.sys
19:13:57.0313 7852  nmwcd - ok
19:13:57.0359 7852  [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc          C:\Windows\system32\drivers\ccdcmbox64.sys
19:13:57.0360 7852  nmwcdc - ok
19:13:57.0401 7852  [ 697CA586209E022D15DD0C838B235D6A ] nmwcdnsucx64    C:\Windows\system32\drivers\nmwcdnsucx64.sys
19:13:57.0404 7852  nmwcdnsucx64 - ok
19:13:57.0463 7852  [ 292DDF13F91F2CB2482B57AACD6AEB9B ] nmwcdnsux64     C:\Windows\system32\drivers\nmwcdnsux64.sys
19:13:57.0465 7852  nmwcdnsux64 - ok
19:13:57.0478 7852  nnllnaqz - ok
19:13:57.0496 7852  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:13:57.0499 7852  Npfs - ok
19:13:57.0507 7852  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
19:13:57.0507 7852  nsi - ok
19:13:57.0507 7852  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:13:57.0522 7852  nsiproxy - ok
19:13:57.0569 7852  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:13:57.0600 7852  Ntfs - ok
19:13:57.0616 7852  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:13:57.0616 7852  Null - ok
19:13:57.0631 7852  [ D584ABB6A308933A5F72B46C9E5A783F ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
19:13:57.0631 7852  nusb3hub - ok
19:13:57.0647 7852  [ 345B9C04E2036DA4346E3249A5BDFD06 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:13:57.0647 7852  nusb3xhc - ok
19:13:57.0678 7852  [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
19:13:57.0694 7852  NVHDA - ok
19:13:57.0725 7852  [ 2EE34AD1A2133B547DEC17CB14DAC4C2 ] nvkflt          C:\Windows\system32\DRIVERS\nvkflt.sys
19:13:57.0725 7852  nvkflt - ok
19:13:57.0943 7852  [ FE2909F7DFB12B9A20AD207FE23B7E96 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:13:58.0037 7852  nvlddmkm - ok
19:13:58.0068 7852  [ 54C7D4E3A31888FA4BE822F506FE905B ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
19:13:58.0068 7852  nvpciflt - ok
19:13:58.0084 7852  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:13:58.0084 7852  nvraid - ok
19:13:58.0131 7852  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:13:58.0131 7852  nvstor - ok
19:13:58.0162 7852  [ 3341D2C91989BC87C3C0BAA97C27253B ] NVSvc           C:\Windows\system32\nvvsvc.exe
19:13:58.0193 7852  NVSvc - ok
19:13:58.0294 7852  [ 551CE34DAD2DFF0A480781E68B286E4D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:13:58.0318 7852  nvUpdatusService - ok
19:13:58.0338 7852  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:13:58.0340 7852  nv_agp - ok
19:13:58.0353 7852  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:13:58.0355 7852  ohci1394 - ok
19:13:58.0395 7852  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:13:58.0400 7852  ose - ok
19:13:58.0531 7852  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:13:58.0638 7852  osppsvc - ok
19:13:58.0653 7852  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:13:58.0653 7852  p2pimsvc - ok
19:13:58.0669 7852  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:13:58.0669 7852  p2psvc - ok
19:13:58.0684 7852  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
19:13:58.0684 7852  Parport - ok
19:13:58.0700 7852  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:13:58.0716 7852  partmgr - ok
19:13:58.0731 7852  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:13:58.0747 7852  PcaSvc - ok
19:13:58.0762 7852  [ 3FDE033DFB0D07F8B7D5C9A3044AA121 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
19:13:58.0778 7852  pccsmcfd - ok
19:13:58.0794 7852  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
19:13:58.0794 7852  pci - ok
19:13:58.0809 7852  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:13:58.0809 7852  pciide - ok
19:13:58.0840 7852  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:13:58.0856 7852  pcmcia - ok
19:13:58.0887 7852  [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin        C:\Windows\system32\Drivers\pcouffin.sys
19:13:58.0903 7852  pcouffin - ok
19:13:58.0918 7852  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:13:58.0918 7852  pcw - ok
19:13:58.0950 7852  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:13:58.0981 7852  PEAUTH - ok
19:13:59.0043 7852  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:13:59.0043 7852  PerfHost - ok
19:13:59.0106 7852  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
19:13:59.0121 7852  pla - ok
19:13:59.0168 7852  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:13:59.0184 7852  PlugPlay - ok
19:13:59.0199 7852  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:13:59.0199 7852  PNRPAutoReg - ok
19:13:59.0215 7852  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:13:59.0230 7852  PNRPsvc - ok
19:13:59.0246 7852  [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64         C:\Windows\system32\DRIVERS\point64.sys
19:13:59.0262 7852  Point64 - ok
19:13:59.0288 7852  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:13:59.0303 7852  PolicyAgent - ok
19:13:59.0316 7852  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
19:13:59.0319 7852  Power - ok
19:13:59.0333 7852  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:13:59.0335 7852  PptpMiniport - ok
19:13:59.0357 7852  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
19:13:59.0359 7852  Processor - ok
19:13:59.0399 7852  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:13:59.0408 7852  ProfSvc - ok
19:13:59.0423 7852  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:13:59.0424 7852  ProtectedStorage - ok
19:13:59.0439 7852  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:13:59.0440 7852  Psched - ok
19:13:59.0461 7852  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
19:13:59.0464 7852  PxHlpa64 - ok
19:13:59.0508 7852  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:13:59.0530 7852  ql2300 - ok
19:13:59.0530 7852  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:13:59.0530 7852  ql40xx - ok
19:13:59.0545 7852  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
19:13:59.0545 7852  QWAVE - ok
19:13:59.0561 7852  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:13:59.0561 7852  QWAVEdrv - ok
19:13:59.0576 7852  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:13:59.0576 7852  RasAcd - ok
19:13:59.0608 7852  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:13:59.0623 7852  RasAgileVpn - ok
19:13:59.0623 7852  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
19:13:59.0623 7852  RasAuto - ok
19:13:59.0639 7852  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:13:59.0639 7852  Rasl2tp - ok
19:13:59.0670 7852  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:13:59.0686 7852  RasMan - ok
19:13:59.0701 7852  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:13:59.0701 7852  RasPppoe - ok
19:13:59.0701 7852  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:13:59.0701 7852  RasSstp - ok
19:13:59.0717 7852  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:13:59.0717 7852  rdbss - ok
19:13:59.0748 7852  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
19:13:59.0748 7852  rdpbus - ok
19:13:59.0764 7852  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:13:59.0764 7852  RDPCDD - ok
19:13:59.0779 7852  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:13:59.0779 7852  RDPENCDD - ok
19:13:59.0779 7852  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:13:59.0779 7852  RDPREFMP - ok
19:13:59.0810 7852  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:13:59.0810 7852  RDPWD - ok
19:13:59.0826 7852  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:13:59.0842 7852  rdyboost - ok
19:13:59.0888 7852  [ 46D01172EDDACDD1EB75648D5E17D5E2 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
19:13:59.0904 7852  RegSrvc - ok
19:13:59.0920 7852  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:13:59.0920 7852  RemoteAccess - ok
19:13:59.0935 7852  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:13:59.0951 7852  RemoteRegistry - ok
19:13:59.0982 7852  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
19:13:59.0982 7852  RFCOMM - ok
19:13:59.0982 7852  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:13:59.0982 7852  RpcEptMapper - ok
19:13:59.0998 7852  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:14:00.0013 7852  RpcLocator - ok
19:14:00.0029 7852  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
19:14:00.0044 7852  RpcSs - ok
19:14:00.0060 7852  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:14:00.0060 7852  rspndr - ok
19:14:00.0076 7852  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
19:14:00.0076 7852  SamSs - ok
19:14:00.0138 7852  [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:14:00.0138 7852  SASDIFSV - ok
19:14:00.0169 7852  [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:14:00.0169 7852  SASKUTIL - ok
19:14:00.0185 7852  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:14:00.0185 7852  sbp2port - ok
19:14:00.0200 7852  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:14:00.0200 7852  SCardSvr - ok
19:14:00.0216 7852  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:14:00.0216 7852  scfilter - ok
19:14:00.0267 7852  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:14:00.0297 7852  Schedule - ok
19:14:00.0332 7852  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:14:00.0334 7852  SCPolicySvc - ok
19:14:00.0369 7852  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
19:14:00.0371 7852  sdbus - ok
19:14:00.0393 7852  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:14:00.0401 7852  SDRSVC - ok
19:14:00.0443 7852  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:14:00.0448 7852  seclogon - ok
19:14:00.0459 7852  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
19:14:00.0465 7852  SENS - ok
19:14:00.0479 7852  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:14:00.0481 7852  SensrSvc - ok
19:14:00.0507 7852  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
19:14:00.0508 7852  Serenum - ok
19:14:00.0523 7852  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
19:14:00.0524 7852  Serial - ok
19:14:00.0530 7852  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:14:00.0530 7852  sermouse - ok
19:14:00.0623 7852  [ E90CE237E99C5D26CB3872318A7799D0 ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
19:14:00.0639 7852  ServiceLayer - ok
19:14:00.0686 7852  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:14:00.0686 7852  SessionEnv - ok
19:14:00.0686 7852  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
19:14:00.0686 7852  sffdisk - ok
19:14:00.0701 7852  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:14:00.0701 7852  sffp_mmc - ok
19:14:00.0733 7852  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
19:14:00.0733 7852  sffp_sd - ok
19:14:00.0748 7852  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
19:14:00.0764 7852  sfloppy - ok
19:14:00.0811 7852  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
19:14:00.0826 7852  Sftfs - ok
19:14:00.0874 7852  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:14:00.0890 7852  sftlist - ok
19:14:00.0905 7852  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:14:00.0905 7852  Sftplay - ok
19:14:00.0921 7852  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:14:00.0921 7852  Sftredir - ok
19:14:00.0999 7852  [ 74EC60E20516AAA573BE74F31175270F ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
19:14:01.0030 7852  SftService - ok
19:14:01.0046 7852  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
19:14:01.0046 7852  Sftvol - ok
19:14:01.0061 7852  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:14:01.0061 7852  sftvsa - ok
19:14:01.0108 7852  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:14:01.0124 7852  SharedAccess - ok
19:14:01.0139 7852  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:14:01.0139 7852  ShellHWDetection - ok
19:14:01.0170 7852  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:14:01.0170 7852  SiSRaid2 - ok
19:14:01.0186 7852  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:14:01.0202 7852  SiSRaid4 - ok
19:14:01.0347 7852  [ AE40D1BC6FB02A5625516AD74CA9A309 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
19:14:01.0397 7852  Skype C2C Service - ok
19:14:01.0455 7852  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
19:14:01.0459 7852  SkypeUpdate - ok
19:14:01.0481 7852  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:14:01.0483 7852  Smb - ok
19:14:01.0509 7852  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:14:01.0512 7852  SNMPTRAP - ok
19:14:01.0520 7852  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:14:01.0521 7852  spldr - ok
19:14:01.0531 7852  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
19:14:01.0547 7852  Spooler - ok
19:14:01.0625 7852  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:14:01.0703 7852  sppsvc - ok
19:14:01.0718 7852  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:14:01.0718 7852  sppuinotify - ok
19:14:01.0734 7852  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:14:01.0749 7852  srv - ok
19:14:01.0749 7852  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:14:01.0765 7852  srv2 - ok
19:14:01.0781 7852  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:14:01.0781 7852  srvnet - ok
19:14:01.0812 7852  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:14:01.0827 7852  SSDPSRV - ok
19:14:01.0827 7852  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:14:01.0827 7852  SstpSvc - ok
