Jump to content

irdanoob

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Just letting you know every time I start up after explorer.exe loads it closes and it makes the "logout.wav" noise then reshells itself...
  2. ESET C:\Sandbox\M6400_Owner\DefaultBox\user\current\AppData\Local\Temp\hhcbrnaff.exe Win32/TrojanDownloader.Small.AAB trojan C:\Users\M6400 Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IH9LVB0\JDownloaderSetup_CH3[1].exe a variant of Win32/InstallCore.CU application C:\Users\M6400 Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VLOPO18X\JDownloader2Setup[1].exe a variant of Win32/InstallCore.CF application C:\Users\M6400 Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X2OTDXVP\JDownloader2Setup[1].exe a variant of Win32/InstallCore.CF application C:\Users\M6400 Owner\Downloads\Unlocker1.9.2.exe a variant of Win32/Toolbar.Babylon.E application
  3. # AdwCleaner v3.007 - Report created 12/10/2013 at 05:21:39 # Updated 09/10/2013 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (64 bits) # Username : M6400 Owner - BOX # Running from : C:\Users\M6400 Owner\Desktop\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309} Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Key Found : HKLM\SOFTWARE\Classes\CLSID\{43769158-3B03-4932-8D8A-8F0F344BF024} Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Key Found : HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04} Key Found : HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D9B1B31-D034-4738-8F6E-40F0AFCC742C} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095} ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16720 -\\ Mozilla Firefox v24.0 (en-US) [ File : C:\Users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\prefs.js ] -\\ Google Chrome v30.0.1599.69 [ File : C:\Users\M6400 Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1717 octets] - [12/10/2013 05:21:39] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1777 octets] ##########
  4. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.4 (10.06.2013:1) OS: Windows 7 Professional x64 Ran by M6400 Owner on Sat 10/12/2013 at 5:13:25.09 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\smbarbroker.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\smbarbroker.smbardealer Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\smbarbroker.smbardealer.1 ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Program Files (x86)\driver-soft" ~~~ FireFox Successfully deleted the following from C:\Users\M6400 Owner\AppData\Roaming\mozilla\firefox\profiles\l8h1ckbj.default\prefs.js user_pref("extensions.seoquake.params.370.icon", "AAABAAEAEBAAAAAAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAQAQAAAAAAAAAAAAAAAAAAAAAAAD///8B////Af///wHp6en/ubm5/4ODg/+JiYn/YmJi/ Emptied folder: C:\Users\M6400 Owner\AppData\Roaming\mozilla\firefox\profiles\l8h1ckbj.default\minidumps [19 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 10/12/2013 at 5:19:27.48 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  5. Not sure if this matters but I have 2 drives in this laptop my primary (one i'm in now is a SSD) that I cloned my HDD to Malwarebytes Anti-Rootkit BETA 1.07.0.1007 www.malwarebytes.org Database version: v2013.10.12.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16721 M6400 Owner :: BOX [administrator] 10/12/2013 5:05:06 AM mbar-log-2013-10-12 (05-05-06).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 250686 Time elapsed: 4 minute(s), 29 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1007 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16721 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.793000 GHz Memory total: 12872232960, free: 10293780480 Downloaded database version: v2013.10.12.07 Downloaded database version: v2013.10.11.02 ======================================= Initializing... ------------ Kernel report ------------ 10/12/2013 05:05:03 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\DRIVERS\pcmcia.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\iaStorV.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\vmstorfl.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\system32\DRIVERS\PBADRV.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys \SystemRoot\system32\DRIVERS\VBoxDrv.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\System32\Drivers\SCDEmu.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\usbuhci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\NETwNs64.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\b57nd60a.sys \SystemRoot\system32\DRIVERS\1394ohci.sys \SystemRoot\system32\DRIVERS\sdbus.sys \SystemRoot\system32\DRIVERS\rimspx64.sys \SystemRoot\system32\DRIVERS\rixdpx64.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\VBoxNetAdp.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\DRIVERS\CtClsFlt.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\drivers\nvvad64v.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\stwrt64.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStorV.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\dc3d.sys \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\point64.sys \SystemRoot\System32\Drivers\cvusbdrv.