CPup888
-
Posts
39 -
Joined
-
Last visited
-
I guess you are not going to respond, but that is ok. Thanks so much for everything you did, I greatly appreciate all of your help!
-
You stated the following: "Unless you have any open issues, you are good to go." I thought you meant if I still had "issues" after running the OTL scan, but I couldn't tell after running it if I did or not, as I do not know how to read the log files. If you didn't mean that, but instead just meant any other "issues" with my computer that I may need help with, there are none as far as I am aware. I'm assuming then that this means that you have successfully assisted me in removing all issues that you are aware of through looking at my log files. Please confirm. Thanks.
-
How would I know if I had "any open issues" after running OTL (which I just did and it rebooted and gave me a log)??? Would you consider Google Chrome a more secure browser than IE? Regardless, would you still recommend Firefox over Chrome?
-
So don't download and run DDS?
-
Extras.Txt - OTL Extras logfile created on: 6/8/2013 2:00:36 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.92 Gb Total Physical Memory | 4.51 Gb Available Physical Memory | 76.16% Memory free 11.83 Gb Paging File | 9.63 Gb Available in Paging File | 81.36% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 581.42 Gb Total Space | 474.15 Gb Free Space | 81.55% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: Chris | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01F95499-6304-45C0-9DAA-2DAC32BC23E7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4AA61A50-2233-4C93-A866-87FB5CCA107B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{304CFD7D-44F0-40A9-A9E0-D3C6F1F4F990}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{80BAE7DF-AA64-44CD-BE44-C898DDF2B670}" = protocol=17 | dir=in | app=c:\users\erica\appdata\roaming\dropbox\bin\dropbox.exe | "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{91C57526-747D-447B-B22A-0A02EBE278A1}" = protocol=6 | dir=in | app=c:\users\erica\appdata\roaming\dropbox\bin\dropbox.exe | "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{F6C8D5A3-E078-4B90-88C6-25C8A6C2D9D7}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe | "UDP Query User{BEEE21BE-60DA-41BE-B0EA-96212BE18586}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB) "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display "{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel® PROSet/Wireless WiFi Software "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS) "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL) "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR) "{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10 "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS) "{5A80B0BA-79AF-4B11-B851-CCB9F7977AC0}" = Intel® PROSet/Wireless Software for Bluetooth® Technology "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG) "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR) "{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD) "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE) "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL) "{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}_is1" = Updater By SweetPacks 2.0.0.586 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64 "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02 "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK) "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN) "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND) "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT) "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY) "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0 "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU) "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA) "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA) "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN) "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN) "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "PC-Doctor for Windows" = My Dell "ProInst" = Intel PROSet Wireless "Zune" = Zune [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi "{30E411BE-C174-405F-9361-27F4CEDE0C19}" = PCmover Professional "{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{420DFB63-8AE7-F7D6-E4B4-AB6D140221F4}" = FlipShare "{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com "{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7CD0118B-FE1C-6513-7FCC-2D4BC220DD1F}" = Shutterfly Express Uploader "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online "{7F1B3341-A94E-4F5C-B587-CA0EB964221E}" = Microsoft Money Shared Libraries "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime "{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C675C60B-0CB7-4108-B8CA-C3EC0706DEF0}" = Serif PagePlus Starter Edition "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}" = Dell Marketplace Webslice IE8 "{D031E017-2434-40A7-A352-4DDD0199170D}" = TouchFreeze "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage "{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}" = Internet Explorer Toolbar 4.8 by SweetPacks "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer "{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter "{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help "{F336F89D-8C5A-432C-8EA9-DA19377AD591}" = Dell MusicStage "{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel® Wireless Display "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE182796-F6BA-486A-8590-89B7E8D1D60F}" = Dell Stage "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "1ClickDownload" = FTDownloader "ActiveTouchMeetingClient" = Cisco WebEx Meetings "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9 "Advanced Audio FX Engine" = Advanced Audio FX Engine "Canon MP280 series User Registration" = Canon MP280 series User Registration "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program "CanonMyPrinter" = Canon My Printer "CanonSolutionMenuEX" = Canon Solution Menu EX "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "Clue Classic" = Clue Classic (remove only) "com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader "Dell Webcam Central" = Dell Webcam Central "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX "Easy-WebPrint EX" = Canon Easy-WebPrint EX "ESET Online Scanner" = ESET Online Scanner v3 "Game of LIFE" = Game of LIFE (remove only) "Google Chrome" = Google Chrome "InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "McAfee Security Scan" = McAfee Security Scan Plus "Money2008b" = Microsoft Money Plus "Monopoly" = Monopoly (remove only) "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0 "MSC" = McAfee AntiVirus Plus "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "Operation Mania" = Operation Mania (remove only) "PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser "Pictureka! Museum Mayhem" = Pictureka! Museum Mayhem (remove only) "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.01 (32-bit) "WNLT" = SweetPacks Updater Service "Yahtzee" = Yahtzee (remove only) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Spotify" = Spotify "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 6/8/2013 12:52:49 PM | Computer Name = Laptop | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Program Files (x86)\Cozi Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 6/8/2013 1:12:17 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 6/8/2013 1:12:17 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 1107 Error - 6/8/2013 1:12:17 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1107 Error - 6/8/2013 1:12:18 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 6/8/2013 1:12:18 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2137 Error - 6/8/2013 1:12:18 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2137 Error - 6/8/2013 1:12:19 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 6/8/2013 1:12:19 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 3213 Error - 6/8/2013 1:12:19 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 3213 [ Dell Events ] Error - 1/14/2012 10:27:13 AM | Computer Name = Laptop | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 1/22/2012 9:28:38 AM | Computer Name = Laptop | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 1/22/2012 9:28:38 AM | Computer Name = Laptop | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 2/2/2012 12:34:56 AM | Computer Name = Laptop | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 2/2/2012 12:34:56 AM | Computer Name = Laptop | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 2/3/2012 6:31:44 PM | Computer Name = Laptop | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 2/3/2012 6:31:44 PM | Computer