19:14:01.0859 7852  [ 92E7F6666633D2DD91D527503DAA7BE0 ] stdcfltn        C:\Windows\system32\DRIVERS\stdcfltn.sys
19:14:01.0859 7852  stdcfltn - ok
19:14:01.0905 7852  [ 0632004181860960CF6E10DE8DDEF78B ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:14:01.0921 7852  Stereo Service - ok
19:14:01.0952 7852  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:14:01.0952 7852  stexstor - ok
19:14:01.0999 7852  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:14:02.0030 7852  stisvc - ok
19:14:02.0061 7852  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:14:02.0061 7852  swenum - ok
19:14:02.0093 7852  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
19:14:02.0108 7852  swprv - ok
19:14:02.0155 7852  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
19:14:02.0249 7852  SysMain - ok
19:14:02.0270 7852  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:14:02.0273 7852  TabletInputService - ok
19:14:02.0291 7852  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:14:02.0295 7852  TapiSrv - ok
19:14:02.0301 7852  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
19:14:02.0302 7852  TBS - ok
19:14:02.0350 7852  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:14:02.0397 7852  Tcpip - ok
19:14:02.0437 7852  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:14:02.0448 7852  TCPIP6 - ok
19:14:02.0474 7852  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:14:02.0475 7852  tcpipreg - ok
19:14:02.0499 7852  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:14:02.0500 7852  TDPIPE - ok
19:14:02.0524 7852  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:14:02.0526 7852  TDTCP - ok
19:14:02.0533 7852  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:14:02.0549 7852  tdx - ok
19:14:02.0549 7852  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:14:02.0549 7852  TermDD - ok
19:14:02.0580 7852  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
19:14:02.0596 7852  TermService - ok
19:14:02.0627 7852  [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk       C:\Windows\System32\Drivers\TFsExDisk.sys
19:14:02.0627 7852  TFsExDisk - ok
19:14:02.0658 7852  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:14:02.0658 7852  Themes - ok
19:14:02.0689 7852  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
19:14:02.0689 7852  THREADORDER - ok
19:14:02.0705 7852  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:14:02.0705 7852  TrkWks - ok
19:14:02.0736 7852  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:14:02.0736 7852  TrustedInstaller - ok
19:14:02.0752 7852  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:14:02.0752 7852  tssecsrv - ok
19:14:02.0783 7852  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:14:02.0783 7852  TsUsbFlt - ok
19:14:02.0814 7852  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
19:14:02.0814 7852  TsUsbGD - ok
19:14:02.0845 7852  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:14:02.0845 7852  tunnel - ok
19:14:02.0876 7852  [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
19:14:02.0876 7852  TurboB - ok
19:14:02.0908 7852  [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
19:14:02.0908 7852  TurboBoost - ok
19:14:02.0939 7852  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:14:02.0939 7852  uagp35 - ok
19:14:02.0970 7852  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:14:02.0986 7852  udfs - ok
19:14:03.0001 7852  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:14:03.0001 7852  UI0Detect - ok
19:14:03.0017 7852  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:14:03.0017 7852  uliagpkx - ok
19:14:03.0064 7852  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:14:03.0064 7852  umbus - ok
19:14:03.0079 7852  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:14:03.0079 7852  UmPass - ok
19:14:03.0204 7852  [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
19:14:03.0273 7852  UNS - ok
19:14:03.0292 7852  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:14:03.0296 7852  upnphost - ok
19:14:03.0336 7852  [ 34AFB83C7BBA370E404E52CC2290350C ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
19:14:03.0338 7852  upperdev - ok
19:14:03.0387 7852  [ C5C45CE1C5B3CC9D5A9826F76709D7A4 ] usb3Hub         C:\Windows\system32\DRIVERS\usb3Hub.sys
19:14:03.0389 7852  usb3Hub - ok
19:14:03.0406 7852  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
19:14:03.0410 7852  USBAAPL64 - ok
19:14:03.0426 7852  [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:14:03.0427 7852  usbccgp - ok
19:14:03.0458 7852  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:14:03.0460 7852  usbcir - ok
19:14:03.0481 7852  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:14:03.0484 7852  usbehci - ok
19:14:03.0514 7852  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:14:03.0519 7852  usbhub - ok
19:14:03.0545 7852  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:14:03.0545 7852  usbohci - ok
19:14:03.0576 7852  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:14:03.0576 7852  usbprint - ok
19:14:03.0592 7852  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
19:14:03.0592 7852  usbscan - ok
19:14:03.0639 7852  [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser          C:\Windows\system32\drivers\usbser.sys
19:14:03.0639 7852  usbser - ok
19:14:03.0654 7852  [ AA75E1EFBEE7186B4CBAAACF1F15E6CA ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
19:14:03.0654 7852  UsbserFilt - ok
19:14:03.0685 7852  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:14:03.0685 7852  USBSTOR - ok
19:14:03.0717 7852  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:14:03.0717 7852  usbuhci - ok
19:14:03.0763 7852  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
19:14:03.0763 7852  usbvideo - ok
19:14:03.0779 7852  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
19:14:03.0779 7852  UxSms - ok
19:14:03.0779 7852  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:14:03.0779 7852  VaultSvc - ok
19:14:03.0795 7852  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:14:03.0795 7852  vdrvroot - ok
19:14:03.0841 7852  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
19:14:03.0857 7852  vds - ok
19:14:03.0904 7852  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:14:03.0904 7852  vga - ok
19:14:03.0935 7852  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:14:03.0935 7852  VgaSave - ok
19:14:03.0951 7852  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:14:03.0966 7852  vhdmp - ok
19:14:03.0997 7852  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:14:03.0997 7852  viaide - ok
19:14:04.0013 7852  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:14:04.0029 7852  volmgr - ok
19:14:04.0044 7852  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:14:04.0060 7852  volmgrx - ok
19:14:04.0075 7852  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:14:04.0075 7852  volsnap - ok
19:14:04.0075 7852  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:14:04.0075 7852  vsmraid - ok
19:14:04.0107 7852  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
19:14:04.0153 7852  VSS - ok
19:14:04.0169 7852  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:14:04.0169 7852  vwifibus - ok
19:14:04.0185 7852  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:14:04.0185 7852  vwififlt - ok
19:14:04.0200 7852  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
19:14:04.0200 7852  vwifimp - ok
19:14:04.0216 7852  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
19:14:04.0216 7852  W32Time - ok
19:14:04.0231 7852  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:14:04.0231 7852  WacomPen - ok
19:14:04.0247 7852  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:14:04.0247 7852  WANARP - ok
19:14:04.0263 7852  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:14:04.0263 7852  Wanarpv6 - ok
19:14:04.0319 7852  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
19:14:04.0335 7852  WatAdminSvc - ok
19:14:04.0393 7852  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:14:04.0424 7852  wbengine - ok
19:14:04.0447 7852  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:14:04.0451 7852  WbioSrvc - ok
19:14:04.0469 7852  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:14:04.0485 7852  wcncsvc - ok
19:14:04.0502 7852  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:14:04.0504 7852  WcsPlugInService - ok
19:14:04.0520 7852  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
19:14:04.0521 7852  Wd - ok
19:14:04.0560 7852  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:14:04.0591 7852  Wdf01000 - ok
19:14:04.0607 7852  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:14:04.0607 7852  WdiServiceHost - ok
19:14:04.0607 7852  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:14:04.0607 7852  WdiSystemHost - ok
19:14:04.0638 7852  [ 63CE387483E74A0BD79EE4E5EBA1FD2E ] wdkmd           C:\Windows\system32\DRIVERS\WDKMD.sys
19:14:04.0638 7852  wdkmd - ok
19:14:04.0653 7852  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
19:14:04.0669 7852  WebClient - ok
19:14:04.0685 7852  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:14:04.0685 7852  Wecsvc - ok
19:14:04.0700 7852  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:14:04.0700 7852  wercplsupport - ok
19:14:04.0731 7852  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:14:04.0731 7852  WerSvc - ok
19:14:04.0747 7852  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:14:04.0747 7852  WfpLwf - ok
19:14:04.0778 7852  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
19:14:04.0778 7852  WimFltr - ok
19:14:04.0794 7852  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:14:04.0794 7852  WIMMount - ok
19:14:04.0841 7852  WinDefend - ok
19:14:04.0856 7852  WinHttpAutoProxySvc - ok
19:14:04.0904 7852  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:14:04.0904 7852  Winmgmt - ok
19:14:05.0013 7852  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
19:14:05.0107 7852  WinRM - ok
19:14:05.0138 7852  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:14:05.0138 7852  WinUsb - ok
19:14:05.0185 7852  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:14:05.0232 7852  Wlansvc - ok
19:14:05.0278 7852  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:14:05.0278 7852  wlcrasvc - ok
19:14:05.0362 7852  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:14:05.0428 7852  wlidsvc - ok
19:14:05.0450 7852  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
19:14:05.0450 7852  WmiAcpi - ok
19:14:05.0478 7852  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:14:05.0481 7852  wmiApSrv - ok
19:14:05.0497 7852  WMPNetworkSvc - ok
19:14:05.0527 7852  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:14:05.0529 7852  WPCSvc - ok
19:14:05.0545 7852  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:14:05.0552 7852  WPDBusEnum - ok
19:14:05.0561 7852  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:14:05.0561 7852  ws2ifsl - ok
19:14:05.0592 7852  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:14:05.0592 7852  wscsvc - ok
19:14:05.0592 7852  WSearch - ok
19:14:05.0670 7852  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:14:05.0733 7852  wuauserv - ok
19:14:05.0764 7852  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:14:05.0764 7852  WudfPf - ok
19:14:05.0779 7852  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:14:05.0795 7852  WUDFRd - ok
19:14:05.0826 7852  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:14:05.0826 7852  wudfsvc - ok
19:14:05.0873 7852  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:14:05.0873 7852  WwanSvc - ok
19:14:05.0951 7852  X6va011 - ok
19:14:05.0982 7852  [ 93BFBB02C88EF306C8FB82213E07B845 ] XHCIPort        C:\Windows\system32\DRIVERS\XHCIPort.sys
19:14:05.0982 7852  XHCIPort - ok
19:14:06.0154 7852  [ 17E44886E695DBC78AC33854BD5EA6D2 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
19:14:06.0216 7852  ZeroConfigService - ok
19:14:06.0247 7852  ================ Scan global ===============================
19:14:06.0263 7852  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:14:06.0279 7852  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:14:06.0312 7852  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:14:06.0337 7852  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:14:06.0362 7852  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:14:06.0373 7852  [Global] - ok
19:14:06.0375 7852  ================ Scan MBR ==================================
19:14:06.0389 7852  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
19:14:06.0607 7852  \Device\Harddisk0\DR0 - ok
19:14:06.0607 7852  ================ Scan VBR ==================================
19:14:06.0623 7852  [ 5469D5C151925F6F312B7C8ACCBA5227 ] \Device\Harddisk0\DR0\Partition1
19:14:06.0623 7852  \Device\Harddisk0\DR0\Partition1 - ok
19:14:06.0623 7852  [ 887283DAD51F5EC7D226B0F64C44139C ] \Device\Harddisk0\DR0\Partition2
19:14:06.0623 7852  \Device\Harddisk0\DR0\Partition2 - ok
19:14:06.0623 7852  ============================================================
19:14:06.0623 7852  Scan finished
19:14:06.0623 7852  ============================================================
19:14:06.0638 5904  Detected object count: 0
19:14:06.0638 5904  Actual detected object count: 0
19:14:15.0775 6624  Deinitialize success
 

