Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random radio stations playing simultaneously. Malware?


  • This topic is locked This topic is locked
31 replies to this topic

#1 DutchMaster22

DutchMaster22

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 29 January 2014 - 09:45 PM

I have multiple radio stations playing in the background on my pc as soon as it starts up. There are no active applications or processes running that I can see that would cause this. Also no ads running in the background that I can see unless something is running at startup. My computer also restarts itself every few hours and freezes regularly. Sometimes it says my graphics driver stopped unexpectedly but has recovered, but then freezes a few minutes later forcing a restart. Im running on windows 7 home premium and i've tried updating and running my antivirus software (McAfee), malwarebytes and super antispyware. They found a few things but nothing that is causing the radio stations to play. I've also tried autoruns, adwcleaner and junkware removal tool as instructed in this topic:

http://www.bleepingcomputer.com/forums/t/517461/multiple-random-radio-stations-playing/

 

I followed the preparation guide and tried to run DDS but after about 10 min I got a popup saying "You are about to be logged off. Windows must now restart because the plug and play service terminated unexpectedly." So DDS never completed and I was unable to create the logs.


Edited by DutchMaster22, 29 January 2014 - 09:48 PM.


BC AdBot (Login to Remove)

 


m

#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 AM

Posted 30 January 2014 - 12:24 AM





Hello DutchMaster22

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 DutchMaster22

DutchMaster22
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 30 January 2014 - 07:44 PM

Thank you for helping me out with this :) Here are the logs

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by Diz (administrator) on WINDOWS7 on 30-01-2014 19:40:10
Running from C:\Users\Diz\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
(RemoteMouse.net) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHLA.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Zedge.net) C:\Users\Diz\AppData\Local\Apps\2.0\5ZK1ALKA.AKM\QEPQWWX1.NDG\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\ZedgeTonesync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Razer USA Ltd.) C:\Program Files (x86)\Razer\Reclusa\razerhid.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
() C:\Program Files (x86)\Razer\Reclusa\razertra.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\Video\LogiTray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\Video\FxSvr2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
(http://www.emule-project.net) C:\Program Files (x86)\eMule\emule.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-06] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] - C:\Windows\system32\THXCfg64.dll [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry_EptMon] - C:\Windows\system32\EptMon64.dll [21504 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807600 2009-11-13] ()
HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Reclusa] - C:\Program Files (x86)\Razer\Reclusa\razerhid.exe [167936 2007-06-18] (Razer USA Ltd.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [LogitechVideoRepair] - C:\Program Files (x86)\Logitech\Video\ISStart.exe [458752 2005-06-08] (Logitech Inc.)
HKLM-x32\...\Run: [LogitechVideoTray] - C:\Program Files (x86)\Logitech\Video\LogiTray.exe [217088 2005-06-08] (Logitech Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [Remote Mouse] - C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [73216 2012-12-24] (RemoteMouse.net)
HKCU\...\Run: [JumiController] - [x]
HKCU\...\Run: [iFunBoxConnector] - C:\Program Files (x86)\iFunbox\ifb_conn.exe [812544 2013-02-10] ()
HKCU\...\Run: [LogitechSoftwareUpdate] - C:\Program Files (x86)\Logitech\Video\ManifestEngine.exe [196608 2005-06-08] (Logitech Inc.)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLA.EXE [283232 2013-10-07] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6503704 2013-12-04] (SUPERAntiSpyware)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKCU\...\Run: [ZedgeToneSync] - C:\Users\Diz\AppData\Local\Apps\2.0\Data\1OON4AJV.9AV\E91H47T5.O3H\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\Data\ZedgeToneSync.appref-ms -startup
HKCU\...\Run: [dvduCERT] - C:\Users\Diz\AppData\Local\Temp\cmddctr.exe [254976 2014-01-21] (S87Vdf4T) <===== ATTENTION
HKU\Mcx1-WINDOWS7\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Mcx1-WINDOWS7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sharethefiles.com/forum/viewforum.php?f=67&sid=60231c6a237cd07feacda20036e1115d
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {34050585-AAAA-4B0F-B049-E9E16C809A5C} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {71B270C0-CEC7-449B-8D9D-5F66BCF8312F} URL =
BHO: No Name - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {F8EB59EC-35A8-4B59-8F67-B3E19147FED6} http://videoassets.starz.com/wv/installer/WidevineMediaTransformer.exe
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-11-03] (Adobe Systems)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-11-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-11-26] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-11-04] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-11-04] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

==================== Drivers (Whitelisted) ====================

S3 AirDisplay; C:\Windows\System32\DRIVERS\AVVideoCard.sys [15768 2012-02-07] (Windows ® Win 7 DDK provider)
S3 AirDisplayMirror; C:\Windows\System32\DRIVERS\AVVideoCardMirror.sys [15768 2012-02-07] (Windows ® Win 7 DDK provider)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-11-04] (McAfee, Inc.)
R3 HabuFltr; C:\Windows\System32\drivers\habu.sys [13696 2006-10-26] (Razer (Asia-Pacific) Pte Ltd)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 jumi; C:\Windows\System32\DRIVERS\jumi.sys [15160 2010-06-03] (Windows ® Codename Longhorn DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-11-04] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-11-04] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-11-04] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782360 2013-11-04] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-11-04] (McAfee, Inc.)
R3 RecFltr; C:\Windows\System32\drivers\RecFltr.sys [45440 2007-01-18] ()
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\bleepYOU\catchme.sys [x]
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-30 19:40 - 2014-01-30 19:40 - 00019987 _____ C:\Users\Diz\Desktop\FRST.txt
2014-01-30 19:39 - 2014-01-30 19:40 - 00000000 ____D C:\FRST
2014-01-30 19:39 - 2014-01-30 19:39 - 02079744 _____ (Farbar) C:\Users\Diz\Desktop\FRST64.exe
2014-01-29 21:50 - 2014-01-29 21:50 - 00007200 _____ C:\Users\Diz\.recently-used.xbel
2014-01-29 20:37 - 2014-01-29 20:37 - 00688992 ____R (Swearware) C:\Users\Diz\Desktop\dds.com
2014-01-28 23:46 - 2014-01-28 23:46 - 00000000 ____D C:\Users\Diz\Desktop\YahooIcons
2014-01-27 21:28 - 2014-01-27 21:28 - 00000000 ____D C:\Users\Diz\Desktop\RK_Quarantine
2014-01-27 21:09 - 2014-01-27 21:25 - 00002512 _____ C:\Users\Diz\Desktop\Rkill.txt
2014-01-23 22:53 - 2014-01-23 23:01 - 00000000 ____D C:\Users\Diz\Desktop\iPhone 5s
2014-01-22 22:36 - 2014-01-22 22:36 - 00000141 _____ C:\Users\Diz\AppData\Local\dfl31z32.dll
2014-01-22 02:15 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-01-21 20:41 - 2014-01-21 20:41 - 02895956 _____ C:\Users\Diz\Desktop\Walls.zip
2014-01-21 00:02 - 2014-01-21 00:02 - 00000336 _____ C:\Users\Diz\Desktop\ToneSync for Windows.appref-ms
2014-01-21 00:02 - 2014-01-21 00:02 - 00000000 ____D C:\Users\Diz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zedge Europe AS
2014-01-20 23:37 - 2014-01-30 18:38 - 00000000 ____D C:\Users\Diz\AppData\Local\Deployment
2014-01-20 23:37 - 2014-01-20 23:37 - 00000000 ____D C:\Users\Diz\AppData\Local\Apps\2.0
2014-01-17 12:37 - 2014-01-17 12:37 - 00000000 ____S C:\Windows\system32\tjltiqn.awv
2014-01-13 20:51 - 2014-01-13 20:51 - 00001034 _____ C:\Users\Diz\Desktop\Apple Mobile Device USB Driver - Shortcut.lnk
2014-01-13 20:29 - 2014-01-13 20:29 - 00000000 ____S C:\Windows\system32\zzlsk.ezs
2014-01-07 17:18 - 2014-01-07 17:18 - 00000000 ____D C:\Program Files\iPod
2014-01-07 17:17 - 2014-01-07 17:19 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-07 17:17 - 2014-01-07 17:19 - 00000000 ____D C:\Program Files\iTunes
2014-01-01 22:12 - 2014-01-02 21:53 - 00000000 ____D C:\Users\Diz\AppData\Roaming\iFunBox.NXGen
2014-01-01 22:11 - 2014-01-22 22:36 - 00000000 ____D C:\Users\Diz\Desktop\ifunbox2014
2013-12-31 21:20 - 2013-12-31 21:20 - 00000000 ____D C:\Users\Diz\Desktop\EXTRA
2013-12-31 01:36 - 2013-12-31 18:55 - 19378702 _____ C:\Users\Diz\Desktop\evasi0n7.exe
2013-12-31 01:36 - 2013-12-31 18:55 - 00002910 _____ C:\Users\Diz\Desktop\README.txt