Name = Laptop | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 3/5/2012 1:27:29 PM | Computer Name = Laptop | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 3/5/2012 1:27:29 PM | Computer Name = Laptop | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 6/5/2013 11:44:26 PM | Computer Name = Laptop | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. [ System Events ] Error - 6/7/2013 8:13:13 AM | Computer Name = Laptop | Source = DCOM | ID = 10010 Description = Error - 6/7/2013 10:13:04 PM | Computer Name = Laptop | Source = DCOM | ID = 10010 Description = Error - 6/7/2013 10:18:02 PM | Computer Name = Laptop | Source = EventLog | ID = 6008 Description = The previous system shutdown at 10:17:03 PM on ?6/?7/?2013 was unexpected. Error - 6/8/2013 10:07:52 AM | Computer Name = Laptop | Source = DCOM | ID = 10010 Description = Error - 6/8/2013 12:17:57 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7034 Description = The Bluetooth OBEX Service service terminated unexpectedly. It has done this 1 time(s). Error - 6/8/2013 12:20:39 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Bluetooth Device Monitor service. Error - 6/8/2013 12:29:38 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 6/8/2013 12:33:18 PM | Computer Name = Laptop | Source = Application Popup | ID = 1060 Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 6/8/2013 12:33:18 PM | Computer Name = Laptop | Source = Application Popup | ID = 1060 Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 6/8/2013 12:34:01 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. < End of report >
-
OTL.txt - OTL logfile created on: 6/8/2013 2:00:36 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.92 Gb Total Physical Memory | 4.51 Gb Available Physical Memory | 76.16% Memory free 11.83 Gb Paging File | 9.63 Gb Available in Paging File | 81.36% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 581.42 Gb Total Space | 474.15 Gb Free Space | 81.55% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: Chris | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/06/08 13:58:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe PRC - [2013/06/07 22:30:57 | 001,105,408 | ---- | M] (Spotify Ltd) -- C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2013/05/24 20:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013/05/16 11:11:14 | 000,188,760 | ---- | M] () -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/02/01 11:50:04 | 001,850,224 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe PRC - [2012/02/01 11:50:02 | 002,195,824 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/01/13 14:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe PRC - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2010/12/15 13:31:20 | 000,460,144 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe PRC - [2010/12/15 13:22:42 | 001,085,440 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe PRC - [2010/12/14 02:21:34 | 000,974,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2010/12/14 02:21:18 | 000,901,184 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2010/11/17 11:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe PRC - [2010/09/06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe PRC - [2010/09/03 02:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe PRC - [2010/04/05 15:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2005/04/29 16:15:40 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe ========== Modules (No Company Name) ========== MOD - [2013/03/13 16:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2012/11/13 19:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2012/02/01 11:50:04 | 001,850,224 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe MOD - [2012/02/01 11:50:02 | 002,195,824 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe MOD - [2012/02/01 11:44:34 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll MOD - [2012/02/01 11:44:34 | 002,278,400 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/01/13 14:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe MOD - [2011/01/13 14:37:50 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll MOD - [2011/01/13 14:37:26 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll MOD - [2011/01/13 14:37:24 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll MOD - [2011/01/13 14:37:20 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll MOD - [2011/01/13 14:37:18 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll MOD - [2011/01/13 14:37:14 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll MOD - [2011/01/13 14:36:50 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll MOD - [2010/11/24 23:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll MOD - [2010/11/17 11:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe MOD - [2005/04/29 16:15:40 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe MOD - [2005/04/29 16:15:36 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\TouchFreeze\TouchFreeze.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/05/16 11:11:14 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe -- (Updater By SweetPacks) SRV:64bit: - [2013/02/19 14:56:14 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2013/02/19 14:53:32 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2013/02/19 14:51:54 | 000,241,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2012/11/16 22:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McOobeSv) SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV:64bit: - [2011/08/05 13:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV:64bit: - [2011/08/05 13:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm) SRV:64bit: - [2011/08/05 13:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV:64bit: - [2010/12/17 15:41:32 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2010/12/17 15:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2010/12/17 15:26:50 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2010/11/29 16:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/08/30 14:42:00 | 000,220,528 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\McAfee\MSC\McAWFwk.exe -- (McAWFwk) SRV:64bit: - [2009/11/17 22:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013/05/23 07:16:04 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/12/15 13:31:20 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service) SRV - [2010/12/15 13:22:42 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer) SRV - [2010/12/14 02:21:34 | 000,974,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2010/12/14 02:21:30 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2010/12/14 02:21:18 | 000,901,184 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2010/11/25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12) SRV - [2010/11/25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM) SRV - [2010/09/06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0) SRV - [2010/09/03 02:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService) SRV - [2010/08/25 21:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU) SRV - [2010/04/05 15:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/02/19 14:59:06 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2013/02/19 14:56:26 | 000,340,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2013/02/19 14:55:14 | 000,106,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2013/02/19 14:54:32 | 000,771,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2013/02/19 14:53:42 | 000,515,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2013/02/19 14:53:02 | 000,309,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2013/02/19 14:52:44 | 000,179,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2012/04/20 17:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/03/31 23:35:12 | 000,355,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2011/03/26 05:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/10 18:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011/02/10 18:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011/01/12 21:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/12/21 21:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2010/12/14 09:18:50 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2010/12/14 09:10:10 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex) DRV:64bit: - [2010/12/14 02:21:06 | 000,274,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2010/12/01 12:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010/12/01 06:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd) DRV:64bit: - [2010/11/30 18:02:54 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/11/29 16:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010/10/15 12:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010/08/12 11:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010/02/27 03:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0B0CyByBtAyB0DzytCzy0BtCyBtCyCzztN0D0Tzu0CtByDtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2131868848 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {EBCDE632-E239-47CE-8C19-BF4B7919AA74} IE:64bit: - HKLM\..