 

 


#5 Depraved

Depraved
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 01 August 2013 - 11:37 PM

 
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org
 
Database version: v2013.08.02.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sammi :: SAMMI-PC [administrator]
 
01/08/2013 7:25:10 PM
mbar-log-2013-08-01 (19-25-10).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 322309
Time elapsed: 9 minute(s), 57 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 2
HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot.
HKLM\SOFTWARE\Refog Software (Refog.Keylogger) -> Delete on reboot.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 1
HKLM\SOFTWARE\CLASSES\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\INPROCSERVER32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-18\$792f41990b73e2f47b46706eb422a6b8\n.) Good: (fastprox.dll) -> Replace on reboot.
 
Folders Detected: 8
c:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\L (Backdoor.0Access) -> Delete on reboot.
c:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U (Backdoor.0Access) -> Delete on reboot.
c:\$RECYCLE.BIN\S-1-5-18\$792f41990b73e2f47b46706eb422a6b8\U (Trojan.Siredef.C) -> Delete on reboot.
c:\$RECYCLE.BIN\S-1-5-21-3707478246-1993061971-1580713667-1001\$792f41990b73e2f47b46706eb422a6b8\U (Trojan.Siredef.C) -> Delete on reboot.
c:\$RECYCLE.BIN\S-1-5-18\$792f41990b73e2f47b46706eb422a6b8\L (Trojan.Siredef.C) -> Delete on reboot.
c:\$RECYCLE.BIN\S-1-5-21-3707478246-1993061971-1580713667-1001\$792f41990b73e2f47b46706eb422a6b8\L (Trojan.Siredef.C) -> Delete on reboot.
c:\$RECYCLE.BIN\S-1-5-18\$792f41990b73e2f47b46706eb422a6b8 (Trojan.Siredef.C) -> Delete on reboot.
c:\$RECYCLE.BIN\S-1-5-21-3707478246-1993061971-1580713667-1001\$792f41990b73e2f47b46706eb422a6b8 (Trojan.Siredef.C) -> Delete on reboot.
 
Files Detected: 2
c:\Windows\assembly\GAC_32\Desktop.ini (Rootkit.0access) -> Delete on reboot.
c:\Windows\assembly\GAC_64\Desktop.ini (Rootkit.0access) -> Delete on reboot.
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)


#6 Depraved

Depraved
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 01 August 2013 - 11:39 PM

I can't post the system log for mbar, I get a message saying "you do not have permission for that action" when I click post. I'm going to move onto combofix in the meantime.


#7 Depraved

Depraved
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 01 August 2013 - 11:55 PM