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\System32\ATMFD.DLL \??\C:\Program Files\Sandboxie\SbieDrv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WinUSB.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\System32\DRIVERS\scfilter.sys \SystemRoot\system32\DRIVERS\acpials.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\setupapi.dll \Windows\System32\ws2_32.dll \Windows\System32\nsi.dll \Windows\System32\advapi32.dll \Windows\System32\difxapi.dll \Windows\System32\ole32.dll \Windows\System32\urlmon.dll \Windows\System32\msvcrt.dll \Windows\System32\shell32.dll \Windows\System32\imm32.dll \Windows\System32\wininet.dll \Windows\System32\comdlg32.dll \Windows\System32\lpk.dll \Windows\System32\psapi.dll \Windows\System32\gdi32.dll \Windows\System32\sechost.dll \Windows\System32\oleaut32.dll \Windows\System32\user32.dll \Windows\System32\iertutil.dll \Windows\System32\clbcatq.dll \Windows\System32\Wldap32.dll \Windows\System32\rpcrt4.dll \Windows\System32\imagehlp.dll \Windows\System32\shlwapi.dll \Windows\System32\kernel32.dll \Windows\System32\usp10.dll \Windows\System32\msctf.dll \Windows\System32\normaliz.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\crypt32.dll \Windows\System32\KernelBase.dll \Windows\System32\devobj.dll \Windows\System32\comctl32.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\wintrust.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\cfgmgr32.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa800b2da060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-2\ Lower Device Object: 0xfffffa800a16b050 Lower Device Driver Name: \Driver\iaStorV\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa800b2da060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800b2d9470, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800b2da060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800a16b050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStorV\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: D2547956 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 206848 Numsec = 468649984 Partition file system is NTFS Partition is bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 240057409536 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-468842128-468862128)... Done! Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_206848_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam... Removal finished
  6. ComboFix 13-10-12.01 - M6400 Owner 10/12/2013 8:14.7.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12276.10295 [GMT -4:00] Running from: c:\users\M6400 Owner\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-09-12 to 2013-10-12 ))))))))))))))))))))))))))))))) . . 2013-10-12 12:20 . 2013-10-12 12:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-10-12 11:55 . 2013-10-12 11:55 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C2471A0-C562-4D93-8DDC-75973A9C9EFF}\offreg.dll 2013-10-12 11:51 . 2013-10-12 11:51 -------- d-----w- c:\program files (x86)\WinToFlash Suggestor 2013-10-12 11:50 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C2471A0-C562-4D93-8DDC-75973A9C9EFF}\mpengine.dll 2013-10-11 19:14 . 2013-10-11 19:14 -------- d-----w- c:\programdata\WindSolutions 2013-10-11 19:07 . 2013-01-06 18:52 2468520 ----a-w- c:\windows\SysWow64\BootMan.exe 2013-10-11 19:07 . 2012-12-21 17:54 14920 ----a-w- c:\windows\SysWow64\epmntdrv.sys 2013-10-11 19:07 . 2012-12-21 17:53 9800 ----a-w- c:\windows\system32\EuGdiDrv.sys 2013-10-11 19:07 . 2012-12-21 17:53 9160 ----a-w- c:\windows\SysWow64\EuGdiDrv.sys 2013-10-11 19:07 . 2012-12-21 17:53 87112 ----a-w- c:\windows\SysWow64\setupempdrv03.exe 2013-10-11 19:07 . 2012-12-21 17:53 17480 ----a-w- c:\windows\system32\epmntdrv.sys 2013-10-11 19:07 . 2012-12-21 17:53 100936 ----a-w- c:\windows\system32\setupempdrvx64.exe 2013-10-11 19:07 . 2012-12-20 18:46 3376640 ----a-w- c:\windows\system32\BootMan.exe 2013-10-11 19:07 . 2012-05-15 15:13 3316736 ----a-w- c:\windows\system32\¸´¼þ BootMan.exe 2013-10-11 19:07 . 2011-07-29 17:54 19840 ----a-w- c:\windows\SysWow64\EuEpmGdi.dll 2013-10-11 19:07 . 2011-07-29 17:54 16256 ----a-w- c:\windows\system32\EuEpmGdi.dll 2013-10-11 19:07 . 2013-10-11 19:07 -------- d-----w- c:\program files (x86)\EaseUS 2013-10-11 16:40 . 2013-10-11 16:40 -------- d-----w- c:\program files\Unlocker 2013-10-11 10:51 . 2013-10-11 10:51 12872 ----a-w- c:\windows\system32\bootdelete.exe 2013-10-11 10:22 . 2013-10-11 10:22 -------- d-----w- c:\program files\HitmanPro 2013-10-11 10:21 . 2013-10-11 10:56 -------- d-----w- c:\programdata\HitmanPro 2013-10-09 14:03 . 2013-10-09 14:03 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center 2013-10-08 20:23 . 2013-10-08 20:24 -------- d-----w- c:\program files\ClipX 2013-10-08 14:50 . 2013-10-08 14:50 -------- d-----w- c:\program files (x86)\Submit Suite 2013-10-08 14:46 . 2013-10-08 14:46 -------- d-----w- c:\program files (x86)\TheBestSpinner3 2013-10-07 18:08 . 2013-10-07 18:08 -------- d-----r- C:\Sandbox 2013-10-07 18:06 . 2013-10-07 18:08 -------- d-----w- c:\program files\Sandboxie 2013-10-07 03:33 . 2013-10-07 03:33 -------- d-----w- c:\program files\Blender Foundation 2013-10-06 23:50 . 