\SearchScopes\{EBCDE632-E239-47CE-8C19-BF4B7919AA74}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0B0CyByBtAyB0DzytCzy0BtCyBtCyCzztN0D0Tzu0CtByDtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2131868848 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={B71BA356-C968-11E2-8BD2-BC7737D919B1} IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {EBCDE632-E239-47CE-8C19-BF4B7919AA74} IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{4985F660-8367-261F-AD1C-438D68567497}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\..\SearchScopes\{EBCDE632-E239-47CE-8C19-BF4B7919AA74}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0B0CyByBtAyB0DzytCzy0BtCyBtCyCzztN0D0Tzu0CtByDtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2131868848 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={B71BA356-C968-11E2-8BD2-BC7737D919B1} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1 IE - HKCU\..\SearchScopes,DefaultScope = {4985F660-8367-261F-AD1C-438D68567497} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX [2013/05/30 16:38:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/05/23 01:40:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013/05/23 01:40:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\Program Files\Updater By SweetPacks\Firefox [2013/05/30 16:38:04 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.yahoo.com/?ilc=1 CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: Google Docs = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: FTdownloader V4.0 = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bebnnlollpcjnfpkafhoclljaojgnfok\4.0_0\ CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google Search = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: SiteAdvisor = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\ CHR - Extension: SweetPacks Chrome Extension = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.0_0\ CHR - Extension: GoPhoto.it = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.5_0\ CHR - Extension: Gmail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: OneClickDownload = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.3_0\ O1 HOSTS File: ([2013/06/08 12:33:59 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Updater By SweetPacks) - {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension64.dll () O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120627073731.dll (McAfee, Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Updater By SweetPacks) - {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension32.dll () O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120627073731.dll (McAfee, Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll File not found O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] FILES\ADOBE\OOBE\PDAPP\UWA\UPDATERSTARTUPUTILITY.EXE" File not found O4:64bit: - HKLM..\Run: [Apoint] T.EXE File not found O4:64bit: - HKLM..\Run: [bTMTrayAgent] TEL\BLUETOOTH\BTMSHELL.DLL",TRAYAPP File not found O4:64bit: - HKLM..\Run: [CanonMyPrinter] TER\BJMYPRT.EXE /LOGON File not found O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE File not found O4:64bit: - HKLM..\Run: [igfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE File not found O4:64bit: - HKLM..\Run: [intelTBRunOnce] CE.VBS" File not found O4:64bit: - HKLM..\Run: [intelWireless] TEL WIRELESS TRAY File not found O4:64bit: - HKLM..\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE File not found O4:64bit: - HKLM..\Run: [RTHDVCPL] GUI64.EXE -S File not found O4:64bit: - HKLM..\Run: [Zune Launcher] CHER.EXE" File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKCU..\Run: [spotify Web Helper] C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKCU..\Run: [TouchFreeze] C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe () O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell) O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks) O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP31-13320/event/ieatgpc1.cab (GpcContainer Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B451D4FF-7E9C-4953-AC3D-0BF55E95B147}: DhcpNameServer = 13.35.0.1 13.35.0.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD9A187E-8374-4497-A2B9-E17C235DF403}: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\cozi - No CLSID value found O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.) O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/06/08 13:58:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe [2013/06/08 13:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013/06/08 13:04:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013/06/08 13:03:36 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013/06/08 13:03:32 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013/06/08 13:03:32 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013/06/08 13:03:32 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013/06/08 13:01:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/06/08 12:44:15 | 031,666,592 | ---- | C] (Oracle Corporation) -- C:\Users\Chris\Desktop\jre-7u21-windows-i586.exe [2013/06/08 12:36:34 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/06/06 22:09:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013/06/06 06:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013/06/06 06:55:43 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\mbar [2013/06/05 20:35:55 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\MigWiz [2013/06/03 07:49:07 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2013/06/03 07:49:07 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2013/06/03 00:28:40 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2013/06/03 00:28:40 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2013/06/03 00:28:40 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2013/06/03 00:28:40 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2013/06/03 00:27:52 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2013/06/03 00:27:52 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2013/06/03 00:27:52 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2013/06/03 00:27:52 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2013/06/03 00:26:23 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/06/03 00:26:23 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/06/03 00:26:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/06/03 00:26:21 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/06/03 00:26:21 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/06/03 00:26:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/06/03 00:26:21 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/06/03 00:26:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/06/03 00:26:20 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/06/03 00:26:20 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/06/03 00:26:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/06/03 00:26:20 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/06/03 00:26:19 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/06/03 00:26:19 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/06/03 00:26:19 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/06/03 00:24:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013/06/03 00:24:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013/06/02 17:56:28 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013/06/02 17:56:28 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013/06/02 17:56:27 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013/06/02 17:56:27 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013/06/02 17:56:02 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2013/06/02 17:56:02 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2013/06/02 17:56:02 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2013/06/02 17:55:54 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013/06/02 17:55:54 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013/06/02 17:55:53 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013/06/02 17:55:52 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013/06/02 17:55:52 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013/06/02 17:55:52 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013/06/02 17:55:09 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013/06/02 17:55:09 