ComboFix 13-08-01.01 - Sammi 01/08/2013  21:42:01.5.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.8086.6154 [GMT -7:00]
Running from: c:\users\Sammi\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\PCDr\6280\AddOnDownloaded\0d06f79c-d0e6-4610-9a2b-d8f1a48f4252.dll
c:\programdata\Roaming
c:\users\Sammi\AppData\Roaming\.#
c:\windows\SysWOW64\D3DX9_400.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BrowserDefendert
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-02 to 2013-08-02  )))))))))))))))))))))))))))))))
.
.
2013-08-02 04:47 . 2013-08-02 04:47 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-08-02 04:47 . 2013-08-02 04:47 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-08-02 04:47 . 2013-08-02 04:47 -------- d-----w- c:\users\Mcx1-SAMMI-PC\AppData\Local\temp
2013-08-02 04:47 . 2013-08-02 04:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-02 04:47 . 2013-08-02 04:47 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-08-01 19:20 . 2013-08-01 19:20 -------- d-----w- c:\programdata\Fenomen Games
2013-08-01 19:20 . 2013-08-01 19:20 -------- d-----w- c:\program files (x86)\Lamp of Aladdin
2013-07-31 17:16 . 2013-07-31 17:16 -------- d--h--w- c:\programdata\CanonBJ
2013-07-31 17:16 . 2009-07-14 01:40 83968 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNBPP3.DLL
2013-07-31 15:53 . 2013-07-31 15:53 -------- d-----w- c:\users\Sammi\AppData\Roaming\Palaplay
2013-07-31 15:06 . 2013-07-31 15:06 -------- d-----w- c:\users\Sammi\AppData\Roaming\Python-Eggs
2013-07-31 15:06 . 2013-07-31 15:43 -------- d-----w- c:\users\Sammi\AppData\Roaming\BitLord
2013-07-31 15:05 . 2013-07-31 15:30 -------- d-----w- c:\program files (x86)\BitLord 2
2013-07-31 15:05 . 2013-07-31 15:05 -------- d-----w- c:\windows\SysWow64\Extensions
2013-07-31 15:05 . 2013-07-31 15:05 -------- d-----w- c:\windows\SysWow64\searchplugins
2013-07-31 15:05 . 2013-07-31 15:05 -------- d-----w- c:\programdata\BrowserDefender
2013-07-31 15:05 . 2013-07-31 15:05 -------- d-----w- c:\users\Sammi\AppData\Roaming\Babylon
2013-07-31 15:05 . 2013-07-31 15:05 -------- d-----w- c:\programdata\Babylon
2013-07-31 06:05 . 2013-07-31 15:51 -------- d-----w- c:\program files (x86)\Runtime Software
2013-07-29 02:26 . 2013-07-29 02:26 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-07-24 05:55 . 2013-07-24 06:27 -------- d-----w- c:\programdata\Artist Colony
2013-07-24 05:55 . 2013-07-24 05:55 -------- d-----w- c:\users\Sammi\AppData\Local\Artist Colony
2013-07-22 00:18 . 2013-07-22 00:18 -------- d-----w- c:\users\Sammi\AppData\Roaming\Stand O'Food 3
2013-07-21 21:32 . 2013-07-21 21:32 -------- d-----w- C:\e90942a14ac551ff4a4d
2013-07-21 17:38 . 2013-07-21 17:39 -------- d-----w- c:\program files (x86)\VS Revo Group
2013-07-21 17:21 . 2013-07-21 17:42 -------- d-----w- C:\dacd1b4375d89bc20028c7
2013-07-21 08:04 . 2013-07-21 08:04 -------- d-----w- c:\users\Sammi\AppData\Roaming\Roxio Log Files
2013-07-21 07:54 . 2013-07-21 07:54 -------- d-----w- c:\users\Sammi\AppData\Local\Programs
2013-07-20 14:55 . 2013-07-20 14:55 -------- d-----w- c:\users\Sammi\AppData\Roaming\Elephant Games
2013-07-20 14:47 . 2013-07-21 22:02 -------- d-----w- c:\windows\Mystery Trackers 5 - Silent Hollow Collector's Edition
2013-07-16 10:00 . 2013-07-16 10:04 -------- d-----w- c:\windows\system32\MRT
2013-07-15 19:26 . 2013-07-15 19:26 -------- d-----r- C:\MSOCache
2013-07-15 04:10 . 2013-07-15 04:10 -------- d-----w- c:\users\Sammi\AppData\Roaming\AlawarEntertainment
2013-07-15 04:03 . 2013-07-15 04:03 -------- d-----w- c:\windows\Stray Souls 2 - Stolen Memories Collector's Edition
2013-07-13 18:09 . 2013-07-13 18:10 -------- d-----w- c:\users\Sammi\AppData\Local\Chronicles of Albian 2
2013-07-13 18:07 . 2013-07-21 22:02 -------- d-----w- c:\windows\SysWow64\3056
2013-07-12 02:08 . 2013-07-12 02:08 -------- d-----w- c:\users\Sammi\AppData\Roaming\Eipix
2013-07-12 02:02 . 2013-07-15 04:07 -------- d-----w- c:\program files (x86)\Chronicles of Albian 2 - The Wizbury School of Magic
2013-07-12 02:02 . 2013-07-13 18:07 -------- d-----w- c:\windows\SysWow64\3055
2013-07-12 01:57 . 2013-07-12 01:57 -------- d-----w- c:\windows\Final Cut 2 - Encore Collector's Edition
2013-07-10 22:57 . 2013-07-10 22:57 -------- d-----w- c:\users\Sammi\AppData\Roaming\Nekobolt
2013-07-10 22:54 . 2013-07-10 22:54 -------- d-----w- c:\program files (x86)\Baking Success
2013-07-10 22:54 . 2013-07-10 22:54 -------- d-----w- c:\windows\Baking Success
2013-07-10 22:54 . 2013-07-12 02:02 -------- d-----w- c:\windows\SysWow64\3054
2013-07-10 22:31 . 2013-07-10 22:31 -------- d-----w- c:\users\Sammi\AppData\Roaming\SerpentOfIsis
2013-07-10 07:19 . 2013-04-10 05:45 1545728 ----a-w- c:\windows\system32\DWrite.dll
2013-07-10 07:19 . 2013-04-10 05:02 1077760 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-10 07:19 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-10 07:19 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-10 07:19 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-10 07:19 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-10 07:18 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-10 07:18 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 07:18 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 07:18 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 07:18 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 07:18 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-08 20:41 . 2013-07-08 20:41 -------- d-----w- c:\users\Sammi\AppData\Local\FairyIsland
2013-07-08 20:40 . 2013-07-08 20:40 -------- d-----w- c:\windows\Fairy Island
2013-07-07 20:22 . 2013-07-07 20:22 -------- d-----w- c:\program files (x86)\Burger Island 2
2013-07-07 20:22 . 2013-07-07 20:22 -------- d-----w- c:\windows\Burger Island 2
2013-07-07 05:30 . 2013-07-07 05:30 -------- d-----w- c:\users\Sammi\AppData\Roaming\Sarah's Emergency Hospital
2013-07-07 05:30 . 2013-07-07 05:30 -------- d-----w- c:\windows\Emergency Hospital
2013-07-07 05:15 . 2013-07-07 05:15 -------- d-----w- c:\programdata\rionix
2013-07-07 05:15 . 2013-07-07 05:15 -------- d-----w- c:\program files (x86)\Tropical Farm
2013-07-07 05:15 . 2013-07-07 05:15 -------- d-----w- c:\windows\Tropical Farm
2013-07-07 02:57 . 2013-07-07 02:57 -------- d-----w- c:\windows\Cinema Tycoon 2  Movie Mania
2013-07-05 05:38 . 2013-07-05 05:38 -------- d-----w- c:\users\Sammi\AppData\Roaming\Jane s Hotel  Family Hero
2013-07-05 05:37 . 2013-07-05 05:37 -------- d-----w- c:\users\Sammi\AppData\Roaming\CasualForge
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-21 07:34 . 2012-04-06 05:22 692104 ------w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-21 07:34 . 2011-09-22 21:07 71048 ------w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-20 14:49 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2013-06-24 07:57 . 2011-10-15 09:56 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-19 19:22 . 2012-07-09 23:04 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-06-19 19:22 . 2011-09-22 21:16 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-05-13 05:51 . 2013-06-12 09:00 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 09:00 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 09:00 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 09:00 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 09:00 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 09:00 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 04:45 . 2013-06-12 09:00 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 03:43 . 2013-06-12 09:00 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 09:00 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 09:00 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-12 09:01 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 09:01 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 09:01 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-06-29 5622512]
"Facebook Update"="c:\users\Sammi\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-04 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-01 1263512]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
c:\users\Sammi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\BROWSE~1\261519~1.190\{C16C1~1\BrowserDefender.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 nnllnaqz;nnllnaqz;c:\windows\system32\drivers\nnllnaqz.sys;c:\windows\SYSNATIVE\drivers\nnllnaqz.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 cyhid;Cypress Input Device;c:\windows\system32\DRIVERS\cyhid.sys;c:\windows\SYSNATIVE\DRIVERS\cyhid.sys [x]
S3 cykbfltrService;Cypress Keyboard Filter Driver;c:\windows\system32\DRIVERS\cykbfltr.sys;c:\windows\SYSNATIVE\DRIVERS\cykbfltr.sys [x]
S3 cymfltrService;Cypress Trackpad Filter Driver;c:\windows\system32\DRIVERS\cymfltr.sys;c:\windows\SYSNATIVE\DRIVERS\cymfltr.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usb3Hub;Intel UoIP Bus;c:\windows\system32\DRIVERS\usb3Hub.sys;c:\windows\SYSNATIVE\DRIVERS\usb3Hub.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
S3 XHCIPort;Intel UoIP Host Controller;c:\windows\system32\DRIVERS\XHCIPort.sys;c:\windows\SYSNATIVE\DRIVERS\XHCIPort.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-31 17:39 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 07:34]
.
2013-08-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3707478246-1993061971-1580713667-1001Core.job
- c:\users\Sammi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-27 01:44]
.
2013-08-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3707478246-1993061971-1580713667-1001UA.job
- c:\users\Sammi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-27 01:44]
.
2013-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-14 18:58]
.
2013-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-14 18:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CyCpIo"="c:\program files\Cypress\TrackPad\CyCpIo.exe" [2011-05-20 2352640]
"CyHidWin"="c:\program files\Cypress\TrackPad\CyHidWin.exe" [2011-05-26 2356224]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-05-26 7214696]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-12 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-12 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-12 418840]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=B84588532E35337F&affID=119357&tsp=4960
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.254 75.153.176.9
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{390C7E87-153C-12DB-2EA6-0BB301EB26E9} - c:\windows\SysWOW64\D3DX9_400.dll
BHO-{491C440D-305E-0124-0099-0F3E390C7E87} - (no file)
Toolbar-Locked - (no file)
SafeBoot-MsMpSvc
AddRemove-{0886900B-B2F3-452C-B580-60F1253F7F80} - c:\programdata\{2C41B757-F5D0-44F9-A206-EEB9CD973927}\Controller Editor Setup PC.exe
AddRemove-{0B8565BA-BAD5-4732-B122-5FD78EFC50A9} - c:\programdata\{A6DB2A6F-FF9D-453F-99D6-C1AA54BC0C14}\Service Center Setup PC.exe
AddRemove-{A8EC0CC0-AD8D-4244-B080-424EDF7A7634} - c:\programdata\{4A818508-3355-4FBC-B302-D53B599DD9D5}\Traktor 2 Setup PC.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-08-01  21:51:54 - machine was rebooted
ComboFix-quarantined-files.txt  2013-08-02 04:51
ComboFix2.txt  2013-05-26 04:50
ComboFix3.txt  2013-05-26 00:17
ComboFix4.txt  2012-11-28 22:22
.
Pre-Run: 259,425,185,792 bytes free
Post-Run: 259,086,200,832 bytes free
.
- - End Of File - - CB34AAB0CDA58780A9AA5EA2FFB8B6F5
D41D8CD98F00B204E9800998ECF8427E


#8 Depraved

Depraved
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 02 August 2013 - 12:01 AM

 Results of screen317's Security Check version 0.99.71  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Reader XI  
 Google Chrome 28.0.1500.95  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 


#9 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:03:48 AM

Posted 02 August 2013 - 12:10 PM

We're making progress. smile.png

----------Step 1----------------
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

----------Step 2----------------
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

----------Step 3----------------
We need to create a New FULL OTL Report

  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Run Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

----------Step 4 (note: this scan may take a little time)----------------I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


----------Step 5----------------
Please post the AdwCleaner logfile, the JRT.txt, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.

Let me know how things go.



#10 Depraved

Depraved
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 02 August 2013 - 02:13 PM

# AdwCleaner v2.306 - Logfile created 08/02/2013 at 10:15:40
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Sammi - SAMMI-PC
# Boot Mode : Normal
# Running from : C:\Users\Sammi\Downloads\AdwCleaner.exe
# Option [Search]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Found : C:\Users\Sammi\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Found : C:\Users\Sammi\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\BrowserDefender
Folder Found : C:\Users\Sammi\AppData\Roaming\Babylon
Folder Found : C:\Users\Sammi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
 
***** [Registry] *****
 
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Delta
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\9edadcb33dea49
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Delta
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\9edadcb33dea49
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKU\S-1-5-21-3707478246-1993061971-1580713667-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16496
 
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=B84588532E35337F&affID=119357&tsp=4960
[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=B84588532E35337F&affID=119357&tsp=4960
 
-\\ Google Chrome v28.0.1500.95
 
File : C:\Users\Sammi\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Found [l.2386] : homepage = "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=B84588532E35337F&affID=119357&tsp=4960",
Found [l.3059] : urls_to_restore_on_startup = [ "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=B84588532E35337F&affID=119357&tsp=4960" ]
 
-\\ Opera v [Unable to get version]
 
File : C:\Users\Sammi\AppData\Roaming\Opera\Opera\operaprefs.ini
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [3908 octets] - [02/08/2013 10:15:40]
 
########## EOF - C:\AdwCleaner[R1].txt - [3968 octets] ##########
 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.0 (08.02.2013:1)
OS: Windows 7 Home Premium x64
Ran by Sammi on 02/08/2013 at 10:16:25.88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3707478246-1993061971-1580713667-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Successfully deleted: [Registry] HKEY_CURRENT_USER\Software\babsolution
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry] HKEY_CURRENT_USER\Software\delta
Successfully deleted: [Registry] HKEY_CURRENT_USER\Software\installcore
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Successfully deleted: [Registry] HKEY_LOCAL_MACHINE\Software\delta
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\Sammi\appdata\local\Google\Chrome\User Data\Default\bProtector Web Data"
Successfully deleted: [File] "C:\Users\Sammi\appdata\local\Google\Chrome\User Data\Default\bprotectorpreferences"
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Failed to delete: [Folder] "C:\ProgramData\browserdefender"
Successfully deleted: [Folder] "C:\Users\Sammi\AppData\Roaming\babylon"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02/08/2013 at 10:20:08.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