2013-10-06 23:50 -------- d-----w- c:\program files (x86)\Rockstar Games 2013-10-06 02:41 . 2013-10-06 02:44 -------- d-----w- C:\video_output 2013-10-06 02:26 . 2013-10-06 02:26 -------- d-----w- c:\program files (x86)\FLV to AVI MPEG WMV 3GP MP4 iPod Converter 2013-10-05 19:02 . 2013-10-05 19:02 -------- d-----w- c:\programdata\xml_param 2013-10-05 18:54 . 2013-10-05 18:54 -------- d-----w- c:\program files\Common Files\Wondershare 2013-10-05 18:54 . 2013-10-05 19:15 -------- d-----w- c:\programdata\Wondershare Video Converter Pro 2013-10-05 18:54 . 2013-10-05 18:54 -------- d-----w- c:\program files (x86)\Wondershare 2013-10-05 01:04 . 2013-10-05 01:04 -------- d-----w- c:\program files\WIDCOMM 2013-10-04 20:57 . 2013-10-04 20:57 -------- d-----w- c:\programdata\Sophos 2013-10-04 20:57 . 2013-10-04 20:57 -------- d-----w- c:\program files (x86)\Sophos 2013-10-04 19:20 . 2013-10-04 19:20 -------- d-----w- c:\programdata\Malwarebytes 2013-10-04 19:20 . 2013-10-05 19:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-10-03 21:15 . 2013-10-05 19:15 -------- d-----w- c:\program files (x86)\Steam 2013-10-03 16:51 . 2013-10-03 16:51 -------- d-----w- c:\programdata\XDMessaging 2013-10-01 23:22 . 2013-10-01 23:22 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2013-10-01 23:21 . 2013-10-01 23:21 -------- d-----w- c:\program files\Adobe 2013-10-01 23:19 . 2013-10-05 19:15 -------- d-----w- c:\program files\Common Files\Adobe 2013-10-01 23:13 . 2013-10-07 04:56 -------- d-----w- c:\program files\PeerBlock 2013-09-30 17:54 . 2013-09-30 17:54 -------- d-----w- C:\Temp 2013-09-30 17:53 . 2013-09-30 21:26 -------- d-----w- c:\program files (x86)\decomp 2013-09-30 14:56 . 2013-10-05 19:15 -------- d-----w- c:\program files\glassfish-4.0 2013-09-30 14:52 . 2013-09-30 14:57 -------- d-----w- c:\program files\NetBeans 7.3.1 2013-09-30 14:42 . 2013-09-30 14:42 973736 ----a-w- c:\windows\system32\deployJava1.dll 2013-09-30 14:42 . 2013-09-30 14:42 312744 ----a-w- c:\windows\system32\javaws.exe 2013-09-30 14:42 . 2013-09-30 14:42 1095080 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-09-30 14:42 . 2013-09-30 14:42 189352 ----a-w- c:\windows\system32\javaw.exe 2013-09-30 14:42 . 2013-09-30 14:42 189352 ----a-w- c:\windows\system32\java.exe 2013-09-30 14:42 . 2013-09-30 14:42 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2013-09-30 14:40 . 2013-09-30 14:42 -------- d-----w- c:\program files\Java 2013-09-30 13:36 . 2013-09-30 13:38 -------- d-----w- c:\program files (x86)\Link-AssistantCom 2013-09-30 13:07 . 2013-09-30 13:07 -------- d-----w- c:\programdata\Submit Suite 2013-09-30 13:06 . 2013-09-30 14:59 -------- d-----w- c:\program files (x86)\Stealth Keyword Competition Analyzer 2013-09-30 12:54 . 2013-09-30 12:54 -------- d-----w- c:\program files (x86)\Elcomsoft 2013-09-30 12:54 . 2013-09-30 15:42 -------- d-----w- c:\program files (x86)\Elcomsoft Password Recovery 2013-09-30 12:54 . 2013-09-30 12:54 -------- d-----w- c:\programdata\Elcomsoft Password Recovery 2013-09-30 01:13 . 2013-10-11 16:34 -------- d-----w- c:\programdata\Avira 2013-09-30 01:03 . 2013-09-30 01:04 -------- d-----w- c:\program files (x86)\qBittorrent 2013-09-30 00:19 . 2013-09-30 00:19 -------- d-----w- c:\programdata\Steam 2013-09-30 00:15 . 2009-09-04 21:29 5501792 ----a-w- c:\windows\SysWow64\d3dcsx_42.dll 2013-09-29 23:58 . 2013-09-30 00:18 -------- d-----w- c:\program files (x86)\DmC Devil may Cry 2013-09-29 19:28 . 2013-09-29 19:28 -------- d-----w- c:\programdata\DriverReviver.exe 2013-09-29 19:26 . 2013-09-29 19:26 -------- d-----w- c:\programdata\ReviverSoft 2013-09-29 19:26 . 2013-09-29 19:26 -------- d-----w- c:\program files\ReviverSoft 2013-09-29 19:19 . 2013-09-29 19:20 -------- d-----w- c:\programdata\DriverGenius 2013-09-29 19:18 . 2013-09-29 19:18 -------- d-----w- c:\program files (x86)\Driver-Soft 2013-09-29 18:59 . 2013-10-05 19:18 -------- d-----w- c:\users\UpdatusUser 2013-09-29 18:59 . 2013-09-29 18:59 -------- d-----w- c:\program files (x86)\AGEIA Technologies 2013-09-29 18:58 . 2013-09-29 19:01 -------- d-----w- c:\program files (x86)\NVIDIA Corporation 2013-09-29 18:58 . 2013-09-12 07:25 6599968 ----a-w- c:\windows\system32\nvcpl.dll 2013-09-29 18:58 . 2013-09-12 07:25 3452192 ----a-w- c:\windows\system32\nvsvc64.dll 2013-09-29 18:58 . 2013-09-12 07:25 920864 ----a-w- c:\windows\system32\nvvsvc.exe 2013-09-29 18:58 . 2013-09-12 07:25 67072 ----a-w- c:\windows\system32\nv3dappshextr.dll 2013-09-29 18:58 . 2013-09-12 07:25 63776 ----a-w- c:\windows\system32\nvshext.dll 2013-09-29 18:58 . 2013-09-12 07:25 2559776 ----a-w- c:\windows\system32\nvsvcr.dll 2013-09-29 18:58 . 2013-09-12 07:25 219424 ----a-w- c:\windows\system32\nvmctray.dll 2013-09-29 18:58 . 2013-09-12 07:25 1042208 ----a-w- c:\windows\system32\nv3dappshext.dll 2013-09-29 18:58 . 2013-09-12 08:58 61216 ----a-w- c:\windows\system32\OpenCL.dll 2013-09-29 18:58 . 2013-09-12 08:58 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll 2013-09-29 18:57 . 2013-09-29 19:01 -------- d-----w- c:\programdata\NVIDIA Corporation 2013-09-29 18:44 . 2013-09-29 18:44 -------- d-----w- c:\programdata\nView_Profiles 2013-09-29 18:41 . 2013-10-05 19:10 -------- d-----w- C:\NVIDIA 2013-09-29 18:35 . 