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013/06/02 17:55:08 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013/06/02 17:55:08 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013/06/02 17:54:54 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [2013/06/02 17:54:44 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2013/06/02 17:54:42 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013/06/02 17:54:30 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2013/06/02 17:54:30 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2013/06/02 17:54:30 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2013/06/02 17:54:30 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2013/06/02 17:54:29 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2013/06/02 17:54:29 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2013/06/02 17:52:44 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2013/06/02 17:52:44 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2013/06/02 17:52:42 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013/06/02 17:52:19 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2013/06/02 17:52:11 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013/06/02 17:52:08 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/06/02 17:52:08 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/06/02 17:52:07 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/06/02 17:52:07 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/06/02 17:52:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013/06/02 17:51:53 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2013/06/02 17:51:47 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013/06/02 17:51:45 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2013/06/02 17:51:45 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013/06/02 17:51:32 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013/06/02 17:51:31 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013/06/02 17:51:31 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013/06/02 17:51:31 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013/06/02 17:51:31 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013/06/02 17:51:31 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013/06/02 17:51:31 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013/06/02 17:51:31 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013/06/02 17:51:31 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013/06/02 17:51:30 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013/06/02 17:51:30 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013/06/02 17:51:30 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013/06/02 17:51:30 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013/06/02 17:51:30 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013/06/02 17:51:30 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013/06/02 17:51:30 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013/06/02 17:51:30 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013/06/02 17:51:29 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013/06/02 17:51:29 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013/06/02 17:51:29 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013/06/02 17:51:29 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013/06/02 17:51:29 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013/06/02 17:51:29 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013/06/02 17:51:28 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013/06/02 17:51:25 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013/06/02 17:51:25 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013/06/02 17:51:25 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013/06/02 17:51:25 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013/06/02 17:51:25 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013/06/02 17:51:24 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013/06/02 17:51:24 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013/06/02 17:51:24 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013/06/02 17:49:29 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013/06/02 17:49:28 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013/06/02 17:49:28 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013/06/02 17:49:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013/06/02 17:49:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013/06/02 17:49:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013/06/02 17:49:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013/06/02 17:49:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013/06/02 17:49:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013/06/02 17:49:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013/06/02 17:49:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013/06/02 17:49:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/06/02 17:49:23 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013/06/02 17:49:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013/06/02 17:49:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013/06/02 17:49:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013/06/02 17:49:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013/06/02 17:49:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013/06/02 17:49:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013/06/02 17:49:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013/06/02 17:49:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013/06/02 17:49:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013/06/02 17:49:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013/06/02 17:49:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013/06/02 17:49:22 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013/06/02 17:49:22 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013/06/02 17:49:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013/06/02 17:49:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013/06/02 17:49:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013/06/02 17:49:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013/06/02 17:49:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013/06/02 17:49:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013/06/02 17:49:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013/06/02 17:49:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013/06/02 17:49:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013/06/02 17:49:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013/06/02 17:49:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013/06/02 17:49:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/06/02 17:49:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013/06/02 17:49:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013/06/02 17:49:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013/06/02 17:49:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013/06/02 17:49:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013/06/02 17:49:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013/06/02 17:49:18 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013/06/02 17:49:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013/06/02 17:49:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013/06/02 17:49:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013/06/02 17:49:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013/06/02 17:49:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013/06/02 17:49:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013/06/02 17:49:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013/06/02 17:49:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013/06/02 17:49:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013/06/02 17:49:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013/06/02 17:49:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013/06/02 17:49:17 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013/06/02 17:49:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013/06/02 17:49:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013/06/02 17:49:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013/06/02 17:49:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013/06/02 17:49:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013/06/02 17:49:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013/06/02 17:48:32 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2013/06/02 17:48:32 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2013/06/02 17:43:29 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013/06/02 17:43:28 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013/06/02 