==================== One Month Modified Files and Folders =======

2014-01-30 19:40 - 2014-01-30 19:40 - 00019987 _____ C:\Users\Diz\Desktop\FRST.txt
2014-01-30 19:40 - 2014-01-30 19:39 - 00000000 ____D C:\FRST
2014-01-30 19:39 - 2014-01-30 19:39 - 02079744 _____ (Farbar) C:\Users\Diz\Desktop\FRST64.exe
2014-01-30 19:33 - 2013-12-11 14:20 - 00000083 _____ C:\Windows\system32\ltpdo.ldx
2014-01-30 19:27 - 2012-04-07 00:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-30 19:11 - 2013-12-12 18:38 - 01354076 _____ C:\Windows\WindowsUpdate.log
2014-01-30 18:55 - 2010-12-28 02:24 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-30 18:38 - 2014-01-20 23:37 - 00000000 ____D C:\Users\Diz\AppData\Local\Deployment
2014-01-30 18:38 - 2010-12-28 02:24 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-30 18:10 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-30 18:10 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-30 18:07 - 2009-07-14 00:13 - 00779306 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-30 18:03 - 2013-12-12 20:11 - 00006206 _____ C:\Windows\setupact.log
2014-01-30 18:03 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-30 02:00 - 2010-04-19 23:41 - 00000000 ____D C:\Users\Diz\AppData\Local\Adobe
2014-01-30 00:30 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2014-01-29 21:50 - 2014-01-29 21:50 - 00007200 _____ C:\Users\Diz\.recently-used.xbel
2014-01-29 21:50 - 2010-04-26 17:30 - 00000000 ____D C:\Users\Diz\AppData\Roaming\gtk-2.0
2014-01-29 21:50 - 2010-04-21 18:30 - 00000000 ____D C:\Users\Diz\.gimp-2.6
2014-01-29 21:50 - 2010-04-17 15:01 - 00000000 ____D C:\Users\Diz
2014-01-29 20:37 - 2014-01-29 20:37 - 00688992 ____R (Swearware) C:\Users\Diz\Desktop\dds.com
2014-01-29 18:10 - 2011-04-18 21:48 - 19305984 ___SH C:\Users\Diz\Desktop\Thumbs.db
2014-01-29 17:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-28 23:48 - 2012-02-16 20:31 - 00000000 ____D C:\Users\Diz\AppData\Local\CrashDumps
2014-01-28 23:46 - 2014-01-28 23:46 - 00000000 ____D C:\Users\Diz\Desktop\YahooIcons
2014-01-27 21:28 - 2014-01-27 21:28 - 00000000 ____D C:\Users\Diz\Desktop\RK_Quarantine
2014-01-27 21:25 - 2014-01-27 21:09 - 00002512 _____ C:\Users\Diz\Desktop\Rkill.txt
2014-01-27 11:53 - 2010-11-11 20:52 - 00000000 ____D C:\Users\Diz\Desktop\Jailbreak Tools
2014-01-24 12:10 - 2013-12-12 20:11 - 00008130 _____ C:\Windows\PFRO.log
2014-01-24 12:10 - 2012-06-09 14:09 - 00000000 ____D C:\Program Files (x86)\McAfee
2014-01-24 11:01 - 2013-05-27 09:08 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-01-23 23:01 - 2014-01-23 22:53 - 00000000 ____D C:\Users\Diz\Desktop\iPhone 5s
2014-01-23 18:39 - 2010-08-27 02:08 - 00000000 ____D C:\Users\Diz\AppData\Roaming\Audacity
2014-01-22 22:36 - 2014-01-22 22:36 - 00000141 _____ C:\Users\Diz\AppData\Local\dfl31z32.dll
2014-01-22 22:36 - 2014-01-01 22:11 - 00000000 ____D C:\Users\Diz\Desktop\ifunbox2014
2014-01-21 21:09 - 2013-04-28 01:53 - 00000000 ____D C:\Program Files (x86)\KSP_win
2014-01-21 21:08 - 2013-02-10 14:04 - 00000000 ____D C:\Program Files (x86)\iFunbox
2014-01-21 20:41 - 2014-01-21 20:41 - 02895956 _____ C:\Users\Diz\Desktop\Walls.zip
2014-01-21 00:02 - 2014-01-21 00:02 - 00000336 _____ C:\Users\Diz\Desktop\ToneSync for Windows.appref-ms
2014-01-21 00:02 - 2014-01-21 00:02 - 00000000 ____D C:\Users\Diz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zedge Europe AS
2014-01-20 23:37 - 2014-01-20 23:37 - 00000000 ____D C:\Users\Diz\AppData\Local\Apps\2.0
2014-01-17 12:37 - 2014-01-17 12:37 - 00000000 ____S C:\Windows\system32\tjltiqn.awv
2014-01-17 12:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\sysprep
2014-01-15 02:09 - 2012-06-09 14:09 - 00000000 ____D C:\Program Files\Common Files\McAfee
2014-01-13 20:51 - 2014-01-13 20:51 - 00001034 _____ C:\Users\Diz\Desktop\Apple Mobile Device USB Driver - Shortcut.lnk
2014-01-13 20:29 - 2014-01-13 20:29 - 00000000 ____S C:\Windows\system32\zzlsk.ezs
2014-01-08 19:39 - 2010-04-22 01:52 - 00000000 ____D C:\Users\Diz\AppData\Local\Apple Computer
2014-01-07 17:19 - 2014-01-07 17:17 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-07 17:19 - 2014-01-07 17:17 - 00000000 ____D C:\Program Files\iTunes
2014-01-07 17:19 - 2011-10-19 00:11 - 00000000 ____D C:\Program Files (x86)\iTunes
2014-01-07 17:18 - 2014-01-07 17:18 - 00000000 ____D C:\Program Files\iPod
2014-01-02 21:53 - 2014-01-01 22:12 - 00000000 ____D C:\Users\Diz\AppData\Roaming\iFunBox.NXGen
2013-12-31 21:20 - 2013-12-31 21:20 - 00000000 ____D C:\Users\Diz\Desktop\EXTRA
2013-12-31 18:55 - 2013-12-31 01:36 - 19378702 _____ C:\Users\Diz\Desktop\evasi0n7.exe
2013-12-31 18:55 - 2013-12-31 01:36 - 00002910 _____ C:\Users\Diz\Desktop\README.txt
2013-12-31 13:46 - 2010-10-25 23:52 - 00000000 ____D C:\Users\Diz\AppData\Roaming\vlc