OTL logfile created on: 8/2/2013 10:21:01 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sammi\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
7.90 Gb Total Physical Memory | 5.59 Gb Available Physical Memory | 70.76% Memory free
15.79 Gb Paging File | 13.22 Gb Available in Paging File | 83.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 679.00 Gb Total Space | 240.70 Gb Free Space | 35.45% Space Free | Partition Type: NTFS
 
Computer Name: SAMMI-PC | User Name: Sammi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/08/02 10:15:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sammi\Downloads\OTL.exe
PRC - [2013/07/24 17:49:49 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/07/12 19:29:30 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/30 23:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/11/01 10:56:20 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/10/18 12:50:10 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/10/18 12:50:04 | 001,354,064 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/10/18 12:49:52 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/10/18 12:49:48 | 000,846,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/16 15:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011/09/06 10:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 08:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 08:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 10:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/01/12 19:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/12 19:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/12/20 16:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 16:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/17 08:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/07/26 03:10:11 | 002,691,536 | ---- | M] () -- c:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll
MOD - [2013/07/24 17:49:46 | 000,396,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppgooglenaclpluginchrome.dll
MOD - [2013/07/24 17:49:44 | 004,052,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll
MOD - [2013/07/24 17:48:54 | 000,601,552 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\libglesv2.dll
MOD - [2013/07/24 17:48:53 | 000,123,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\libegl.dll
MOD - [2013/07/24 17:48:51 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ffmpegsumo.dll
MOD - [2013/07/10 03:33:53 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\571f0babf15ab38dc80829622caa99d3\IAStorCommon.ni.dll
MOD - [2013/07/10 03:33:52 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\1773f7168685423c144d14727e45be6f\IAStorUtil.ni.dll
MOD - [2013/07/10 03:29:32 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\2c5c86bb5156ff508ca8045aff50a482\System.Core.ni.dll
MOD - [2013/07/10 03:29:29 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
MOD - [2013/07/10 03:29:19 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\89fe719039385377f6b5ad8d0070aa6b\System.Runtime.Remoting.ni.dll
MOD - [2013/07/10 03:29:12 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc4a8709f71eba20cc71c7905bba3dee\PresentationFramework.ni.dll
MOD - [2013/07/10 03:29:04 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013/07/10 03:29:00 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013/07/10 03:28:58 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ef17be93e209cc95b9768c7822530432\PresentationCore.ni.dll
MOD - [2013/07/10 03:28:51 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll
MOD - [2013/07/10 03:28:47 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013/07/10 03:28:45 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013/07/10 03:28:44 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013/07/10 03:28:40 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012/11/01 10:57:10 | 000,100,248 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2012/11/01 10:56:20 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/18 08:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2010/12/17 08:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/18 18:15:18 | 003,388,144 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2013/04/18 18:14:58 | 000,273,136 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2013/04/18 18:14:46 | 000,621,296 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2013/04/18 18:14:20 | 000,149,744 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2013/04/11 02:12:50 | 000,772,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2012/09/12 18:07:06 | 000,135,984 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012/09/10 08:28:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/11/29 13:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010/09/22 16:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/07/21 00:34:21 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/03 08:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/11/30 23:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/08/14 16:59:52 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2012/08/01 16:07:16 | 000,724,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/10/29 17:45:04 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/10/18 12:50:10 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/10/18 12:50:04 | 001,354,064 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/10/18 12:49:52 | 000,936,272 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/18 08:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/01/12 19:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/20 16:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 16:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/04/18 07:31:40 | 011,524,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwsw00.sys -- (NETwNs64)
DRV:64bit: - [2013/04/11 02:13:08 | 000,164,832 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2013/04/11 02:13:08 | 000,164,832 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2013/01/28 17:48:16 | 000,194,456 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xHCIPort.sys -- (XHCIPort)
DRV:64bit: - [2013/01/28 17:48:16 | 000,048,024 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usb3Hub.sys -- (usb3Hub)
DRV:64bit: - [2013/01/28 17:48:16 | 000,035,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2013/01/28 17:48:16 | 000,025,528 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/03 08:47:14 | 000,284,008 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt)
DRV:64bit: - [2012/12/03 08:47:14 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012/11/26 18:05:24 | 000,075,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/11/02 16:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/03 08:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/06/27 15:18:52 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012/03/09 03:31:15 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 03:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/01/10 23:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012/01/09 17:28:20 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2012/01/09 17:28:20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012/01/09 17:28:20 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2012/01/09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012/01/09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012/01/09 17:28:18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/10/11 14:08:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/10/10 17:43:16 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/22 15:55:17 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/09/22 15:55:17 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/09/13 17:14:44 | 000,212,992 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/09/13 17:14:42 | 000,095,744 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/08/29 17:32:18 | 000,053,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/07 08:16:56 | 000,108,032 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cyhid.sys -- (cyhid)
DRV:64bit: - [2011/05/25 18:44:48 | 000,011,264 | ---- | M] (Cypress Semiconductor, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cykbfltr.sys -- (cykbfltrService)
DRV:64bit: - [2011/05/22 14:05:02 | 000,070,656 | ---- | M] (Cypress Semiconductor, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cymfltr.sys -- (cymfltrService)
DRV:64bit: - [2011/05/17 07:27:54 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2011/04/19 09:52:20 | 001,254,464 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2011/03/07 13:52:24 | 012,264,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/20 09:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011/01/12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/27 20:15:56 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/12/13 10:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/11/29 13:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/10 18:32:20 | 000,172,632 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 17:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/08/20 11:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/06/14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/03/19 01:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/27 08:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 10:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/06/14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{157857FD-6652-4579-B906-C06110EE2790}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{157857FD-6652-4579-B906-C06110EE2790}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3707478246-1993061971-1580713667-1001\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www1.delta-search.com/?babsrc=HP_ss&mntrId=B84588532E35337F&affID=119357&tsp=4960
IE - HKU\S-1-5-21-3707478246-1993061971-1580713667-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3707478246-1993061971-1580713667-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3707478246-1993061971-1580713667-1001\..\SearchScopes,DefaultScope = {157857FD-6652-4579-B906-C06110EE2790}
IE - HKU\S-1-5-21-3707478246-1993061971-1580713667-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3707478246-1993061971-1580713667-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Sammi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Sammi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/12/04 01:29:45 | 000,000,000 | ---D | M]
 