17:43:09 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013/06/02 17:42:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2013/06/02 17:42:52 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2013/06/02 17:42:51 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2013/06/02 17:42:47 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2013/06/02 17:42:41 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2013/06/02 17:42:38 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/06/02 17:42:37 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/06/02 17:42:37 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/06/02 17:42:36 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013/06/02 17:42:36 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013/06/02 17:42:36 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013/06/02 17:42:12 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2013/06/02 16:04:49 | 005,078,669 | R--- | C] (Swearware) -- C:\Users\Chris\Desktop\ComboFix.exe [2013/06/02 16:04:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/06/02 16:04:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/06/02 16:04:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/06/02 16:04:15 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/06/02 16:04:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/06/02 09:02:14 | 000,000,000 | -HSD | C] -- C:\$$PendingFiles [2013/05/30 16:38:01 | 000,000,000 | ---D | C] -- C:\Program Files\Updater By SweetPacks [2013/05/30 16:37:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM [2013/05/30 16:37:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\jmdp [2013/05/30 16:37:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ARFC [2013/05/30 16:37:40 | 000,033,792 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll [2013/05/30 16:37:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WNLT [2013/05/30 16:36:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gophoto.it [2013/05/30 16:35:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FTDownloader.com [2013/05/24 13:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows [2013/05/24 13:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\My Dell [2013/05/24 13:02:06 | 000,000,000 | ---D | C] -- C:\found.001 [2013/05/23 07:15:54 | 017,613,192 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2013/05/22 23:25:03 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\ElevatedDiagnostics [2013/05/22 22:48:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\KB0681071 [8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/06/08 13:58:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe [2013/06/08 13:58:04 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/06/08 13:51:36 | 000,727,224 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/06/08 13:51:36 | 000,624,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/06/08 13:51:36 | 000,106,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/06/08 13:50:17 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/06/08 13:50:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/06/08 13:09:46 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/06/08 13:09:46 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/06/08 13:03:27 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013/06/08 13:03:25 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2013/06/08 13:03:25 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013/06/08 13:03:25 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013/06/08 13:03:25 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013/06/08 13:00:39 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/06/08 13:00:15 | 469,372,927 | -HS- | M] () -- C:\hiberfil.sys [2013/06/08 12:47:33 | 031,666,592 | ---- | M] (Oracle Corporation) -- C:\Users\Chris\Desktop\jre-7u21-windows-i586.exe [2013/06/08 12:33:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/06/08 12:17:37 | 005,078,669 | R--- | M] (Swearware) -- C:\Users\Chris\Desktop\ComboFix.exe [2013/06/06 15:36:05 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/06/03 08:03:05 | 000,348,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/06/02 01:53:00 | 000,000,004 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\skype.ini [2013/05/30 20:46:37 | 000,001,051 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013/05/30 20:46:09 | 000,001,019 | ---- | M] () -- C:\Users\Chris\Desktop\Dropbox.lnk [2013/05/27 04:58:02 | 001,447,728 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe [2013/05/27 04:57:04 | 000,033,792 | ---- | M] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll [2013/05/23 07:16:04 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/05/23 07:16:04 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/05/23 07:15:54 | 017,613,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2013/05/23 07:14:48 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/06/03 07:49:10 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013/06/03 00:27:52 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013/06/02 16:04:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/06/02 16:04:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/06/02 16:04:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/06/02 16:04:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/06/02 16:04:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/06/02 00:15:34 | 000,000,004 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\skype.ini [2013/05/30 16:37:40 | 001,447,728 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe [2013/03/16 22:24:16 | 002,250,054 | ---- | C] () -- C:\ProgramData\1.bmp [2013/03/16 22:24:01 | 000,302,806 | ---- | C] () -- C:\ProgramData\1.jpg [2013/01/17 18:38:47 | 000,000,036 | -H-- | C] () -- C:\Windows\SysWow64\f9t.dat [2012/08/12 21:04:17 | 000,003,584 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/05/10 21:58:52 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2011/12/24 22:06:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/07/01 20:40:00 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/06/23 23:15:36 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011/06/23 23:15:34 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011/06/23 23:15:32 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011/06/23 21:05:51 | 000,017,776 | ---- | C] () -- C:\Windows\EvtMessage.dll ========== ZeroAccess Check ========== [2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Chris\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\L [2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Chris\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U [2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Erica\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\L [2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Erica\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U [2013/05/24 13:37:15 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report >
-
I did all he requested Java actions, uninstalling old versions, installing new version, and removing all downloaded apps and applets from cache. I have no idea what you mean by DDS though. I looked at all the posts in this topic, and I don't believe you asked me to run this before. Please advise. Thanks. Did you mean this? http://www.bleepingcomputer.com/download/dds/
-
ComboFix log: ComboFix 13-06-08.01 - Chris 06/08/2013 12:20:06.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.4134 [GMT -4:00] Running from: c:\users\Chris\Desktop\ComboFix.exe Command switches used :: c:\users\Chris\Desktop\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\Chris\Downloads\als.zip.exe" "c:\users\Chris\Downloads\The_Chipmunks_and_The_Chipettes_-_Alvin_And_The_Chipmunks_Chipwrecked_(Soundtrack)_(2011)_320kbps.exe" "c:\users\Chris\Downloads\The_Ocean_-_Pelagial_[instrumental]_2013.zip.exe" "c:\users\Erica\Downloads\Mr_Eaves.exe" "c:\users\Erica\Pictures\Braves V Angels.exe" "c:\windows\Installer\47caaa.msi" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Yontoo c:\program files (x86)\Yontoo\OptChrome.exe c:\program files (x86)\Yontoo\YontooIEClient.dll c:\program files (x86)\Yontoo\YontooLayers.crx c:\programdata\PCDr\6261\AddOnDownloaded\1b0b3c38-2b97-4f8d-954b-06296209b73d.dll c:\programdata\PCDr\6261\AddOnDownloaded\1e512ef2-01fb-49fb-b09b-71de0eac4612.dll c:\programdata\PCDr\6261\AddOnDownloaded\1ea63693-456f-437c-857f-522df77e7357.dll c:\programdata\PCDr\6261\AddOnDownloaded\27ada864-54d8-46c9-a6e3-8334fa39b525.dll c:\programdata\PCDr\6261\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dll c:\programdata\PCDr\6261\AddOnDownloaded\3e0b29b2-9809-4050-abfc-ef8aff73ceab.dll c:\programdata\PCDr\6261\AddOnDownloaded\5f2ce3e8-3c56-40bb-86d6-a1a41867000b.dll c:\programdata\PCDr\6261\AddOnDownloaded\7b6e388f-35d0-44f8-aa2c-20538273473f.dll c:\programdata\PCDr\6261\AddOnDownloaded\97cd9b9c-9747-469a-acfa-cfbf8aed528a.dll c:\programdata\PCDr\6261\AddOnDownloaded\b69d9551-76e9-4872-95f8-075916f82d74.dll c:\programdata\PCDr\6261\AddOnDownloaded\bea3f575-677a-4c92-89ca-7be8480c11a9.dll c:\programdata\Tarma Installer c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico . . ((((((((((((((((((((((((( Files Created from 2013-05-08 to 2013-06-08 ))))))))))))))))))))))))))))))) . . 