Files to move or delete:
====================
C:\Users\Diz\AppData\Local\Temp\cmddctr.exe

Some content of TEMP:
====================
C:\Users\Diz\AppData\Local\Temp\2dsve2wefd.exe
C:\Users\Diz\AppData\Local\Temp\cmddctr.exe
C:\Users\Diz\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Diz\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2011-07-08 00:56] - [2010-11-20 08:27] - 0512512 ____A (Microsoft Corporation) D10CA280F9F038802A0CE31B08CEDB46

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-29 02:01

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2014 01
Ran by Diz at 2014-01-30 19:40:53
Running from C:\Users\Diz\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Audition 3.0 (x32 Version: 3.0 - Adobe Systems Incorporated)
Adobe Audition 3.0 (x32 Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe Audition 3.0 Vista Compatibility (Version:  - )
Adobe Audition CS5.5 (x32 Version: 4.0 - Adobe Systems Incorporated)
Adobe Bridge CS4 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe CSI CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS4 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Fonts All (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (x32 Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (x32 Version: 1.1 - Adobe Systems Incorporated)
Adobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (x32 Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop CS4 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS6 (x32 Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader 9.4.6 (x32 Version: 9.4.6 - Adobe Systems Incorporated)
Adobe Search for Help (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (x32 Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AnswerWorks 5.0 English Runtime (x32 Version: 5.0.7 - Vantage Software Technologies)
Any Video Converter Professional 2.7.0 (x32 Version:  - Any-Video-Converter.com)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.50517 - ATI Technologies Inc.) Hidden
ATI Catalyst Control Center (x32 Version: 2.009.1209.2334 - )
ATI Catalyst Install Manager (Version: 3.0.778.0 - ATI Technologies, Inc.)
Audacity 1.3.12 (Unicode) (x32 Version:  - Audacity Team)
Banctec Service Agreement (x32 Version: 2.0.0 - Dell Inc.)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.1209.2335.42329 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.1209.2335.42329 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.1209.2335.42329 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.1209.2335.42329 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.1209.2335.42329 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0517.1742.29870 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.1209.2335.42329 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0517.1742.29870 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.1209.2335.42329 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0517.1742.29870 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.1209.2335.42329 - ATI) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0517.1742.29870 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help English (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help English (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help French (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help French (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help German (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help German (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.1209.2334.42329 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0517.1741.29870 - ATI) Hidden
ccc-core-static (x32 Version: 2009.1209.2335.42329 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0517.1742.29870 - ATI) Hidden
ccc-utility64 (Version: 2009.1209.2335.42329 - ATI) Hidden
ccc-utility64 (Version: 2010.0517.1742.29870 - ATI) Hidden
CCleaner (Version: 4.08 - Piriform)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dance eJay 6 - Deinstallation (x32 Version:  - )
Dell DataSafe Local Backup - Support Software (x32 Version: 2.34 - Dell)
Dell DataSafe Local Backup (x32 Version: 9.3.74 - Dell)
Dell DataSafe Online (x32 Version: 1.2.0009 - Dell, Inc.)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Dock (x32 Version:  - Stardock Corporation)
Dell Edoc Viewer (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (x32 Version: 1.00.0000 - Dell Inc.)
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
Easy GIF Animator 5.3 (x32 Version: Easy GIF Animator 5.0 - Karlis Blumentals)
EMC 10 Content (x32 Version: 1.0.035 - Roxo, Inc.) Hidden
EMCGadgets64 (Version: 1.0.302 - Sonic) Hidden
eMule (x32 Version:  - )
Epson Connect (x32 Version:  - )
Epson Customer Participation (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (x32 Version: 2.50.0000 - SEIKO EPSON CORPORATION)
EPSON NX230 Series Printer Uninstall (Version:  - SEIKO EPSON Corporation)
EPSON Scan (x32 Version:  - Seiko Epson Corporation)
EpsonNet Print (x32 Version: 2.5.00 - SEIKO EPSON CORPORATION)
ESET Online Scanner v3 (x32 Version:  - )
GIMP 2.6.8 (x32 Version:  - )
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Haali Media Splitter (x32 Version:  - )
HipHop 6 (x32 Version: 6.1.55 - Empire Interactive)
HipHop eJay 5 - Deinstallation (x32 Version:  - )
iCloud (Version: 3.1.0.40 - Apple Inc.)
Intel® Control Center (x32 Version: 1.2.0.1006 - Intel Corporation)
Intel® Rapid Storage Technology (x32 Version: 9.5.0.1037 - Intel Corporation)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 13 (x32 Version: 7.0.130 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
LAME v3.98.3 for Audacity (x32 Version:  - )
Logitech Gaming Software 5.10 (Version: 5.10.127 - Logitech)
Logitech QuickCam Software (x32 Version: 8.47.0000 - Logitech, Inc.)
Magic ISO Maker v5.5 (build 0281) (x32 Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee SecurityCenter (x32 Version: 12.8.903 - McAfee, Inc.)
Media Go (x32 Version: 1.6.508 - Sony)
Media Go Video Playback Engine 1.48.101.10090 (x32 Version: 1.48.101.10090 - Sony)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 3.0.133.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (x32 Version:  - )
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (x32 Version: 9.7.0621 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mobile Mouse Server (x32 Version: 2.0.3.1 - RPA Tech, Inc)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (x32 Version: 1.4.915.1 - Fitipower)
Multimedia Card Reader (x32 Version: 1.4.915.1 - Fitipower) Hidden
My Dell (Version: 3.4.6422.14 - PC-Doctor, Inc.)
NVIDIA PhysX (x32 Version: 9.10.0513 - NVIDIA Corporation)
OpenAL (x32 Version:  - )
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
PlayStation®Network Downloader (x32 Version: 2.04.00651 - Sony Computer Entertainment Inc.)
PlayStation®Store (x32 Version: 4.0.14.10643 - Sony Computer Entertainment Inc.)
PowerDVD DX (x32 Version: 8.3.6029 - CyberLink Corp.)
Quicken 2010 (x32 Version: 19.1.1.27 - Intuit)
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Razer Reclusa Config (x32 Version: 5.01 - Razer USA Ltd.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5953 - Realtek Semiconductor Corp.)
Remote Mouse version 2.00 (x32 Version: 2.00 - HungryBolo Limited)
Rosetta Stone Version 3 (x32 Version: 3.3.5.2 - Rosetta Stone Ltd.)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.0 - Roxio) Hidden
Roxio Central Audio (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Copy (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Core (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Data (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Tools (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Easy CD and DVD Burning (x32 Version: 10.3 - Roxio)
Roxio Easy CD and DVD Burning (x32 Version: 10.3.106 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.1 - Roxio) Hidden
Roxio File Backup (Version: 1.3.0 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
S.T.A.L.K.E.R. - Shadow of Chernobyl (x32 Version: 1.0000 - THQ)
Safari (x32 Version: 5.34.57.2 - Apple Inc.)
Shared C Run-time for x64 (Version: 10.0.0 - McAfee)
Skins (x32 Version: 2009.1209.2335.42329 - ATI) Hidden
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SoundTap Streaming Audio Recorder (x32 Version:  - NCH Software)
Splashtop Streamer (x32 Version: 2.2.5.1 - Splashtop Inc.)
Splashtop Streamer (x32 Version: 2.2.5.1 - Splashtop Inc.) Hidden
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
SUPERAntiSpyware (Version: 5.7.1008 - SUPERAntiSpyware.com)
THX TruStudio PC (x32 Version: 1.0 - Creative Technology Limited)
ToneSync for Windows (HKCU Version: 1.2.3.309 - Zedge Europe AS)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
VirtualCloneDrive (x32 Version:  - Elaborate Bytes)
VLC media player 1.1.4 (x32 Version: 1.1.4 - VideoLAN)
VoiceOver Kit (x32 Version: 1.42.128.0 - Apple Inc.)
WD SmartWare (Version: 1.1.0.7 - Western Digital)
Widevine Media Transformer Plugin 4.5.0 (x32 Version: 4.5.0.3913 - Widevine Technologies)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Mobile Device Center (Version: 6.1.6965.0 - Microsoft Corporation)
Windows SideShow Managed Runtime 1.0 (x32 Version: 1.0.1.0 - Microsoft Corporation)
WinRAR archiver (Version:  - )
XBMC (HKCU Version:  - Team XBMC)