[2012/08/12 07:19:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sammi\AppData\Roaming\Mozilla\Firefox\extensions
[2012/05/25 08:17:24 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Sammi\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/08/12 07:19:39 | 000,000,000 | ---D | M] (BitTorrentControl_v12 Community Toolbar) -- C:\Users\Sammi\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}
[2012/05/24 11:16:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sammi\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2012/05/24 11:16:37 | 000,086,818 | ---- | M] () (No name found) -- C:\Users\Sammi\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\OneClickDownloader@OneClickDownloader.com.xpi
[2013/07/31 08:05:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U15 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Sammi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Sammi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Sammi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Sammi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Sammi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Sammi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Sammi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.10.0.13089_0\
CHR - Extension: Into The Mist = C:\Users\Sammi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh\1_0\
CHR - Extension: DivX Plus Web Player HTML5 video = C:\Users\Sammi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Sammi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/08/01 21:48:38 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {390C7E87-153C-12DB-2EA6-0BB301EB26E9} - C:\Windows\SysWOW64\D3DX9_400.dll File not found
O2 - BHO: (no name) - {491C440D-305E-0124-0099-0F3E390C7E87} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [CyCpIo] C:\Program Files\Cypress\TrackPad\CyCpIo.exe (Cypress Semiconductor Corporation)
O4:64bit: - HKLM..\Run: [CyHidWin] C:\Program Files\Cypress\TrackPad\CyHidWin.exe (Cypress Semiconductor, Inc.)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKU\S-1-5-21-3707478246-1993061971-1580713667-1001..\Run: [Facebook Update] C:\Users\Sammi\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3707478246-1993061971-1580713667-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk =  File not found
O4 - Startup: C:\Users\Sammi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3707478246-1993061971-1580713667-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3707478246-1993061971-1580713667-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3707478246-1993061971-1580713667-1001\..Trusted Domains: dell.com ([]* in Trusted sites)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{292D15AA-00AB-4CB8-9BFA-CAD18F841AA8}: DhcpNameServer = 192.168.1.254 75.153.176.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77E6676B-6D97-472C-809D-2FA4F3471A67}: DhcpNameServer = 64.59.144.17 64.59.150.133
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/01 23:12:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/08/01 21:51:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/08/01 12:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Fenomen Games
[2013/08/01 12:20:46 | 000,000,000 | ---D | C] -- C:\Users\Sammi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lamp of Aladdin
[2013/08/01 12:20:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lamp of Aladdin
[2013/07/31 10:16:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2013/07/31 08:53:45 | 000,000,000 | ---D | C] -- C:\Users\Sammi\AppData\Roaming\Palaplay
[2013/07/31 08:06:21 | 000,000,000 | ---D | C] -- C:\Users\Sammi\AppData\Roaming\Python-Eggs
[2013/07/31 08:06:18 | 000,000,000 | ---D | C] -- C:\Users\Sammi\AppData\Roaming\BitLord
[2013/07/31 08:06:00 | 000,000,000 | ---D | C] -- C:\Users\Sammi\Documents\BitLord
[2013/07/31 08:05:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/07/31 08:05:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitLord 2
[2013/07/31 08:05:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013/07/31 08:05:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013/07/31 08:05:52 | 000,000,000 | ---D | C] -- C:\Users\Sammi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
[2013/07/31 08:05:51 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender
[2013/07/30 23:05:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runtime Software
[2013/07/30 15:34:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/07/28 22:38:43 | 000,000,000 | ---D | C] -- C:\Users\Sammi\Documents\mbar-1.06.0.1004
[2013/07/23 22:55:39 | 000,000,000 | ---D | C] -- C:\Users\Sammi\AppData\Local\Artist Colony
[2013/07/23 22:55:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Artist Colony
[2013/07/21 17:18:06 | 000,000,000 | ---D | C] -- C:\Users\Sammi\AppData\Roaming\Stand O'Food 3
[2013/07/21 14:32:16 | 000,000,000 | ---D | C] -- C:\e90942a14ac551ff4a4d
[2013/07/21 10:38:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013/07/21 10:21:06 | 000,000,000 | ---D | C] -- C:\dacd1b4375d89bc20028c7
[2013/07/21 01:04:25 | 000,000,000 | ---D | C] -- C:\Users\Sammi\AppData\Roaming\Roxio Log Files
[2013/07/21 00:54:10 | 000,000,000 | ---D | C] -- C:\Users\Sammi\AppData\Local\Programs
[2013/07/20 07:55:51 | 000,000,000 | ---D | C] -- C:\Users\Sammi\AppData\Roaming\Elephant Games
[2013/07/20 07:47:19 | 000,000,000 | ---D | C] -- C:\Windows\Mystery Trackers 5 - Silent Hollow Collector's Edition
[2013/07/16 03:00:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/15 12:26:34 | 000,000,000 | R--D | C] -- C:\MSOCache
[2013/07/14 21:10:13 | 000,000,000 | ---D | C] -- C:\Users\Sammi\AppData\Roaming\AlawarEntertainment
[2013/07/14 21:03:04 | 000,000,000 | ---D | C] -- C:\Windows\Stray Souls 2 - Stolen Memories Collector's Edition
[2013/07/13 11:09:56 | 000,000,000 | ---D | C] -- C:\Users\Sammi\AppData\Local\Chronicles of Albian 2
[2013/07/13 11:07:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\3056
[2013/07/11 19:08:08 | 000,000,000 | ---D | C] -- C:\Users\Sammi\AppData\Roaming\Eipix
[2013/07/11 19:02:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Chronicles of Albian 2 - The Wizbury School of Magic
[2013/07/11 19:02:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\3055
[2013/07/11 18:57:53 | 000,000,000 | ---D | C] -- C:\Windows\Final Cut 2 - Encore Collector's Edition
[2013/07/10 15:57:31 | 000,000,000 | ---D | C] -- C:\Users\Sammi\AppData\Roaming\Nekobolt
[2013/07/10 15:54:38 | 000,000,000 | ---D | C] -- C:\Users\Sammi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baking Success
[2013/07/10 15:54:29 | 000,000,000 | ---D | C] -- C:\Windows\Baking Success
[2013/07/10 15:54:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Baking Success
[2013/07/10 15:54:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\3054
[2013/07/10 15:31:48 | 000,000,000 | ---D | C] -- C:\Users\Sammi\AppData\Roaming\SerpentOfIsis
[2013/07/10 03:02:14 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/07/10 03:02:14 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/07/10 03:02:13 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/10 03:02:13 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/07/10 03:02:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/07/10 03:02:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/10 03:02:13 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/07/10 03:02:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/07/10 03:02:12 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/07/10 03:02:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/07/10 03:02:11 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/10 03:02:11 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/10 03:02:10 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/10 03:02:10 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/10 03:02:10 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/07/10 00:19:34 | 001,545,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/07/10 00:19:13 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/10 00:19:13 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/10 00:19:12 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/10 00:19:12 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/08 13:41:01 | 000,000,000 | ---D | C] -- C:\Users\Sammi\AppData\Local\FairyIsland
[2013/07/08 13:40:42 | 000,000,000 | ---D | C] -- C:\Windows\Fairy Island
[2013/07/07 13:22:20 | 000,000,000 | ---D | C] -- C:\Users\Sammi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Burger Island 2
[2013/07/07 13:22:10 | 000,000,000 | ---D | C] -- C:\Windows\Burger Island 2
[2013/07/07 13:22:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Burger Island 2
[2013/07/06 22:30:29 | 000,000,000 | ---D | C] -- C:\Users\Sammi\AppData\Roaming\Sarah's Emergency Hospital
[2013/07/06 22:30:00 | 000,000,000 | ---D | C] -- C:\Windows\Emergency Hospital
[2013/07/06 22:15:35 | 000,000,000 | ---D | C] -- C:\ProgramData\rionix
[2013/07/06 22:15:29 | 000,000,000 | ---D | C] -- C:\Users\Sammi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tropical Farm
[2013/07/06 22:15:26 | 000,000,000 | ---D | C] -- C:\Windows\Tropical Farm
[2013/07/06 22:15:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tropical Farm
[2013/07/06 19:57:09 | 000,000,000 | ---D | C] -- C:\Windows\Cinema Tycoon 2  Movie Mania
[2013/07/04 22:38:59 | 000,000,000 | ---D | C] -- C:\Users\Sammi\AppData\Roaming\Jane s Hotel  Family Hero
[2013/07/04 22:37:25 | 000,000,000 | ---D | C] -- C:\Users\Sammi\AppData\Roaming\CasualForge
[2013/07/04 15:34:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\PlayfulAge
[2012/03/09 03:31:15 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Sammi\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\SysNative\
[2013/08/02 10:07:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/02 09:49:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3707478246-1993061971-1580713667-1001UA.job
[2013/08/02 09:34:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/02 03:00:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/01 23:12:50 | 000,002,150 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/08/01 22:00:28 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/01 22:00:28 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/01 21:57:25 | 000,780,046 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/01 21:57:25 | 000,665,444 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/01 21:57:25 | 000,125,890 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/01 21:53:36 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/01 21:53:18 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/08/01 21:53:01 | 2064,252,927 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/01 21:48:38 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/08/01 21:39:38 | 005,097,176 | R--- | M] (Swearware) -- C:\Users\Sammi\Desktop\ComboFix.exe
[2013/08/01 19:13:46 | 000,004,261 | ---- | M] () -- C:\Users\Sammi\Documents\Document.rtf
[2013/08/01 18:49:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3707478246-1993061971-1580713667-1001Core.job
[2013/07/31 10:40:13 | 000,002,285 | ---- | M] () -- C:\Users\Sammi\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/31 10:40:13 | 000,002,261 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/31 08:43:00 | 000,000,218 | ---- | M] () -- C:\Users\Sammi\AppData\Local\recently-used.xbel
[2013/07/30 23:08:23 | 004,405,267 | ---- | M] () -- C:\Drive_C.dat
[2013/07/30 23:08:23 | 000,341,407 | ---- | M] () -- C:\Drive_C.xml
[2013/07/23 22:55:33 | 000,002,088 | ---- | M] () -- C:\Users\Sammi\Desktop\Artist Colony.lnk
[2013/07/21 15:04:18 | 000,283,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/21 11:13:38 | 000,138,846 | ---- | M] () -- C:\Users\Sammi\Documents\cc_20120816_165430.reg
[2013/07/21 00:34:21 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/07/21 00:34:21 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/07/20 07:49:11 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe
[2013/07/10 15:54:38 | 000,001,959 | ---- | M] () -- C:\Users\Sammi\Desktop\Baking Success.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\SysNative\
[2013/08/01 19:13:46 | 000,004,261 | ---- | C] () -- C:\Users\Sammi\Documents\Document.rtf
[2013/07/31 10:39:06 | 000,002,261 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/31 08:43:00 | 000,000,218 | ---- | C] () -- C:\Users\Sammi\AppData\Local\recently-used.xbel
[2013/07/30 23:08:19 | 004,405,267 | ---- | C] () -- C:\Drive_C.dat
[2013/07/30 23:08:19 | 000,341,407 | ---- | C] () -- C:\Drive_C.xml
[2013/07/23 22:55:33 | 000,002,088 | ---- | C] () -- C:\Users\Sammi\Desktop\Artist Colony.lnk
[2013/07/10 15:54:38 | 000,001,959 | ---- | C] () -- C:\Users\Sammi\Desktop\Baking Success.lnk
[2013/07/06 00:06:35 | 000,002,150 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/06/28 20:46:34 | 000,033,767 | ---- | C] () -- C:\Users\Sammi\AppData\Local\WiDiSetupLog.20130628.204634.wdl
[2013/05/25 16:52:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/25 16:52:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/25 16:52:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/25 16:52:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/25 16:52:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/10 02:36:26 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2013/02/09 04:43:23 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2013/02/08 02:54:47 | 000,007,603 | ---- | C] () -- C:\Users\Sammi\AppData\Local\Resmon.ResmonCfg
[2013/02/02 14:41:48 | 000,000,023 | ---- | C] () -- C:\Users\Sammi\jagexappletviewer.preferences
[2012/08/26 13:09:04 | 000,000,227 | ---- | C] () -- C:\Windows\PowerReg.dat
[2012/08/26 13:09:03 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2012/08/14 15:41:26 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/03/24 20:05:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012/03/09 03:31:15 | 000,007,859 | ---- | C] () -- C:\Users\Sammi\AppData\Roaming\pcouffin.cat
[2012/03/09 03:31:15 | 000,001,167 | ---- | C] () -- C:\Users\Sammi\AppData\Roaming\pcouffin.inf
[2012/02/19 18:14:31 | 000,000,032 | ---- | C] () -- C:\Users\Sammi\jagex_cl_runescape_LIVE.dat
[2011/11/18 20:59:23 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\D3DX9_411.dll
[2011/11/18 20:57:30 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\d3ddx10_34.dll
[2011/11/10 01:08:29 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\D3DX9_422.dll
[2011/10/11 00:30:14 | 000,000,129 | ---- | C] () -- C:\Users\Sammi\jagex_runescape_preferences2.dat
[2011/10/11 00:28:52 | 000,000,035 | ---- | C] () -- C:\Users\Sammi\jagex_runescape_preferences.dat
[2011/10/06 18:42:49 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\devrtll.dll
[2011/10/05 19:18:24 | 000,028,160 | ---- | C] () -- C:\Users\Sammi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/22 15:42:15 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/09/22 15:42:13 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/09/22 15:42:12 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 189 bytes -> C:\ProgramData\Temp:2B4E9D93
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:5C581A78
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:0ADCCF52
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:A636021B
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:6E1F359F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:DA6732F9
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:274516E7
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:993185CB
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:768611C5
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:10698F4B
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:9026EFD0
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:183A9046
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4C3D5A8B
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:E412AAF2
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:FFD38FD9
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:8AB2162E
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:B1FBA7E1
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:375FC7E7
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:57EE48CA
 