2013-06-08 16:33 . 2013-06-08 16:33 -------- d-----w- c:\users\Matthew\AppData\Local\temp 2013-06-08 16:33 . 2013-06-08 16:33 -------- d-----w- c:\users\Erica\AppData\Local\temp 2013-06-08 16:33 . 2013-06-08 16:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-06-08 16:26 . 2013-06-08 16:26 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2BF90C02-0041-4015-8B99-4C30805856D0}\offreg.dll 2013-06-08 01:51 . 2013-05-14 05:48 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2BF90C02-0041-4015-8B99-4C30805856D0}\mpengine.dll 2013-06-07 02:09 . 2013-06-07 02:09 -------- d-----w- c:\program files (x86)\ESET 2013-06-06 10:57 . 2013-06-06 12:04 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-06-06 00:35 . 2013-06-06 00:35 -------- dc----w- c:\users\Chris\AppData\Local\MigWiz 2013-06-03 22:37 . 2013-06-08 12:55 -------- d-----r- c:\users\Erica\Dropbox 2013-06-03 22:32 . 2013-06-08 12:55 -------- d-----w- c:\users\Erica\AppData\Roaming\Dropbox 2013-06-03 11:49 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2013-06-03 11:49 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2013-06-03 11:49 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2013-06-03 11:49 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2013-06-03 04:30 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll 2013-06-03 04:30 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-06-03 04:30 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-06-03 04:28 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2013-06-03 04:28 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2013-06-03 04:28 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2013-06-03 04:28 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2013-06-03 04:27 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2013-06-03 04:27 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2013-06-03 04:27 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2013-06-03 04:27 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2013-06-03 04:27 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2013-06-03 04:27 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2013-06-03 04:27 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2013-06-03 04:24 . 2013-06-03 04:24 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-06-02 21:56 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-06-02 21:56 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-06-02 21:56 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll 2013-06-02 21:56 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll 2013-06-02 21:56 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-06-02 21:56 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2013-06-02 21:56 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2013-06-02 21:56 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2013-06-02 21:56 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2013-06-02 21:54 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll 2013-06-02 21:52 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll 2013-06-02 21:52 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2013-06-02 21:52 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll 2013-06-02 21:52 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2013-06-02 21:52 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll 2013-06-02 21:52 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2013-06-02 21:52 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-06-02 21:52 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-06-02 21:52 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-06-02 21:52 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-06-02 21:52 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-06-02 21:52 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-06-02 21:49 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll 2013-06-02 21:48 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys 2013-06-02 21:48 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2013-06-02 21:48 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2013-06-02 21:43 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll 2013-06-02 21:43 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-06-02 21:43 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-06-02 21:43 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll 2013-06-02 21:43 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-06-02 21:43 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-06-02 21:43 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe 2013-06-02 13:02 . 2013-06-02 13:02 -------- d-sh--w- C:\$$PendingFiles 2013-05-30 20:38 . 2013-05-30 20:38 -------- d-----w- c:\program files\Updater By SweetPacks 2013-05-30 20:37 . 2013-05-30 20:37 -------- d-----w- c:\program files (x86)\SweetIM 2013-05-30 20:37 . 2013-05-30 20:37 -------- d-----w- c:\windows\SysWow64\jmdp 2013-05-30 20:37 . 2013-05-30 20:37 -------- d-----w- c:\windows\SysWow64\ARFC 2013-05-30 20:37 . 2013-05-27 08:58 1447728 ----a-w- c:\windows\system32\dmwu.exe 2013-05-30 20:37 . 2013-05-27 08:57 33792 ----a-w- c:\windows\system32\ImHttpComm.dll 2013-05-30 20:37 . 2013-05-30 20:37 -------- d-----w- c:\windows\SysWow64\WNLT 2013-05-30 20:36 . 2013-05-30 20:36 -------- d-----w- c:\program files (x86)\Gophoto.it 2013-05-30 20:36 . 2013-05-30 20:36 -------- d-----w- c:\users\Erica\AppData\Local\PutLockerDownloader 2013-05-30 20:35 . 2013-05-30 20:36 -------- d-----w- c:\program files (x86)\FTDownloader.com 2013-05-29 22:33 . 2013-05-29 22:33 -------- d-----w- c:\users\Matthew\AppData\Roaming\Unity 2013-05-29 22:24 . 2013-05-29 22:24 -------- d-----w- c:\users\Matthew\AppData\Local\Google 2013-05-24 17:46 . 2013-05-24 17:46 -------- d-----w- c:\programdata\PC-Doctor for Windows 2013-05-24 17:45 . 2013-05-24 17:46 -------- d-----w- c:\program files\My Dell 2013-05-24 17:02 . 2013-05-24 17:02 -------- d-----w- C:\found.001 2013-05-23 11:15 . 2013-05-23 11:15 17613192 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2013-05-23 03:25 . 2013-05-23 03:25 -------- d-----w- c:\users\Chris\AppData\Local\ElevatedDiagnostics 2013-05-23 02:48 . 2013-05-23 05:38 -------- d-----w- c:\users\Chris\AppData\Local\KB0681071 2013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-23 11:16 . 2012-04-15 22:14 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-23 11:16 . 2011-07-10 05:22 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-23 11:04 . 2010-06-24 16:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-03 20:15 . 2011-07-02 13:58 75016696 ----a-w- c:\windows\system32\MRT.exe 2013-05-02 06:06 . 2012-03-12 13:05 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-13 05:49 . 2013-06-02 21:55 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-06-02 21:55 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-06-02 21:55 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-06-02 21:55 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-06-02 21:55 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-06-02 21:55 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-04 18:50 . 2011-07-02 00:32 25928 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] 2013-05-16 15:11 169304 ----a-w- c:\program files\Updater By SweetPacks\Extension32.