==================== Restore Points  =========================

11-01-2014 01:31:33 Scheduled Checkpoint
18-01-2014 05:00:00 Scheduled Checkpoint
25-01-2014 23:59:55 Scheduled Checkpoint

==================== Hosts content: ==========================

2013-02-04 23:55 - 2013-12-12 22:14 - 00000741 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {09161CD2-C217-4E98-A0D6-C7479591CACE} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-12-06] (PC-Doctor, Inc.)
Task: {1F9977D3-0A29-4E36-93EC-57CA61796E2D} - System32\Tasks\XboxStatTask => C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe [2009-09-30] (Microsoft Corporation)
Task: {57F96D29-2946-48D3-B796-2B3DF86F2D33} - System32\Tasks\AdobeAAMUpdater-1.0-WINDOWS7-Diz => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {79F0471E-A7D8-4A5A-A670-D4A69A05D5E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-28] (Google Inc.)
Task: {850D6F3A-ED6C-429A-921F-E715676D9830} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {97C1B2F0-9A17-4980-B683-01E5D6D11E38} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {A54AFCBD-72CC-49CB-A310-99E5E18844EF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-28] (Google Inc.)
Task: {A5B3D956-1D7E-4938-9292-75CFC1164FFC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AD051207-D2E2-43C0-960B-596D614E7A0E} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-WINDOWS7 => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {BC647CF6-6C4B-4263-BD73-D319C8AC703C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-09-05] (PC-Doctor, Inc.)
Task: {F4045709-EA1A-42F4-912F-29A86A05053A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2008-11-18 12:00 - 2008-11-18 12:00 - 00016384 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-04-12 13:44 - 2010-04-12 13:44 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-04-12 13:47 - 2009-12-02 16:47 - 00115952 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2010-04-12 13:47 - 2009-12-02 16:47 - 00128240 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2010-04-12 13:42 - 2009-10-02 13:18 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2011-04-26 13:12 - 2011-04-26 13:12 - 00006144 _____ () C:\Users\Diz\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.3[1].gadget\CoreTempReader.dll
2011-04-26 13:12 - 2011-04-26 13:12 - 00008704 _____ () C:\Users\Diz\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.3[1].gadget\GetCoreTempInfoNET.dll
2011-04-26 13:12 - 2011-04-26 13:12 - 00007680 _____ () C:\Users\Diz\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.3[1].gadget\SystemInfo.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00017648 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00275696 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00058608 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00095472 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2009-11-13 16:15 - 2009-11-13 16:15 - 00152816 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:661DFA1C

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\81414301.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\82740257.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\81414301.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\82740257.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR410 => ""="Service"