2011-02-08 18:58 1882104 ----a-w- c:\windows\SysWow64\Codejock.Controls.v15.0.1.ocx 2013-09-29 18:35 . 2004-08-11 19:55 110602 ----a-w- c:\windows\SysWow64\xcdsfx32.bin 2013-09-29 18:35 . 2013-09-29 19:23 -------- d-----w- c:\program files (x86)\Driver Magician 2013-09-29 18:35 . 2005-01-12 15:19 456536 ----a-w- c:\windows\SysWow64\XCEEDZIP.DLL 2013-09-29 18:35 . 2004-09-28 15:13 526184 ----a-w- c:\windows\SysWow64\XceedCry.dll 2013-09-29 18:35 . 2004-03-09 04:00 152848 ----a-w- c:\windows\SysWow64\Comdlg32.ocx 2013-09-29 18:35 . 2004-03-09 04:00 132880 ----a-w- c:\windows\SysWow64\Msinet.ocx 2013-09-29 18:35 . 2004-03-09 04:00 1081616 ----a-w- c:\windows\SysWow64\Mscomctl.ocx 2013-09-28 18:41 . 2013-10-11 15:15 -------- d-----w- c:\program files\Microsoft Silverlight 2013-09-28 18:41 . 2013-10-11 15:14 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2013-09-28 15:31 . 2013-09-28 15:31 -------- d-----w- c:\program files\BreakPoint Software 2013-09-28 14:41 . 2013-09-28 14:41 -------- d-----w- c:\program files (x86)\Twitter 2013-09-28 04:04 . 2013-09-28 15:37 -------- d-----w- c:\program files\Sublime Text 2 2013-09-28 02:53 . 2013-09-29 20:05 -------- d-----w- c:\program files (x86)\JDownloader 2013-09-27 16:40 . 2013-09-27 16:40 -------- d-----w- c:\programdata\LogMeIn 2013-09-27 14:21 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2013-09-27 14:21 . 2013-09-27 14:21 -------- d-----w- c:\program files\iPod 2013-09-27 14:21 . 2013-10-05 19:15 -------- d-----w- c:\program files\iTunes 2013-09-27 14:21 . 2013-09-27 14:21 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-09-27 14:21 . 2013-09-27 14:21 -------- d-----w- c:\program files (x86)\iTunes 2013-09-27 14:21 . 2013-09-27 14:21 -------- d-----w- c:\programdata\Apple Computer 2013-09-27 14:21 . 2013-09-27 14:21 -------- d-----w- c:\program files (x86)\Apple Software Update 2013-09-27 14:20 . 2013-09-27 20:18 -------- d-----w- c:\program files\Common Files\Apple 2013-09-27 14:18 . 2013-10-05 19:15 -------- d-----w- c:\program files\Bonjour 2013-09-27 14:18 . 2013-09-27 14:18 -------- d-----w- c:\program files (x86)\Bonjour 2013-09-27 14:17 . 2013-09-27 20:18 -------- d-----w- c:\program files (x86)\Common Files\Apple 2013-09-27 14:17 . 2013-09-27 14:20 -------- d-----w- c:\programdata\Apple 2013-09-27 00:26 . 2013-10-08 15:01 -------- d-----w- c:\program files (x86)\ClipX 2013-09-26 23:48 . 2013-09-26 23:48 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2013-09-26 17:28 . 2013-09-26 17:28 -------- d-----w- c:\program files (x86)\TeamViewer 2013-09-26 14:24 . 2013-07-22 02:19 126872 ----a-w- c:\windows\system32\drivers\scdemu.sys 2013-09-26 14:24 . 2013-09-26 14:24 -------- d-----w- c:\program files (x86)\PowerISO 2013-09-26 02:46 . 2013-10-05 19:10 -------- d-----w- C:\Downloads 2013-09-26 02:46 . 2013-09-30 01:18 -------- d-----w- c:\program files\BitComet 2013-09-26 02:38 . 2013-09-06 18:27 238352 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2013-09-26 02:38 . 2013-09-06 18:25 119056 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-12 05:17 . 2013-09-12 05:17 571168 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2013-09-06 18:25 . 2013-09-06 18:25 146704 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys 2013-09-06 18:25 . 2013-09-06 18:25 131856 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2013-09-06 18:25 . 2013-09-06 18:25 204048 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll 2013-08-29 01:48 . 2013-10-09 17:37 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-08-07 08:22 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD}] 2012-05-25 15:38 281424 ----a-w- c:\program files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\M6400 Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\M6400 Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\M6400 Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="c:\users\M6400 Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-10-06 1140736] "HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416] "Facebook Update"="c:\users\M6400 Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-09-28 138096] "PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2013-07-08 759384] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2013-07-22 337432] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-09-18 152392] . c:\users\M6400 Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\M6400 Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-10-10 29768376] ShareX.lnk - c:\program files\ShareX\ShareX.exe -silent [2013-9-24 865792] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys;c:\windows\SYSNATIVE\DRIVERS\acpials.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x] S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [x] S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x] S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys;c:\windows\SYSNATIVE\Drivers\cvusbdrv.sys [x] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-10-06 20:36 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-10-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-14 01:55] . 