< End of report >
 

 

 

 

 

OTL Extras logfile created on: 8/2/2013 10:21:01 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sammi\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
7.90 Gb Total Physical Memory | 5.59 Gb Available Physical Memory | 70.76% Memory free
15.79 Gb Paging File | 13.22 Gb Available in Paging File | 83.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 679.00 Gb Total Space | 240.70 Gb Free Space | 35.45% Space Free | Partition Type: NTFS
 
Computer Name: SAMMI-PC | User Name: Sammi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-3707478246-1993061971-1580713667-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{040681F1-24C6-4D8A-AA4B-696B526C781C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0B66B416-75B4-454E-8536-23A99F478D04}" = rport=445 | protocol=6 | dir=out | app=system | 
"{309FFE68-B9A2-45CC-97A6-FEC2E9F912FD}" = rport=139 | protocol=6 | dir=out | app=system | 
"{32D87576-9B5E-4076-8534-3AB8AF9D1453}" = lport=139 | protocol=6 | dir=in | app=system | 
"{392F3D06-14A9-4BA3-8E4A-2A016C94A3FB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3A2741F5-E9A4-4E4C-BD64-18AE1D3A37E1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{70CD902F-6DDC-4A7B-97B7-93AE3E10AECD}" = lport=137 | protocol=17 | dir=in | app=system | 
"{92B761C2-904A-4B5F-8CA7-7D9D0F1A94AD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9D38ED25-086C-4F3A-AD04-07B79BCF8EA7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{AFA42D6C-4E12-43A3-9522-0D9D3EA31EAA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C34B818A-A782-4C3A-A1A5-7431491E0399}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C525D85D-A0AC-4C3A-853F-C6A38112743D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E7051252-1C82-4ADF-98C1-419AABA1AB39}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F98A38D5-0412-486C-B5B4-4DC44C799C73}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2FCE80FB-5822-4A12-9D30-11306398BAED}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3C472402-9A65-4349-A62D-7ACF7FA5F24F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{62E3F731-6C87-4D80-84C8-826E27D0921F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7A981C48-CB2F-4B27-B319-DC33F7FF6E87}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{2A706594-A86E-45C3-BC2E-5EAF3498233B}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{73B2495B-755D-4DB2-8314-DA108DA11DA6}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{EA644B59-2E06-4B54-AE12-C7CA7D9A1757}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"UDP Query User{703211F1-AFF0-4513-81D8-4C71402DCF5C}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{B299EDDB-CB84-457C-9FD7-1121408BF74A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{D61490AC-4A2D-4E5E-9EC1-83618771CBA7}C:\program files (x86)\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EAE3FBF-E39F-4B65-ACEE-560A16CD1F44}" = Intel® PROSet/Wireless WiFi Software Driver
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}" = Intel® PROSet/Wireless Software for Bluetooth® Technology
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62E7C369-64FF-452C-8F46-6BE9B77FF097}" = Intel® WiDi
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft Mouse and Keyboard Center
"{7F2F6CC5-434B-4311-9DE2-60C7CAF50B73}_is1" = Cypress TrackPad
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B0169FD6-8590-451E-AEFF-A6253C0A850C}" = Intel® PROSet/Wireless for Bluetooth® + High Speed
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 310.70
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E7EBB2A5-8C76-4C16-95A3-2FC74BEDE270}" = Intel® PROSet/Wireless WiFi Software
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"PC-Doctor for Windows" = My Dell
"WinRAR archiver" = WinRAR 4.10 beta 1 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D98F04D-11A1-4B64-A406-43292B9EEE90}" = Dell PhotoStage
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{15292416-A464-4FBA-BB96-7298EAACFC07}" = Zoo Tycoon 2 - Extinct Animals
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserDefender
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72E80496-C446-4389-B4F2-CC46DF704A7F}" = Terrafirma
"{7390478C-8581-415E-92E9-2997D9306B81}" = PC Connectivity Solution
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{89704656-98FA-4EB0-9CC9-9C9839255FA0}" = Intel® Update Manager
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A85FCCBE-31AB-4312-A5A9-165FF3B0BF90}" = RuneScape Launcher 1.2.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258
"{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0E36B69-687C-43B3-93BA-5E4B6E531023}_is1" = RAMMon V1.0
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage 
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{e6d17d96-ddaa-476f-bb07-db601024ffb1}" = Intel® PROSet/Wireless Software
"{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}" = Cozi
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FBECAB0B-4522-4C93-AF26-0DAD29AE3578}" = Pet Store Panic
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE182796-F6BA-486A-8590-89B7E8D1D60F}" = Dell Stage
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Artist Colony 1.00" = Artist Colony 1.00
"Baking SuccessFinal" = Baking Success
"Burger Island 21.0.1" = Burger Island 2
"Burger Shop1.0" = Burger Shop
"Cooking Dash 2 DinerTown Studios 1.00" = Cooking Dash 2 DinerTown Studios 1.00
"Dell Webcam Central" = Dell Webcam Central
"Digital Editions" = Adobe Digital Editions
"DivX Setup" = DivX Setup
"Escape From Paradise 2 - A Kingdom's Quest 1.00" = Escape From Paradise 2 - A Kingdom's Quest 1.00
"Farm for your Life" = Farm for your Life
"Gemini Lost1.0.0.125" = Gemini Lost
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist Corporate
"InstallShield_{15292416-A464-4FBA-BB96-7298EAACFC07}" = Zoo Tycoon 2 - Extinct Animals
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage 
"Jack of all Tribes 1.00" = Jack of all Tribes 1.00
"Lamp of Aladdin" = Lamp of Aladdin
"Magic Farm Ultimate Flower 1.00" = Magic Farm Ultimate Flower 1.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Pet Shop Hop1.0" = Pet Shop Hop
"Plant Tycoon_is1" = Plant Tycoon
"Sally's Studio Collector's Edition 1.00" = Sally's Studio Collector's Edition 1.00
"Shop it Up 1.00" = Shop it Up 1.00
"Supermarket Mania 2 1.00" = Supermarket Mania 2 1.00
"The Fifth Gate ." = The Fifth Gate .
"The Sims Medieval.v 1.0.286.00001_is1" = The Sims Medieval.v 1.0.286.00001
"Tropical Farm1.01" = Tropical Farm
"VLC media player" = VLC media player 2.0.7
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3707478246-1993061971-1580713667-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
"UnityWebPlayer" = Unity Web Player
 
< End of report >
 
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\accessibilllllllitycpl.dll Win32/BHO.OEY trojan
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\accessibillllllllitycpl.dll Win32/BHO.OEY trojan
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\accessibilllllllllitycpl.dll Win32/BHO.OEY trojan
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\accessibillllllllllitycpl.dll Win32/BHO.OEY trojan
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\accessibilllllllllllitycpl.dll Win32/BHO.OEY trojan
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\d3ddim700.dll Win32/BHO.OEY trojan
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\d3ddx10_34.dll Win32/BHO.OEY trojan
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\davhlprr.dll Win32/BHO.OEY trojan
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\dbnmpntww.dll Win32/BHO.OEY trojan
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\shacctt.dll Win32/BHO.OEY trojan
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\shfoldeer.dll Win32/BHO.OEY trojan
C:\Users\Sammi\Documents\The.Best.of.Big.Fish.Games.(Until.2010).Pack-FG\HOG Games\Shiver 3 - Moonlit Grove Collector's Edition\data\vcredist_x86.exe a variant of Win32/Injector.AFXR trojan
C:\Users\Sammi\Documents\The.Best.of.Big.Fish.Games.(Until.2010).Pack-FG\PC. GAMES FOR KIDS\Dora the Explorer - Swiper's Big Adventure!\Dora the Explorer - Swiper's Big Adventure!\Swiper.exe a variant of Win32/TrojanDropper.Small.NLJ trojan
C:\Windows\System32\accessibilllllllitycpl.dll Win32/BHO.OEY trojan
C:\Windows\System32\accessibillllllllitycpl.dll Win32/BHO.OEY trojan
C:\Windows\System32\accessibilllllllllitycpl.dll Win32/BHO.OEY trojan
C:\Windows\System32\accessibillllllllllitycpl.dll Win32/BHO.OEY trojan
C:\Windows\System32\accessibilllllllllllitycpl.dll Win32/BHO.OEY trojan
C:\Windows\System32\d3ddim700.dll Win32/BHO.OEY trojan
C:\Windows\System32\d3ddx10_34.dll Win32/BHO.OEY trojan
C:\Windows\System32\davhlprr.dll Win32/BHO.OEY trojan
C:\Windows\System32\dbnmpntww.dll Win32/BHO.OEY trojan
C:\Windows\System32\shacctt.dll Win32/BHO.OEY trojan
C:\Windows\System32\shfoldeer.dll Win32/BHO.OEY trojan
C:\Windows\SysWOW64\accessibilllllllitycpl.dll Win32/BHO.OEY trojan
C:\Windows\SysWOW64\accessibillllllllitycpl.dll Win32/BHO.OEY trojan
C:\Windows\SysWOW64\accessibilllllllllitycpl.dll Win32/BHO.OEY trojan
C:\Windows\SysWOW64\accessibillllllllllitycpl.dll Win32/BHO.OEY trojan
C:\Windows\SysWOW64\accessibilllllllllllitycpl.dll Win32/BHO.OEY trojan
C:\Windows\SysWOW64\d3ddim700.dll Win32/BHO.OEY trojan
C:\Windows\SysWOW64\d3ddx10_34.dll Win32/BHO.OEY trojan
C:\Windows\SysWOW64\davhlprr.dll Win32/BHO.OEY trojan
C:\Windows\SysWOW64\dbnmpntww.dll Win32/BHO.OEY trojan
C:\Windows\SysWOW64\shacctt.dll Win32/BHO.OEY trojan
C:\Windows\SysWOW64\shfoldeer.dll Win32/BHO.OEY trojan


#11 Depraved

Depraved
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 02 August 2013 - 02:16 PM

I still can't reinstall microsoft security essentials, the installer will run start to install then say in cannot complete the installation, error code:0x080070643. My computer is running a lot quicker and smoother now though.