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-02-08 21:40 1362320 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2013-04-03 20:06 1310480 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-02-08 1362320] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2013-04-03 1310480] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TouchFreeze"="c:\program files (x86)\TouchFreeze\TouchFreeze.exe" [2005-04-29 45056] "Spotify Web Helper"="c:\users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-06-08 1105408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-05-10 37960] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1532992] "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736] "AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-07-01 560128] "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184] . c:\users\Erica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-5-24 27776968] Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288] . c:\users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288] . c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-5-24 27776968] Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x] R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x] R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x] R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe;c:\progra~1\mcafee\msc\mcawfwk.exe [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [x] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x] S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S2 Updater By SweetPacks;Updater By SweetPacks;c:\program files\Updater By SweetPacks\ExtensionUpdaterService.exe;c:\program files\Updater By SweetPacks\ExtensionUpdaterService.exe [x] S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x] S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x] S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-06-06 19:34 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 11:16] . 2013-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-17 22:11] . 2013-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-17 22:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] 2013-05-16 15:11 211288 ----a-w- c:\program files\Updater By SweetPacks\Extension64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="GUI64.EXE -S" [X] "IntelWireless"="TEL WIRELESS TRAY" [X] "IgfxTray"="DOWS\SYSTEM32\IGFXTRAY.EXE" [bU] "HotKeysCmds"="DOWS\SYSTEM32\HKCMD.EXE" [bU] "Persistence"="DOWS\SYSTEM32\IGFXPERS.EXE" [bU] "Apoint"="T.EXE" [bU] "BTMTrayAgent"="TEL\BLUETOOTH\BTMSHELL.DLL" [bU] "IntelTBRunOnce"="CE.VBS" [bU] "AdobeAAMUpdater-1.0"="FILES\ADOBE\OOBE\PDAPP\UWA\UPDATERSTARTUPUTILITY.EXE" [bU] "CanonMyPrinter"="TER\BJMYPRT.EXE" [bU] "Zune Launcher"="CHER.EXE" [bU] "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCInstallQueue"="netman.dll" [2009-07-14 360448] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.yahoo.com/?ilc=1 mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={B71BA356-C968-11E2-8BD2-BC7737D919B1} mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files (x86)\Yontoo\YontooIEClient.dll Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-06-08 12:36:33 ComboFix-quarantined-files.txt 2013-06-08 16:36 ComboFix2.txt 2013-06-02 20:27 . Pre-Run: 509,353,512,960 bytes free Post-Run: 509,518,036,992 bytes free . - - End Of File - - 95343C47AD2B8766AB9BCE74E65553C5
-
Here are the results of my ESET scan: C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Laplink\PCmover\ThirdParty\registrybooster.exe a variant of Win32/RegistryBooster application C:\Program Files (x86)\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application C:\Program Files (x86)\Yontoo\YontooLayers.crx JS/Adware.Yontoo.A application C:\ProgramData\Ask\APN-Stub\AD5\APNIC.dll a variant of Win32/Bundled.Toolbar.Ask application C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application C:\Users\All Users\Ask\APN-Stub\AD5\APNIC.dll a variant of Win32/Bundled.Toolbar.Ask application C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\background.html JS/Adware.Yontoo.A application C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\yl.js JS/Adware.Yontoo.A application C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\19ee7440-3579f38d Java/Exploit.CVE-2013-1493.BW trojan C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\4b5453c1-19af002a multiple threats C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\6f42b481-147de5ec multiple threats C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\16601d8b-57465f82 a variant of Java/Exploit.Agent.NNO trojan C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4bd38dcc-6af95390 multiple threats C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\663aeecd-2cf538cc multiple threats C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\3b6f9091-1571defc multiple threats C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\3d09bd11-562831cf multiple threats C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\7e620e12-18004505 multiple threats C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\346f9b53-6599841d multiple threats C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\43a4c753-3050323a multiple threats C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\f2d8902-3205aefa a variant of Java/Exploit.Agent.NNO trojan C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\47def655-7e7dbb26 multiple threats C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4a95bc15-3d18b07e a variant of Java/Exploit.Agent.NNO trojan C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\6039d19c-3a8f89a2 multiple threats C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\19fd8761-4e4255cb multiple threats C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\20b961e3-6b46e540 multiple threats C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\4a171de5-28ee3147 multiple threats C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\3ff6c26a-3c8e8ea5 multiple threats C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\5987936d-5ee499fc multiple threats C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\5344892e-2dd6d32c multiple threats C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\6f21772f-3e0ad38a a variant of Java/Exploit.CVE-2012-1723.CF trojan C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\390aee05-333164cc multiple threats C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\631a8e35-21795eed multiple threats C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\2ac015b6-704cc66a multiple threats C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\5a8b9fb7-2c8f75bc a variant of Java/Exploit.CVE-2013-1493.CT trojan C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\79444bb8-11945552 a variant of Java/Exploit.Agent.OFX trojan C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\e44007b-4a7d3d9f multiple threats C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\729ff446-1a59fbdf multiple threats C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\e805506-18ff628d multiple threats C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\38e9d3bd-227a68a2 multiple threats C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\5c4fcbfd-2c86f015 multiple threats C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\6db31bfd-33a4b99e multiple threats C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\6eeed6bd-4aaf5904 a variant of Java/Exploit.CVE-2013-0422.CF trojan C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\43cfc33e-7de11d97 a variant of Java/Exploit.Agent.NEA trojan C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\666ba8bf-7b1222e1 Java/Exploit.Agent.NQR trojan C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\7d7d71bf-79f22ef3 Java/Exploit.Agent.NUY trojan C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\5abcbf47-2d1015ca multiple threats C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\7749ab48-270e1c09 multiple threats C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\a46d9c9-1c27c119 multiple threats C:\Users\Chris\AppData\Roaming\Java\Update\Download\Cache\check_update.bat BAT/CoinMiner.AX trojan C:\Users\Chris\AppData\Roaming\Java\Update\Download\Cache\csrss.exe a variant of Win32/BitCoinMiner.N application C:\Users\Chris\Downloads\als.zip.exe Win32/InstalleRex.J application C:\Users\Chris\Downloads\The_Chipmunks_and_The_Chipettes_-_Alvin_And_The_Chipmunks_Chipwrecked_(Soundtrack)_(2011)_320kbps.exe Win32/Adware.1ClickDownload.AJ application C:\Users\Chris\Downloads\The_Ocean_-_Pelagial_[instrumental]_2013.zip.exe Win32/InstalleRex.I application C:\Users\Erica\AppData\Local\Downloaded Installations\{1975FDD5-4BDD-4257-8D27-D8A4DA128159}\PCmover Professional.msi multiple threats C:\Users\Erica\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\background.html JS/Adware.Yontoo.A application C:\Users\Erica\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\yl.js JS/Adware.Yontoo.A application C:\Users\Erica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\16591df8-2cf2d657 multiple threats C:\Users\Erica\Downloads\Mr_Eaves.exe Win32/Adware.1ClickDownload.G application C:\Users\Erica\Downloads\Mr_Eaves.rar Win32/Adware.1ClickDownload.G application C:\Users\Erica\Downloads\mr_eaves_font_free_download_downloader_386.exe a variant of Win32/YourFileDownloader application C:\Users\Erica\Pictures\Braves V Angels.exe Win32/Toolbar.SearchSuite application C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\background.html JS/Adware.Yontoo.A application C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\yl.js JS/Adware.Yontoo.A application C:\Windows\Installer\47caaa.msi multiple threats
-
Thanks. Hopefully its done when I get home.