2013-10-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3387138883-960520011-3690767013-1000Core.job - c:\users\M6400 Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-28 23:08] . 2013-10-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3387138883-960520011-3690767013-1000UA.job - c:\users\M6400 Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-28 23:08] . 2013-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-25 13:27] . 2013-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-25 13:27] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\M6400 Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\M6400 Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\M6400 Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\M6400 Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-09-12 2722080] "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-08-27 1028896] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-08-16 487424] "ClipX"="c:\program files\ClipX\clipx.exe" [2008-07-28 423424] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105 Trusted Zone: dell.com TCP: DhcpNameServer = 192.168.200.1 TCP: Interfaces\{87DA3285-F760-43F9-83D5-32193B72A3DB}: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{87DA3285-F760-43F9-83D5-32193B72A3DB}\85: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{87DA3285-F760-43F9-83D5-32193B72A3DB}\D4: NameServer = 8.8.8.8,8.8.4.4 FF - ProfilePath - c:\users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\ FF - prefs.js: browser.startup.homepage - about:home FF - ExtSQL: 2013-09-24 22:15; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2013-09-24 22:15; firebug@software.joehewitt.com; c:\users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\firebug@software.joehewitt.com.xpi FF - ExtSQL: 2013-09-24 22:15; elemhidehelper@adblockplus.org; c:\users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\elemhidehelper@adblockplus.org.xpi FF - ExtSQL: 2013-09-24 22:15; {fe272bd1-5f76-4ea4-8501-a05d35d823fc}; c:\users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi FF - ExtSQL: 2013-09-24 22:16; {f3f219f9-cbce-467e-b8fe-6e076d29665c}; c:\users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\{f3f219f9-cbce-467e-b8fe-6e076d29665c} FF - ExtSQL: 2013-09-24 22:16; {bb6bc1bb-f824-4702-90cd-35e2fb24f25d}; c:\users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} FF - ExtSQL: 2013-09-24 22:16; {6AC85730-7D0F-4de0-B3FA-21142DD85326}; c:\users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} FF - ExtSQL: 2013-09-24 22:16; {4093c4de-454a-4329-8aff-c6b0b123c386}; c:\users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi FF - ExtSQL: 2013-09-24 22:16; zoompage@DW-dev; c:\users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\zoompage@DW-dev.xpi FF - ExtSQL: 2013-09-24 22:16; support@lastpass.com; c:\users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\support@lastpass.com FF - ExtSQL: 2013-09-24 22:16; savesession@noasobi.net; c:\users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\savesession@noasobi.net.xpi FF - ExtSQL: 2013-09-24 22:16; firebug@tools.sitepoint.com; c:\users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\firebug@tools.sitepoint.com.xpi FF - ExtSQL: 2013-09-24 22:16; colorPicker@colorPicker; c:\users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\colorPicker@colorPicker.xpi FF - ExtSQL: 2013-09-24 22:16; adblockpopups@jessehakanen.net; c:\users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\adblockpopups@jessehakanen.net.xpi FF - ExtSQL: 2013-09-26 20:45; LogMeInClient@logmein.com; c:\users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\LogMeInClient@logmein.com FF - ExtSQL: 2013-10-08 15:04; {317B5128-0B0B-49b2-B2DB-1E7560E16C74}; c:\users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} FF - ExtSQL: 2013-10-09 14:42; lmnPopVideo@lshai.com; c:\users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\lmnPopVideo@lshai.com.xpi FF - ExtSQL: 2013-10-09 14:45; {E6C93316-271E-4b3d-8D7E-FE11B4350AEB}; c:\users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\{E6C93316-271E-4b3d-8D7E-FE11B4350AEB}.xpi FF - ExtSQL: 2013-10-11 06:17; translator@dontfollowme.net; c:\users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\translator@dontfollowme.net.xpi . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-10-12 08:21:43 ComboFix-quarantined-files.txt 2013-10-12 12:21 ComboFix2.txt 2013-10-11 18:41 ComboFix3.txt 2013-10-11 16:31 . Pre-Run: 35,310,129,152 bytes free Post-Run: 35,242,704,896 bytes free . - - End Of File - - 1CFBB26CA177E0F4A4314576CCAB912B A36C5E4F47E84449FF07ED3517B43A31
  7. RogueKiller V8.7.2 _x64_ [Oct 3 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : M6400 Owner [Admin rights] Mode : Scan -- Date : 10/11/2013 23:20:11 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 7 ¤¤¤ [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) (Standard disk drives) - ST9160412ASG +++++ --- User --- [MBR] 605c93f6b277222eb333ff6581222ec9 [bSP] bf168f689abbea15aa8120bb936218f1 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 152523 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_10112013_232011.txt >>