==================== Faulty Device Manager Devices =============

Name: Xbox 360
Description: Xbox 360
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: McAfee Inc. mfeapfk
Description: McAfee Inc. mfeapfk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mfeapfk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/30/2014 06:00:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: MSHTML.dll, version: 10.0.9200.16736, time stamp: 0x5258d441
Exception code: 0xc0000005
Fault offset: 0x0000000000658d2b
Faulting process id: 0x33c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/30/2014 01:26:52 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/30/2014 09:22:03 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: MSHTML.dll, version: 10.0.9200.16736, time stamp: 0x5258d441
Exception code: 0xc0000005
Fault offset: 0x0000000000658d2b
Faulting process id: 0x348
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/29/2014 09:24:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ieframe.dll, version: 10.0.9200.16736, time stamp: 0x5258cf1a
Exception code: 0xc0000005
Fault offset: 0x0000000000184f6e
Faulting process id: 0x350
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/29/2014 05:27:47 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ieframe.dll, version: 10.0.9200.16736, time stamp: 0x5258cf1a
Exception code: 0xc0000005
Fault offset: 0x0000000000184f6e
Faulting process id: 0x34c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/29/2014 05:10:24 PM) (Source: Bonjour Service) (User: )
Description: 476: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (01/29/2014 05:10:24 PM) (Source: Bonjour Service) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (01/29/2014 11:21:45 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000040
Faulting process id: 0x34c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/29/2014 11:11:19 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000040006
Faulting process id: 0x348
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (01/29/2014 08:28:01 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000040006
Faulting process id: 0x348
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

System errors:
=============
Error: (01/30/2014 06:38:08 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (01/30/2014 06:03:12 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RxFilter

Error: (01/30/2014 06:03:05 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: 490@01010004

Error: (01/30/2014 06:03:02 PM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (01/30/2014 06:03:02 PM) (Source: Service Control Manager) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2

Error: (01/30/2014 06:03:02 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Inc. mfeapfk service failed to start due to the following error:
%%1243

Error: (01/30/2014 06:00:52 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error:
%%1190

Error: (01/30/2014 06:00:52 PM) (Source: Service Control Manager) (User: )
Description: The Plug and Play service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

Error: (01/30/2014 06:00:52 PM) (Source: Service Control Manager) (User: )
Description: The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

Error: (01/30/2014 09:26:21 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Microsoft Office Sessions:
=========================
Error: (01/30/2014 06:00:30 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1MSHTML.dll10.0.9200.167365258d441c00000050000000000658d2b33c01cf1dc73ba444f4C:\Windows\system32\svchost.exeC:\Windows\system32\MSHTML.dll5036cdb0-8a02-11e3-9e80-001018000000

Error: (01/30/2014 01:26:52 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (01/30/2014 09:22:03 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1MSHTML.dll10.0.9200.167365258d441c00000050000000000658d2b34801cf1d62a72e4fe7C:\Windows\system32\svchost.exeC:\Windows\system32\MSHTML.dlle3099468-89b9-11e3-bcd7-001018000000

Error: (01/29/2014 09:24:03 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1ieframe.dll10.0.9200.167365258cf1ac00000050000000000184f6e35001cf1d5f70f30c94C:\Windows\system32\svchost.exeC:\Windows\System32\ieframe.dll9593dc77-8955-11e3-bcf8-001018000000

Error: (01/29/2014 05:27:47 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1ieframe.dll10.0.9200.167365258cf1ac00000050000000000184f6e34c01cf1d3edfbc3267C:\Windows\system32\svchost.exeC:\Windows\System32\ieframe.dll9412b528-8934-11e3-b570-001018000000

Error: (01/29/2014 05:10:24 PM) (Source: Bonjour Service)(User: )
Description: 476: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (01/29/2014 05:10:24 PM) (Source: Bonjour Service)(User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (01/29/2014 11:21:45 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1unknown0.0.0.000000000c0000005000000000000004034c01cf1d0d0ad4fc2fC:\Windows\system32\svchost.exeunknown717fe798-8901-11e3-be7e-001018000000

Error: (01/29/2014 11:11:19 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1unknown0.0.0.000000000c0000005000000000004000634801cf1cf63a9c5dcaC:\Windows\system32\svchost.exeunknownfc2e6089-88ff-11e3-addc-001018000000

Error: (01/29/2014 08:28:01 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1unknown0.0.0.000000000c0000005000000000004000634801cf1cf1132fa962C:\Windows\system32\svchost.exeunknown2c83c3f7-88e9-11e3-b854-001018000000

CodeIntegrity Errors:
===================================
  Date: 2013-12-11 23:33:18.892
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\bleepYOU\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-11 23:33:18.736
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\bleepYOU\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-06 10:37:24.143
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-06 10:30:17.249
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-06 10:23:40.933
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-06 11:11:33.510
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-06 10:43:53.255
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-06 10:34:49.893
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-05 21:45:44.902
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-05 20:23:14.869
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 49%
Total physical RAM: 6071.08 MB
Available physical RAM: 3089.74 MB
Total Pagefile: 12140.34 MB
Available Pagefile: 8302.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:242.42 GB) NTFS
Drive e: () (Fixed) (Total:232.88 GB) (Free:48.27 GB) NTFS
Drive j: (WD SmartWare) (CDROM) (Total:0.56 GB) (Free:0 GB) UDF
Drive k: (My Book) (Fixed) (Total:930.86 GB) (Free:584.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: A1C33F88)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 233 GB) (Disk ID: 07B807B8)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 931 GB) (Disk ID: C88FAB22)
Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 AM

Posted 30 January 2014 - 10:44 PM




Hello DutchMaster22

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
  • •Internet access
    •Windows Update
    •Windows Firewall
9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 DutchMaster22

DutchMaster22
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 31 January 2014 - 05:19 PM

I ran the rootkit scan and 2 issues were detected. I hit cleanup and the system restarted. I then ran the rootkit scan again and no issues were detected. My internet access and firewall are good. The radio noise is gone. I haven't been able to verify windows update or system stability as far as lock ups or restarts. I will be away from my computer for a day or two but I will verify those two things when I get back. Once I do I will post here. Im afraid the noise will come back because that's what it did before. Either way, ill let you know in a day or two.



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 AM

Posted 01 February 2014 - 06:03 AM



Hello DutchMaster22

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 DutchMaster22

DutchMaster22
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 02 February 2014 - 08:34 PM

Alrighty, I ran the 2 scans. The radio stations aren't playing anymore. I haven't been able to verify if my system still locks up but it seems stable. I do have some updates for windows, should I run windows update? Here are the logs

 

# AdwCleaner v3.018 - Report created 02/02/2014 at 20:21:34
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Diz - WINDOWS7
# Running from : C:\Users\Diz\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736

*************************

AdwCleaner[R0].txt - [1560 octets] - [06/12/2013 10:30:11]
AdwCleaner[R1].txt - [752 octets] - [11/12/2013 22:31:30]
AdwCleaner[R2].txt - [870 octets] - [14/12/2013 14:11:37]
AdwCleaner[R3].txt - [988 octets] - [02/02/2014 20:20:52]
AdwCleaner[S0].txt - [1522 octets] - [06/12/2013 10:31:09]
AdwCleaner[S1].txt - [812 octets] - [11/12/2013 22:32:52]
AdwCleaner[S2].txt - [930 octets] - [14/12/2013 14:12:30]
AdwCleaner[S3].txt - [910 octets] - [02/02/2014 20:21:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [969 octets] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by Diz on Sun 02/02/2014 at 20:26:25.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/02/2014 at 20:32:13.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 AM