#12 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:03:48 AM

Posted 02 August 2013 - 03:25 PM

Run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

(Just run fixdamage.exe)

 

Are you able to install MSE now?



#13 Depraved

Depraved
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 02 August 2013 - 04:47 PM

It's still giving me the same error after running the fixdamage.



#14 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:03:48 AM

Posted 02 August 2013 - 04:54 PM

Okay we'll skip it for now and come back to it later.

 

----------Step 1----------------
We need to run an OTL Fix

  • Please reopen otlicon.png on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.

     

    :OTL
    @Alternate Data Stream - 189 bytes -> C:\ProgramData\Temp:2B4E9D93
    @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:5C581A78
    @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:0ADCCF52
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:A636021B
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:6E1F359F
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:DA6732F9
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:274516E7
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:993185CB
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:768611C5
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:10698F4B
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:9026EFD0
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:183A9046
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4C3D5A8B
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:E412AAF2
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:FFD38FD9
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:8AB2162E
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:B1FBA7E1
    @Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:375FC7E7
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:57EE48CA
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]


    :Files
    C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\accessibilllllllitycpl.dll
    C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\accessibillllllllitycpl.dll
    C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\accessibilllllllllitycpl.dll
    C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\accessibillllllllllitycpl.dll
    C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\accessibilllllllllllitycpl.dll
    C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\d3ddim700.dll
    C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\d3ddx10_34.dll
    C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\davhlprr.dll
    C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\dbnmpntww.dll
    C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\shacctt.dll
    C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\shfoldeer.dll
    C:\Users\Sammi\Documents\The.Best.of.Big.Fish.Games.(Until.2010).Pack-FG\HOG Games\Shiver 3 - Moonlit Grove Collector's Edition\data\vcredist_x86.exe
    C:\Users\Sammi\Documents\The.Best.of.Big.Fish.Games.(Until.2010).Pack-FG\PC. GAMES FOR KIDS\Dora the Explorer - Swiper's Big Adventure!\Dora the Explorer - Swiper's Big Adventure!\Swiper.exe
    C:\Windows\System32\accessibilllllllitycpl.dll
    C:\Windows\System32\accessibillllllllitycpl.dll
    C:\Windows\System32\accessibilllllllllitycpl.dll
    C:\Windows\System32\accessibillllllllllitycpl.dll
    C:\Windows\System32\accessibilllllllllllitycpl.dll
    C:\Windows\System32\d3ddim700.dll
    C:\Windows\System32\d3ddx10_34.dll
    C:\Windows\System32\davhlprr.dll
    C:\Windows\System32\dbnmpntww.dll
    C:\Windows\System32\shacctt.dll
    C:\Windows\System32\shfoldeer.dll
    C:\Windows\SysWOW64\accessibilllllllitycpl.dll
    C:\Windows\SysWOW64\accessibillllllllitycpl.dll
    C:\Windows\SysWOW64\accessibilllllllllitycpl.dll
    C:\Windows\SysWOW64\accessibillllllllllitycpl.dll
    C:\Windows\SysWOW64\accessibilllllllllllitycpl.dll
    C:\Windows\SysWOW64\d3ddim700.dll
    C:\Windows\SysWOW64\d3ddx10_34.dll
    C:\Windows\SysWOW64\davhlprr.dll
    C:\Windows\SysWOW64\dbnmpntww.dll
    C:\Windows\SysWOW64\shacctt.dll
    C:\Windows\SysWOW64\shfoldeer.dll
     

    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]

  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

----------Step 2----------------
Instructions for DELETE:

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Afterwards, please reboot the computer.

----------Step 3----------------
Please post the OTL and AdwCleaner reports in your next reply. How are things running now?


Edited by D-FRED-BROWN, 02 August 2013 - 04:54 PM.


#15 Depraved

Depraved
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 02 August 2013 - 05:39 PM

All processes killed
========== OTL ==========
ADS C:\ProgramData\Temp:2B4E9D93 deleted successfully.
ADS C:\ProgramData\Temp:5C581A78 deleted successfully.
ADS C:\ProgramData\Temp:0ADCCF52 deleted successfully.
ADS C:\ProgramData\Temp:A636021B deleted successfully.
ADS C:\ProgramData\Temp:6E1F359F deleted successfully.
ADS C:\ProgramData\Temp:DA6732F9 deleted successfully.
ADS C:\ProgramData\Temp:274516E7 deleted successfully.
ADS C:\ProgramData\Temp:993185CB deleted successfully.
ADS C:\ProgramData\Temp:768611C5 deleted successfully.
ADS C:\ProgramData\Temp:10698F4B deleted successfully.
ADS C:\ProgramData\Temp:9026EFD0 deleted successfully.
ADS C:\ProgramData\Temp:183A9046 deleted successfully.
ADS C:\ProgramData\Temp:4C3D5A8B deleted successfully.
ADS C:\ProgramData\Temp:E412AAF2 deleted successfully.
ADS C:\ProgramData\Temp:FFD38FD9 deleted successfully.
ADS C:\ProgramData\Temp:8AB2162E deleted successfully.
ADS C:\ProgramData\Temp:B1FBA7E1 deleted successfully.
ADS C:\ProgramData\Temp:375FC7E7 deleted successfully.
ADS C:\ProgramData\Temp:57EE48CA deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Windows\assembly\Desktop.ini moved successfully.
File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
========== FILES ==========
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\accessibilllllllitycpl.dll moved successfully.
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\accessibillllllllitycpl.dll moved successfully.
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\accessibilllllllllitycpl.dll moved successfully.
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\accessibillllllllllitycpl.dll moved successfully.
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\accessibilllllllllllitycpl.dll moved successfully.
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\d3ddim700.dll moved successfully.
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\d3ddx10_34.dll moved successfully.
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\davhlprr.dll moved successfully.
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\dbnmpntww.dll moved successfully.
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\shacctt.dll moved successfully.
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\shfoldeer.dll moved successfully.
C:\Users\Sammi\Documents\The.Best.of.Big.Fish.Games.(Until.2010).Pack-FG\HOG Games\Shiver 3 - Moonlit Grove Collector's Edition\data\vcredist_x86.exe moved successfully.
C:\Users\Sammi\Documents\The.Best.of.Big.Fish.Games.(Until.2010).Pack-FG\PC. GAMES FOR KIDS\Dora the Explorer - Swiper's Big Adventure!\Dora the Explorer - Swiper's Big Adventure!\Swiper.exe moved successfully.
C:\Windows\System32\accessibilllllllitycpl.dll moved successfully.
C:\Windows\System32\accessibillllllllitycpl.dll moved successfully.
C:\Windows\System32\accessibilllllllllitycpl.dll moved successfully.
C:\Windows\System32\accessibillllllllllitycpl.dll moved successfully.
C:\Windows\System32\accessibilllllllllllitycpl.dll moved successfully.
C:\Windows\System32\d3ddim700.dll moved successfully.
C:\Windows\System32\d3ddx10_34.dll moved successfully.
C:\Windows\System32\davhlprr.dll moved successfully.
C:\Windows\System32\dbnmpntww.dll moved successfully.
C:\Windows\System32\shacctt.dll moved successfully.
C:\Windows\System32\shfoldeer.dll moved successfully.
File\Folder C:\Windows\SysWOW64\accessibilllllllitycpl.dll not found.
File\Folder C:\Windows\SysWOW64\accessibillllllllitycpl.dll not found.
File\Folder C:\Windows\SysWOW64\accessibilllllllllitycpl.dll not found.
File\Folder C:\Windows\SysWOW64\accessibillllllllllitycpl.dll not found.
File\Folder C:\Windows\SysWOW64\accessibilllllllllllitycpl.dll not found.
File\Folder C:\Windows\SysWOW64\d3ddim700.dll not found.
File\Folder C:\Windows\SysWOW64\d3ddx10_34.dll not found.
File\Folder C:\Windows\SysWOW64\davhlprr.dll not found.
File\Folder C:\Windows\SysWOW64\dbnmpntww.dll not found.
File\Folder C:\Windows\SysWOW64\shacctt.dll not found.
File\Folder C:\Windows\SysWOW64\shfoldeer.dll not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Mcx1-SAMMI-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Sammi
->Temp folder emptied: 1296568 bytes
->Temporary Internet Files folder emptied: 149816 bytes
->Java cache emptied: 451681 bytes
->Google Chrome cache emptied: 481403653 bytes
->Flash cache emptied: 120827 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18425891 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 212728498 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 666 bytes
RecycleBin emptied: 1080 bytes
 
Total Files Cleaned = 681.00 mb
 
 
[EMPTYJAVA]
 
User: Administrator
 
User: All Users
 
User: Default
 
User: Default User
 
User: Mcx1-SAMMI-PC
 
User: Public
 
User: Sammi
->Java cache emptied: 0 bytes
 
User: UpdatusUser
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default
 
User: Default User
 
User: Mcx1-SAMMI-PC
 
User: Public
 
User: Sammi
->Flash cache emptied: 0 bytes
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 08022013_153253
 
Files\Folders moved on Reboot...
C:\Users\Sammi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 

 

 

 

# AdwCleaner v2.306 - Logfile created 08/02/2013 at 15:36:13
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Sammi - SAMMI-PC
# Boot Mode : Normal
# Running from : C:\Users\Sammi\Downloads\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Folder Deleted : C:\ProgramData\BrowserDefender
Folder Deleted : C:\Users\Sammi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\9edadcb33dea49
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\9edadcb33dea49
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16496
 
[OK] Registry is clean.
 
-\\ Google Chrome v28.0.1500.95
 
File : C:\Users\Sammi\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.2390] : homepage = "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=B84588532E35337F&affID=119357&tsp=[...]
Deleted [l.3121] : urls_to_restore_on_startup = [ "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=B84588532E3[...]
 
-\\ Opera v [Unable to get version]
 
File : C:\Users\Sammi\AppData\Roaming\Opera\Opera\operaprefs.ini
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [4027 octets] - [02/08/2013 10:15:40]
AdwCleaner[S2].txt - [2876 octets] - [02/08/2013 15:36:13]
 
########## EOF - C:\AdwCleaner[S2].txt - [2936 octets] ##########





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users