  8. Hi! really appreciate what you guys do here. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16720 BrowserJavaVersion: 10.40.2 Run by M6400 Owner at 23:06:48 on 2013-10-11 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12276.10378 [GMT -4:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\ClipX\clipx.exe C:\Users\M6400 Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Sandboxie\SbieCtrl.exe C:\Users\M6400 Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\ShareX\ShareX.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\WUDFHost.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\explorer.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\splwow64.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll uRun: [spotify Web Helper] "C:\Users\M6400 Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRun: [HP Photosmart 5510 series (NET)] "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN19E04D0M05NR:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1 uRun: [Facebook Update] "C:\Users\M6400 Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe uRun: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\Users\M6400O~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\M6400 Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\M6400O~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ShareX.lnk - C:\Program Files\ShareX\ShareX.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-Windows\System: UseOEMBackground = dword:1 IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll Trusted Zone: dell.com TCP: NameServer = 192.168.200.1 TCP: Interfaces\{1E70715E-FF5B-4D35-9E5A-F74FB53C6597} : DHCPNameServer = 192.168.42.129 TCP: Interfaces\{87DA3285-F760-43F9-83D5-32193B72A3DB} : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{87DA3285-F760-43F9-83D5-32193B72A3DB} : DHCPNameServer = 192.168.200.1 TCP: Interfaces\{87DA3285-F760-43F9-83D5-32193B72A3DB}\85 : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{87DA3285-F760-43F9-83D5-32193B72A3DB}\85 : DHCPNameServer = 192.168.15.1 TCP: Interfaces\{87DA3285-F760-43F9-83D5-32193B72A3DB}\D4 : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{87DA3285-F760-43F9-83D5-32193B72A3DB}\D4 : DHCPNameServer = 192.168.6.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [ClipX] C:\Program Files\ClipX\clipx.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\ FF - prefs.js: browser.startup.homepage - about:home FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Users\M6400 Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll FF - plugin: C:\Users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-09-24 22:15; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2013-09-24 22:15; firebug@software.joehewitt.com; C:\Users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\firebug@software.joehewitt.com.xpi FF - ExtSQL: 2013-09-24 22:15; elemhidehelper@adblockplus.org; C:\Users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\elemhidehelper@adblockplus.org.xpi FF - ExtSQL: 2013-09-24 22:15; {fe272bd1-5f76-4ea4-8501-a05d35d823fc}; C:\Users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi FF - ExtSQL: 2013-09-24 22:16; {f3f219f9-cbce-467e-b8fe-6e076d29665c}; C:\Users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\{f3f219f9-cbce-467e-b8fe-6e076d29665c} FF - ExtSQL: 2013-09-24 22:16; {bb6bc1bb-f824-4702-90cd-35e2fb24f25d}; C:\Users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} FF - ExtSQL: 2013-09-24 22:16; {6AC85730-7D0F-4de0-B3FA-21142DD85326}; C:\Users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} FF - ExtSQL: 2013-09-24 22:16; {4093c4de-454a-4329-8aff-c6b0b123c386}; C:\Users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi FF - ExtSQL: 2013-09-24 22:16; zoompage@DW-dev; C:\Users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\zoompage@DW-dev.xpi FF - ExtSQL: 2013-09-24 22:16; support@lastpass.com; C:\Users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\support@lastpass.com FF - ExtSQL: 2013-09-24 22:16; savesession@noasobi.net; C:\Users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\savesession@noasobi.net.xpi FF - ExtSQL: 2013-09-24 22:16; firebug@tools.sitepoint.com; C:\Users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\firebug@tools.sitepoint.com.xpi FF - ExtSQL: 2013-09-24 22:16; colorPicker@colorPicker; C:\Users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\colorPicker@colorPicker.xpi FF - ExtSQL: 2013-09-24 22:16; adblockpopups@jessehakanen.net; C:\Users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\adblockpopups@jessehakanen.net.xpi FF - ExtSQL: 2013-09-26 20:45; LogMeInClient@logmein.com; C:\Users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\LogMeInClient@logmein.com FF - ExtSQL: 2013-10-08 15:04; {317B5128-0B0B-49b2-B2DB-1E7560E16C74}; C:\Users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} FF - ExtSQL: 2013-10-09 14:42; lmnPopVideo@lshai.com; C:\Users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\lmnPopVideo@lshai.com.xpi FF - ExtSQL: 2013-10-09 14:45; {E6C93316-271E-4b3d-8D7E-FE11B4350AEB}; C:\Users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\{E6C93316-271E-4b3d-8D7E-FE11B4350AEB}.xpi FF - ExtSQL: 2013-10-11 06:17; translator@dontfollowme.net; C:\Users\M6400 Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l8h1ckbj.default\extensions\translator@dontfollowme.net.xpi . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-9-13 53488] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-9-13 89600] R2 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-3-24 1039776] R2 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-3-24 31136] R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-9-29 14997280] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-9-12 414496] R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-9-26 5087584] R3 acpials;ALS Sensor Filter;C:\Windows\System32\drivers\acpials.sys [2010-11-21 9728] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2013-9-13 172032] R3 cvusbdrv;Dell ControlVault;C:\Windows\System32\drivers\cvusbdrv.sys [2009-11-3 38440] R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-9-29 39200] R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2013-7-8 199384] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168] S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2013-10-11 17480] S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2013-10-11 9800] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-15 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-15 180736] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-9-24 1255736] . =============== Created Last 30 ================ . 2013-10-11 19:14:28 -------- d-----w- C:\Users\M6400 Owner\AppData\Roaming\WindSolutions 2013-10-11 19:14:19 -------- d-----w- C:\ProgramData\WindSolutions 2013-10-11 19:07:23 9800 ----a-w- C:\Windows\System32\EuGdiDrv.sys 2013-10-11 19:07:23 9160 ----a-w- C:\Windows\SysWow64\EuGdiDrv.sys 2013-10-11 19:07:23 87112 ----a-w- C:\Windows\SysWow64\setupempdrv03.exe 2013-10-11 19:07:23 3376640 ----a-w- C:\Windows\System32\BootMan.exe 2013-10-11 19:07:23 3316736 ----a-w- C:\Windows\System32\¸´¼þ BootMan.exe 2013-10-11 19:07:23 2468520 ----a-w- C:\Windows\SysWow64\BootMan.exe 2013-10-11 19:07:23 19840 ----a-w- C:\Windows\SysWow64\EuEpmGdi.dll 2013-10-11 19:07:23 17480 ----a-w- C:\Windows\System32\epmntdrv.sys 2013-10-11 19:07:23 16256 ----a-w- C:\Windows\System32\EuEpmGdi.dll 2013-10-11 19:07:23 14920 ----a-w- C:\Windows\SysWow64\epmntdrv.sys 2013-10-11 19:07:23 100936 ----a-w- C:\Windows\System32\setupempdrvx64.exe 2013-10-11 19:07:18 -------- d-----w- C:\Program Files (x86)\EaseUS 2013-10-11 18:41:52 -------- d-sh--w- C:\$RECYCLE.BIN 2013-10-11 18:32:56 98816 ----a-w- C:\Windows\sed.exe 2013-10-11 18:32:56 256000 ----a-w- C:\Windows\PEV.exe 2013-10-11 18:32:56 208896 ----a-w- C:\Windows\MBR.exe 2013-10-11 16:40:02 -------- d-----w- C:\Program Files\Unlocker 2013-10-11 10:52:51 -------- d-----w- C:\Users\M6400 Owner\.seospyglass 2013-10-11 10:51:56 12872 ----a-w- C:\Windows\System32\bootdelete.exe 2013-10-11 10:22:04 -------- d-----w- C:\Program Files\HitmanPro 2013-10-11 10:21:48 -------- d-----w- C:\ProgramData\HitmanPro 2013-10-09 14:03:51 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center 2013-10-08 20:23:49 -------- d-----w- C:\Users\M6400 Owner\AppData\Local\ClipX 2013-10-08 20:23:48 -------- d-----w- C:\Program Files\ClipX 2013-10-08 20:13:57 -------- d-----w- C:\Users\M6400 Owner\AppData\Roaming\ComfortSoftware 2013-10-08 15:10:56 -------- d-----w- C:\Users\M6400 Owner\AppData\Roaming\Jumping Bytes 2013-10-08 14:50:43 -------- d-----w- C:\Program Files (x86)\Submit Suite 2013-10-08 14:47:04 -------- d-----w- C:\Users\M6400 Owner\AppData\Local\JonathanLeger.com 2013-10-08 14:46:02 -------- d-----w- C:\Program Files (x86)\TheBestSpinner3 2013-10-07 18:08:30 -------- d-----r- C:\Sandbox 2013-10-07 18:06:59 -------- d-----w- C:\Program Files\Sandboxie 2013-10-07 12:26:43 -------- d-----w- C:\Users\M6400 Owner\AppData\Roaming\WinPatrol 2013-10-07 04:07:01 -------- d-----w- C:\Users\M6400 Owner\.thumbnails 2013-10-07 03:33:26 -------- d-----w- C:\Program Files\Blender Foundation 2013-10-06 23:50:48 -------- d-----w- C:\Program Files (x86)\Rockstar Games 2013-10-06 23:50:20 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll 2013-10-06 23:50:20 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll 2013-10-06 23:50:20 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe 2013-10-06 23:50:20 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll 2013-10-06 23:50:20 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll 2013-10-06 23:46:47 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll 2013-10-06 23:46:47 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll 2013-10-06 02:41:40 -------- d-----w- C:\video_output 2013-10-06 02:26:06 -------- d-----w- C:\Program Files (x86)\FLV to AVI MPEG WMV 3GP MP4 iPod Converter 2013-10-05 20:33:39 73728 ----a-r- C:\Users\M6400 Owner\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2013-10-05 20:33:39 73728 ----a-r- C:\Users\M6400 Owner\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2013-10-05 20:33:39 73728 ----a-r- C:\Users\M6400 Owner\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe 2013-10-05 19:46:22 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{99232B8C-201F-474A-9075-933AC1DCD5CB}\mpengine.dll 2013-10-05 19:02:31 -------- d-----w- C:\ProgramData\xml_param 2013-10-05 18:55:20 -------- d-----w- C:\Users\M6400 Owner\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} 