Posted 02 February 2014 - 08:39 PM


Hello DutchMaster22

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 DutchMaster22

DutchMaster22
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 02 February 2014 - 11:09 PM

I tried downloading combofix from each of the three links. It kept saying "Combofix couldn't download" I hit retry and it said "Combofix may have been moved or deleted" I restarted my pc and tried again and I was able to download and run it. My computer seems to be stable, still no radio noise. Here is the log

 

ComboFix 14-02-01.01 - Diz 02/02/2014  22:33:09.5.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6071.3672 [GMT -5:00]
Running from: c:\users\Diz\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6422\AddOnDownloaded\1ad2478a-f061-4c93-bd0d-d1433323fd23.dll
c:\programdata\PCDr\6422\AddOnDownloaded\1b8965d5-1ace-460f-9f9d-51d4c6c7c534.dll
c:\programdata\PCDr\6422\AddOnDownloaded\236515c7-c29a-41e6-873d-b9e2673e11c3.dll
c:\programdata\PCDr\6422\AddOnDownloaded\25859408-d118-4a4d-a622-6f6b98c8b7a4.dll
c:\programdata\PCDr\6422\AddOnDownloaded\2b605d7d-d0d9-4054-adbf-4b49c7319932.dll
c:\programdata\PCDr\6422\AddOnDownloaded\2ff77179-a156-48e2-9210-92584330fa1e.dll
c:\programdata\PCDr\6422\AddOnDownloaded\46396106-fa11-4329-87bf-ed5a85069e89.dll
c:\programdata\PCDr\6422\AddOnDownloaded\4f436db1-def5-4137-a084-15125ef65010.dll
c:\programdata\PCDr\6422\AddOnDownloaded\538ed073-443d-4773-bf99-d9acbd2ae75f.dll
c:\programdata\PCDr\6422\AddOnDownloaded\58073f58-c256-45c9-a26d-2c9c44ad6b03.dll
c:\programdata\PCDr\6422\AddOnDownloaded\712ff270-978b-4b35-9eb6-621f6ff35d6e.dll
c:\programdata\PCDr\6422\AddOnDownloaded\7bc69e73-3dda-484f-af68-bb19598a4b32.dll
c:\programdata\PCDr\6422\AddOnDownloaded\a4f460a6-e6cd-457f-931d-cb0fc7d56d03.dll
c:\programdata\PCDr\6422\AddOnDownloaded\a5fe6876-4636-4d79-8440-3ce56e4f4416.dll
c:\programdata\PCDr\6422\AddOnDownloaded\ca984d5b-37f4-4f56-8ca3-2a0d6cdba833.dll
c:\programdata\PCDr\6422\AddOnDownloaded\cce4ac4d-7353-4099-b347-95166f07f05e.dll
c:\programdata\PCDr\6422\AddOnDownloaded\ceb70e67-87f1-40c5-86a3-c576ea0c4e8f.dll
c:\programdata\PCDr\6422\AddOnDownloaded\ffa288d5-37d2-4036-812e-1b7722ec86ed.dll
c:\users\Diz\AppData\Local\dfl31z32.dll
c:\users\Diz\AppData\Roaming\Microsoft\Crypto\RSA\certv11.tpl
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-03 to 2014-02-03  )))))))))))))))))))))))))))))))
.
.
2014-02-03 03:47 . 2014-02-03 03:47 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-02-03 03:47 . 2014-02-03 03:47 -------- d-----w- c:\users\Mcx1-WINDOWS7\AppData\Local\temp
2014-02-03 03:47 . 2014-02-03 03:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-31 18:19 . 2014-01-31 18:50 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-01-31 18:19 . 2014-01-31 18:50 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-31 00:39 . 2014-01-31 00:41 -------- d-----w- C:\FRST
2014-01-22 07:15 . 2013-09-23 18:49 197704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2014-01-21 04:37 . 2014-01-21 04:37 -------- d-----w- c:\users\Diz\AppData\Local\Apps
2014-01-21 04:37 . 2014-02-03 02:06 -------- d-----w- c:\users\Diz\AppData\Local\Deployment
2014-01-07 22:18 . 2014-01-07 22:18 -------- d-----w- c:\program files\iPod
2014-01-07 22:17 . 2014-01-07 22:19 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-07 22:17 . 2014-01-07 22:19 -------- d-----w- c:\program files\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-14 16:47 . 2010-05-19 14:02 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-12-14 16:45 . 2010-05-19 14:02 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-12-10 22:27 . 2012-04-07 05:20 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-10 22:27 . 2011-06-14 15:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-08 03:29 . 2010-05-02 14:50 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-12-08 03:28 . 2010-06-03 14:24 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-12-08 03:28 . 2010-05-02 14:50 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-12-07 02:19 . 2011-04-08 02:12 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-11-27 03:07 . 2013-11-27 03:07 10856 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2013-11-27 03:07 . 2013-11-27 03:07 96112 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2013-11-27 03:07 . 2013-11-27 03:07 411944 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
2013-11-15 08:01 . 2010-04-18 22:10 82896128 ----a-w- c:\windows\system32\MRT.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZedgeToneSync"="c:\users\Diz\AppData\Local\Apps\2.0\Data\1OON4AJV.9AV\E91H47T5.O3H\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\Data\ZedgeToneSync.appref-ms -startup" [X]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Remote Mouse"="c:\program files (x86)\Remote Mouse\RemoteMouse.exe" [2012-12-24 73216]
"JumiController"="" [BU]
"iFunBoxConnector"="c:\program files (x86)\iFunbox\ifb_conn.exe" [2013-02-10 812544]
"LogitechSoftwareUpdate"="c:\program files (x86)\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"AdobeBridge"="" [BU]
"EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIHLA.EXE" [2013-10-07 283232]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-12-05 6503704]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-10 98304]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Reclusa"="c:\program files (x86)\Razer\Reclusa\razerhid.exe" [2007-06-19 167936]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"LogitechVideoRepair"="c:\program files (x86)\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files (x86)\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Air Mouse.lnk - c:\program files (x86)\Air Mouse\Air Mouse\Air Mouse.exe [2010-10-6 1032368]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-9-4 2104320]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe View=show_in_tray [2009-9-4 8970240]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 AirDisplay;Air Display Support;c:\windows\system32\DRIVERS\AVVideoCard.sys;c:\windows\SYSNATIVE\DRIVERS\AVVideoCard.sys [x]
R3 AirDisplayMirror;Air Display Mirror Support;c:\windows\system32\DRIVERS\AVVideoCardMirror.sys;c:\windows\SYSNATIVE\DRIVERS\AVVideoCardMirror.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 jumi;%Jumi%;c:\windows\system32\DRIVERS\jumi.sys;c:\windows\SYSNATIVE\DRIVERS\jumi.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\my dell\pcdsrvc_x64.pkms;c:\program files\my dell\pcdsrvc_x64.pkms [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys;c:\windows\SYSNATIVE\DRIVERS\stdriver64.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 WDDMService.exe;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 RecFltr;Reclusa Keyboard;c:\windows\system32\drivers\RecFltr.sys;c:\windows\SYSNATIVE\drivers\RecFltr.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 22:27]
.
2014-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-28 07:24]
.
2014-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-28 07:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-07 8158240]
"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://sharethefiles.com/forum/viewforum.php?f=67&sid=60231c6a237cd07feacda20036e1115d
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
DPF: {F8EB59EC-35A8-4B59-8F67-B3E19147FED6} - hxxp://videoassets.starz.com/wv/installer/WidevineMediaTransformer.exe
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\services\PCDSRVC{D3412D80-CF3B4A27-06020200}_0]
"ImagePath"="\??\c:\program files\my dell\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
   0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
   6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
   b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:54,a8,39,20,9e,f7,ce,01
.
[HKEY_USERS\S-1-5-21-2261866951-751147871-2240554429-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2261866951-751147871-2240554429-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-02  23:04:49
ComboFix-quarantined-files.txt  2014-02-03 04:04
ComboFix2.txt  2013-12-12 20:50
ComboFix3.txt  2013-12-12 04:38
ComboFix4.txt  2013-12-06 01:28
ComboFix5.txt  2014-02-03 03:30
.
Pre-Run: 264,570,023,936 bytes free
Post-Run: 264,721,301,504 bytes free
.
- - End Of File - - 0AEE539084871E821E34D23BCA6B0EEF
 