-
I followed the above directions by running IE as an admin, turning off my McAfee real time scanner, and then running the online scanner from ESET with all of your specific configurations. However, it has now been running for the past 8.5 hours and is still only 48% complete! So far, it has found 66 total infected files. I have to go to work in about 1 hour and 15 minutes, if you read this before then, please let me know if I should continue with this scan or stop it so I can give you whatever logs it provides before I go to work. If not, I'll have to let it continue to run while I'm at work (instructing my wife not to stop it) and I won't be able to give you a log until tonight (if it is even done by then). Is it normal for it to take this long to scan???
-
Please advise what to do next, if anything. If I appear to be clean, let me know. Thanks.
-
FYI. Everything appears to be working fine after running MBAR. Here is the log for my Farbar Service Scanner scan: Farbar Service Scanner Version: 31-05-2013 01 Ran by Chris (administrator) on 06-06-2013 at 08:13:08 Running from "C:\Users\Chris\Downloads" Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\ipnathlp.dll => MD5 is legit C:\Windows\System32\iphlpsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
-
Here is the system-log.txt: --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.0.1003 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_37 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED CPU speed: 2.292000 GHz Memory total: 6352453632, free: 4717084672 Downloaded database version: v2013.06.06.02 Downloaded database version: v2013.05.22.01 Initializing... ------------ Kernel report ------------ 06/06/2013 06:57:59 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\mfehidk.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\mfewfpk.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\NETwNs64.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\nusb3xhc.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\DRIVERS\Apfiltr.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\WDKMD.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\nusb3hub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\system32\drivers\mfeavfk.sys \SystemRoot\system32\drivers\mfefirek.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\iBtFltCoex.sys \SystemRoot\system32\DRIVERS\btmhsf.sys \SystemRoot\System32\Drivers\BTHUSB.sys \SystemRoot\System32\Drivers\bthport.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\CtClsFlt.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\rfcomm.sys \SystemRoot\system32\drivers\BthEnum.sys \SystemRoot\system32\DRIVERS\bthpan.sys \SystemRoot\system32\DRIVERS\btmaux.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\Sftvollh.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\DRIVERS\TurboB.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\system32\DRIVERS\Sftfslh.sys \SystemRoot\system32\DRIVERS\Sftplaylh.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\DRIVERS\Sftredirlh.sys \SystemRoot\system32\drivers\mfeapfk.sys \SystemRoot\system32\drivers\cfwids.sys \SystemRoot\System32\Drivers\fastfat.SYS \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\imm32.dll \Windows\System32\urlmon.dll \Windows\System32\ole32.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8007e9e060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa800633a050 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Device number: 0, partition: 3 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8007e9e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8007d05b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007e9e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800633a050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 3 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 3 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 7F2837E Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 208782 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 208896 Numsec = 30720000 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 30928896 Numsec = 1219332784 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 640135028736 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-1250243728-1250263728)... Done! Infected: c:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\L\00000004.@ --> [backdoor.0Access] Infected: c:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\L --> [backdoor.0Access] Infected: c:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\L\201d3dde --> [backdoor.0Access] Infected: c:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U --> [backdoor.0Access] Scan finished Creating System Restore point... Cleaning up... Executing an action fixdamage.exe... Success! Queuing an action fixdamage.exe Removal successful. No system shutdown is required. ======================================= Removal queue found; removal started Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_208896_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Removal finished --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.0.1003 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_37 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED CPU speed: 2.292000 GHz Memory total: 6352453632, free: 4507885568 Initializing... ------------ Kernel report ------------ 06/06/2013 07:25:15 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\mfehidk.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\mfewfpk.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\NETwNs64.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\nusb3xhc.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\DRIVERS\Apfiltr.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\WDKMD.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\nusb3hub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\system32\drivers\mfeavfk.sys \SystemRoot\system32\drivers\mfefirek.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\iBtFltCoex.sys \SystemRoot\system32\DRIVERS\btmhsf.sys \SystemRoot\System32\Drivers\BTHUSB.sys \SystemRoot\System32\Drivers\bthport.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\CtClsFlt.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\rfcomm.sys \SystemRoot\system32\drivers\BthEnum.sys \SystemRoot\system32\DRIVERS\bthpan.sys \SystemRoot\system32\DRIVERS\btmaux.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\Sftvollh.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\DRIVERS\TurboB.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\system32\DRIVERS\Sftfslh.sys \SystemRoot\system32\DRIVERS\Sftplaylh.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\DRIVERS\Sftredirlh.sys \SystemRoot\system32\drivers\cfwids.sys \SystemRoot\System32\Drivers\fastfat.SYS \??\C:\Windows\system32\drivers\mbamchameleon.sys \SystemRoot\system32\drivers\mfeapfk.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\imm32.dll \Windows\System32\urlmon.dll \Windows\System32\ole32.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8007e9e060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa800633a050 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Device number: 0, partition: 3 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8007e9e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8007d05b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007e9e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800633a050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 3 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 3 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 7F2837E Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 208782 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 208896 Numsec = 30720000 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 30928896 Numsec = 1219332784 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 640135028736 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-1250243728-1250263728)... Done! Scan finished ======================================= Removal queue found; removal started Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_208896_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Removal finished
-
Here is the log for my 2nd MBAR scan, which came back clean: Malwarebytes Anti-Rootkit BETA 1.06.0.1003 www.malwarebytes.org Database version: v2013.06.06.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Chris :: LAPTOP [administrator] 6/6/2013 7:25:19 AM mbar-log-2013-06-06 (07-25-19).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: Deep Anti-Rootkit Scan | PUP Objects scanned: 298448 Time elapsed: 17 minute(s), 6 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end)