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 AM

Posted 03 February 2014 - 12:33 AM


Hello DutchMaster22

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 DutchMaster22

DutchMaster22
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 03 February 2014 - 01:39 PM

I created the CFScript.txt and dragged it onto combofix. I got a popup from Mcafee saying that it detected combofix as a Artemis!F0800BFE4070 Trojan and that I needed to restart. I restarted my pc and was unable to run combofix to create a new log. Ive been getting a popup at startup from jucheck.exe for awhile now, maybe a month or so, asking to update java. I also have an icon telling me an update is available for acrobat reader, Ive been hesitant to update these because I got a nasty virus/malware infection from clicking on a false update for java/adobe in the past. Are these legit updates and should I update them? I also have about 17 updates pending for windows through windows update. should I update? My pc locked up again while writing this, I got a message saying my display driver stopped responding but has recovered again.



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 AM

Posted 03 February 2014 - 01:56 PM

Hello

We will update Java and adobe later but you may need to turn off McAfee to run our tools - they do not like the competition.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 DutchMaster22

DutchMaster22
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 03 February 2014 - 04:11 PM

I disabled mcafee's real time scanning, re downloaded combofix and dragged cfscript.txt onto it. Here is the log.

 

ComboFix 14-02-03.01 - Diz 02/03/2014  15:30:26.6.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6071.3529 [GMT -5:00]
Running from: c:\users\Diz\Desktop\ComboFix.exe
Command switches used :: c:\users\Diz\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6422\AddOnDownloaded\1ad2478a-f061-4c93-bd0d-d1433323fd23.dll
c:\programdata\PCDr\6422\AddOnDownloaded\1b8965d5-1ace-460f-9f9d-51d4c6c7c534.dll
c:\programdata\PCDr\6422\AddOnDownloaded\236515c7-c29a-41e6-873d-b9e2673e11c3.dll
c:\programdata\PCDr\6422\AddOnDownloaded\25859408-d118-4a4d-a622-6f6b98c8b7a4.dll
c:\programdata\PCDr\6422\AddOnDownloaded\2b605d7d-d0d9-4054-adbf-4b49c7319932.dll
c:\programdata\PCDr\6422\AddOnDownloaded\2ff77179-a156-48e2-9210-92584330fa1e.dll
c:\programdata\PCDr\6422\AddOnDownloaded\46396106-fa11-4329-87bf-ed5a85069e89.dll
c:\programdata\PCDr\6422\AddOnDownloaded\4f436db1-def5-4137-a084-15125ef65010.dll
c:\programdata\PCDr\6422\AddOnDownloaded\538ed073-443d-4773-bf99-d9acbd2ae75f.dll
c:\programdata\PCDr\6422\AddOnDownloaded\58073f58-c256-45c9-a26d-2c9c44ad6b03.dll
c:\programdata\PCDr\6422\AddOnDownloaded\712ff270-978b-4b35-9eb6-621f6ff35d6e.dll
c:\programdata\PCDr\6422\AddOnDownloaded\7bc69e73-3dda-484f-af68-bb19598a4b32.dll
c:\programdata\PCDr\6422\AddOnDownloaded\a4f460a6-e6cd-457f-931d-cb0fc7d56d03.dll
c:\programdata\PCDr\6422\AddOnDownloaded\a5fe6876-4636-4d79-8440-3ce56e4f4416.dll
c:\programdata\PCDr\6422\AddOnDownloaded\ca984d5b-37f4-4f56-8ca3-2a0d6cdba833.dll
c:\programdata\PCDr\6422\AddOnDownloaded\cce4ac4d-7353-4099-b347-95166f07f05e.dll
c:\programdata\PCDr\6422\AddOnDownloaded\ceb70e67-87f1-40c5-86a3-c576ea0c4e8f.dll
c:\programdata\PCDr\6422\AddOnDownloaded\ffa288d5-37d2-4036-812e-1b7722ec86ed.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-03 to 2014-02-03  )))))))))))))))))))))))))))))))
.
.
2014-02-03 20:50 . 2014-02-03 20:50 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-02-03 20:50 . 2014-02-03 20:50 -------- d-----w- c:\users\Mcx1-WINDOWS7\AppData\Local\temp
2014-02-03 20:50 . 2014-02-03 20:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-31 18:19 . 2014-01-31 18:50 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-01-31 18:19 . 2014-01-31 18:50 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-31 00:39 . 2014-01-31 00:41 -------- d-----w- C:\FRST
2014-01-22 07:15 . 2013-09-23 18:49 197704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2014-01-21 04:37 . 2014-01-21 04:37 -------- d-----w- c:\users\Diz\AppData\Local\Apps
2014-01-21 04:37 . 2014-02-03 18:56 -------- d-----w- c:\users\Diz\AppData\Local\Deployment
2014-01-07 22:18 . 2014-01-07 22:18 -------- d-----w- c:\program files\iPod
2014-01-07 22:17 . 2014-01-07 22:19 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-07 22:17 . 2014-01-07 22:19 -------- d-----w- c:\program files\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-14 16:47 . 2010-05-19 14:02 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-12-14 16:45 . 2010-05-19 14:02 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-12-10 22:27 . 2012-04-07 05:20 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-10 22:27 . 2011-06-14 15:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-08 03:29 . 2010-05-02 14:50 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-12-08 03:28 . 2010-06-03 14:24 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-12-08 03:28 . 2010-05-02 14:50 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-12-07 02:19 . 2011-04-08 02:12 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-11-27 03:07 . 2013-11-27 03:07 10856 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2013-11-27 03:07 . 2013-11-27 03:07 96112 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2013-11-27 03:07 . 2013-11-27 03:07 411944 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
2013-11-15 08:01 . 2010-04-18 22:10 82896128 ----a-w- c:\windows\system32\MRT.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZedgeToneSync"="c:\users\Diz\AppData\Local\Apps\2.0\Data\1OON4AJV.9AV\E91H47T5.O3H\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\Data\ZedgeToneSync.appref-ms -startup" [X]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"JumiController"="" [BU]
"iFunBoxConnector"="c:\program files (x86)\iFunbox\ifb_conn.exe" [2013-02-10 812544]
"LogitechSoftwareUpdate"="c:\program files (x86)\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"AdobeBridge"="" [BU]
"EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIHLA.EXE" [2013-10-07 283232]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-12-05 6503704]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-10 98304]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Reclusa"="c:\program files (x86)\Razer\Reclusa\razerhid.exe" [2007-06-19 167936]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"LogitechVideoRepair"="c:\program files (x86)\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files (x86)\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Air Mouse.lnk - c:\program files (x86)\Air Mouse\Air Mouse\Air Mouse.exe [2010-10-6 1032368]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-9-4 2104320]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe View=show_in_tray [2009-9-4 8970240]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 AirDisplay;Air Display Support;c:\windows\system32\DRIVERS\AVVideoCard.sys;c:\windows\SYSNATIVE\DRIVERS\AVVideoCard.sys [x]
R3 AirDisplayMirror;Air Display Mirror Support;c:\windows\system32\DRIVERS\AVVideoCardMirror.sys;c:\windows\SYSNATIVE\DRIVERS\AVVideoCardMirror.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 jumi;%Jumi%;c:\windows\system32\DRIVERS\jumi.sys;c:\windows\SYSNATIVE\DRIVERS\jumi.sys [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\my dell\pcdsrvc_x64.pkms;c:\program files\my dell\pcdsrvc_x64.pkms [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys;c:\windows\SYSNATIVE\DRIVERS\stdriver64.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 WDDMService.exe;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 RecFltr;Reclusa Keyboard;c:\windows\system32\drivers\RecFltr.sys;c:\windows\SYSNATIVE\drivers\RecFltr.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 22:27]
.
2014-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-28 07:24]
.
2014-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-28 07:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-07 8158240]
"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://sharethefiles.com/forum/viewforum.php?f=67&sid=60231c6a237cd07feacda20036e1115d
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
DPF: {F8EB59EC-35A8-4B59-8F67-B3E19147FED6} - hxxp://videoassets.starz.com/wv/installer/WidevineMediaTransformer.exe
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Remote Mouse - c:\program files (x86)\Remote Mouse\RemoteMouse.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\services\PCDSRVC{D3412D80-CF3B4A27-06020200}_0]
"ImagePath"="\??\c:\program files\my dell\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
   0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
   6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
   b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:54,a8,39,20,9e,f7,ce,01
.
[HKEY_USERS\S-1-5-21-2261866951-751147871-2240554429-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2261866951-751147871-2240554429-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-03  16:08:04
ComboFix-quarantined-files.txt  2014-02-03 21:07
ComboFix2.txt  2014-02-03 04:05
ComboFix3.txt  2013-12-12 20:50
ComboFix4.txt  2013-12-12 04:38
ComboFix5.txt  2014-02-03 20:29
.
Pre-Run: 263,596,867,584 bytes free
Post-Run: 263,271,284,736 bytes free
.
- - End Of File - - 13356ED598DCBEFBC4FFACCE80DA2789
 



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 AM

Posted 03 February 2014 - 04:25 PM


Hello DutchMaster22

I would like to see a report that combofix makes.

extra combofix report
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 DutchMaster22

DutchMaster22
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 04 February 2014 - 11:55 AM

Adobe AIR
Adobe Anchor Service CS4
Adobe Audition 3.0
Adobe Audition CS5.5
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Community Help
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Photoshop CS6
Adobe Reader 9.4.6
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AnswerWorks 5.0 English Runtime
Any Video Converter Professional 2.7.0
Apple Application Support
Apple Software Update
ATI Catalyst Control Center
Audacity 1.3.12 (Unicode)
Banctec Service Agreement
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
Connect
D3DX10
Dance eJay 6 - Deinstallation
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
DirectXInstallService
Easy GIF Animator 5.3
EMC 10 Content
eMule
Epson Connect
Epson Event Manager
EPSON Scan
EpsonNet Print
ESET Online Scanner v3
GIMP 2.6.8
Google Earth
Google Update Helper
Haali Media Splitter
HipHop 6
HipHop eJay 5 - Deinstallation
Intel® Control Center
Intel® Rapid Storage Technology
Java 7 Update 13
Java Auto Updater
Junk Mail filter update
kuler
LAME v3.98.3 for Audacity
Logitech QuickCam Software
Magic ISO Maker v5.5 (build 0281)
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee SecurityCenter
Media Go
Media Go Video Playback Engine 1.48.101.10090
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_CRT_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mobile Mouse Server
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
NVIDIA PhysX
OpenAL
PDF Settings CS4
PDF Settings CS6
Photoshop Camera Raw
PlayStation®Network Downloader
PlayStation®Store
PowerDVD DX
Quicken 2010
QuickTime
Razer Reclusa Config
Realtek High Definition Audio Driver
Rosetta Stone Version 3
Roxio Activation Module
Roxio BackOnTrack
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy CD and DVD Burning
Roxio Express Labeler 3
Roxio Update Manager
S.T.A.L.K.E.R. - Shadow of Chernobyl
Safari
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Skins
Sonic CinePlayer Decoder Pack
SoundTap Streaming Audio Recorder
Splashtop Streamer
Steam
Suite Shared Configuration CS4
THX TruStudio PC
ToneSync for Windows
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
VirtualCloneDrive
VLC media player 1.1.4
VoiceOver Kit
Widevine Media Transformer Plugin 4.5.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows SideShow Managed Runtime 1.0
XBMC
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users