2013-10-05 18:54:57 -------- d-----w- C:\Users\M6400 Owner\AppData\Local\Wondershare 2013-10-05 18:54:56 -------- d-----w- C:\Program Files\Common Files\Wondershare 2013-10-05 18:54:38 -------- d-----w- C:\ProgramData\Wondershare Video Converter Pro 2013-10-05 18:54:31 -------- d-----w- C:\Program Files (x86)\Wondershare 2013-10-05 01:07:39 -------- d-----w- C:\Users\M6400 Owner\AppData\Local\Broadcom 2013-10-05 01:04:50 -------- d-----w- C:\Program Files\WIDCOMM 2013-10-04 20:57:34 -------- d-----w- C:\ProgramData\Sophos 2013-10-04 20:57:22 -------- d-----w- C:\Program Files (x86)\Sophos 2013-10-04 19:20:09 -------- d-----w- C:\Users\M6400 Owner\AppData\Roaming\Malwarebytes 2013-10-04 19:20:04 -------- d-----w- C:\ProgramData\Malwarebytes 2013-10-04 19:20:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-03 21:15:42 -------- d-----w- C:\Program Files (x86)\Steam 2013-10-03 16:51:34 -------- d-----w- C:\ProgramData\XDMessaging 2013-10-03 14:51:04 -------- d-----w- C:\Users\M6400 Owner\AppData\Local\SENukeX 2013-10-03 14:50:58 -------- d-----w- C:\Users\M6400 Owner\AppData\Local\SENukeXUpdateConfig 2013-10-01 23:22:24 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe 2013-10-01 23:13:25 -------- d-----w- C:\Program Files\PeerBlock 2013-09-30 17:54:35 -------- d-----w- C:\Temp 2013-09-30 17:54:09 -------- d-----w- C:\Users\M6400 Owner\AppData\Roaming\DJJava 2013-09-30 17:53:41 -------- d-----w- C:\Program Files (x86)\decomp 2013-09-30 15:01:40 -------- d-----w- C:\Users\M6400 Owner\AppData\Roaming\Hex-Rays 2013-09-30 14:59:38 -------- d-----w- C:\Users\M6400 Owner\AppData\Roaming\NetBeans 2013-09-30 14:59:38 -------- d-----w- C:\Users\M6400 Owner\AppData\Local\NetBeans 2013-09-30 14:56:07 -------- d-----w- C:\Program Files\glassfish-4.0 2013-09-30 14:52:11 -------- d-----w- C:\Program Files\NetBeans 7.3.1 2013-09-30 14:49:29 -------- d-----w- C:\Users\M6400 Owner\.nbi 2013-09-30 14:42:42 -------- d-----w- C:\Users\M6400 Owner\.jmc 2013-09-30 14:42:38 -------- d-----w- C:\Users\M6400 Owner\.eclipse 2013-09-30 14:42:23 973736 ----a-w- C:\Windows\System32\deployJava1.dll 2013-09-30 14:42:22 1095080 ----a-w- C:\Windows\System32\npDeployJava1.dll 2013-09-30 14:42:19 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2013-09-30 14:37:22 -------- d-----w- C:\Users\M6400 Owner\.ce 2013-09-30 14:01:39 -------- d-----w- C:\Users\M6400 Owner\.linkassistant 2013-09-30 13:41:31 -------- d-----w- C:\Users\M6400 Owner\.websiteauditor 2013-09-30 13:36:25 -------- d-----w- C:\Program Files (x86)\Link-AssistantCom 2013-09-30 13:07:09 -------- d-----w- C:\ProgramData\Submit Suite 2013-09-30 13:06:15 -------- d-----w- C:\Program Files (x86)\Stealth Keyword Competition Analyzer 2013-09-30 12:54:55 -------- d-----w- C:\Program Files (x86)\Elcomsoft 2013-09-30 12:54:54 -------- d-----w- C:\ProgramData\Elcomsoft Password Recovery 2013-09-30 12:54:54 -------- d-----w- C:\Program Files (x86)\Elcomsoft Password Recovery 2013-09-30 11:25:05 -------- d-----r- C:\Users\M6400 Owner\Dropbox 2013-09-30 11:22:22 -------- d-----w- C:\Users\M6400 Owner\AppData\Roaming\Dropbox 2013-09-30 01:13:53 -------- d-----w- C:\ProgramData\Avira 2013-09-30 01:12:19 -------- d-----w- C:\Users\M6400 Owner\AppData\Local\qBittorrent 2013-09-30 01:12:09 -------- d-----w- C:\Users\M6400 Owner\AppData\Roaming\qBittorrent 2013-09-30 01:07:46 -------- d-----w- C:\Users\M6400 Owner\AppData\Roaming\HTML Executable 2013-09-30 01:03:58 -------- d-----w- C:\Program Files (x86)\qBittorrent 2013-09-30 00:19:54 -------- d-----w- C:\ProgramData\Steam 2013-09-30 00:15:59 5554512 ----a-w- C:\Windows\System32\d3dcsx_42.dll 2013-09-30 00:13:18 -------- d-----w- C:\Windows\SysWow64\directx 2013-09-29 23:58:01 -------- d-----w- C:\Program Files (x86)\DmC Devil may Cry 2013-09-29 20:07:37 -------- d-----w- C:\Users\M6400 Owner\AppData\Local\JDownloader v2.0 2013-09-29 19:48:57 -------- d-----w- C:\Users\M6400 Owner\AppData\Roaming\NVIDIA 2013-09-29 19:28:03 -------- d-----w- C:\ProgramData\DriverReviver.exe 2013-09-29 19:26:30 -------- d-----w- C:\ProgramData\ReviverSoft 2013-09-29 19:26:29 -------- d-----w- C:\Program Files\ReviverSoft 2013-09-29 19:19:45 -------- d-----w- C:\ProgramData\DriverGenius 2013-09-29 19:18:26 -------- d-----w- C:\Program Files (x86)\Driver-Soft 2013-09-29 18:58:57 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation 2013-09-29 18:58:31 920864 ----a-w- C:\Windows\System32\nvvsvc.exe 2013-09-29 18:58:31 67072 ----a-w- C:\Windows\System32\nv3dappshextr.dll 2013-09-29 18:58:31 6599968 ----a-w- C:\Windows\System32\nvcpl.dll 2013-09-29 18:58:31 63776 ----a-w- C:\Windows\System32\nvshext.dll 2013-09-29 18:58:31 3452192 ----a-w- C:\Windows\System32\nvsvc64.dll 2013-09-29 18:58:31 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll 2013-09-29 18:58:31 219424 ----a-w- C:\Windows\System32\nvmctray.dll 2013-09-29 18:58:31 1042208 ----a-w- C:\Windows\System32\nv3dappshext.dll 2013-09-29 18:58:05 61216 ----a-w- C:\Windows\System32\OpenCL.dll 2013-09-29 18:58:05 53024 ----a-w- C:\Windows\SysWow64\OpenCL.dll 2013-09-29 18:57:53 -------- d-----w- C:\ProgramData\NVIDIA Corporation 2013-09-29 18:41:22 -------- d-----w- C:\NVIDIA 2013-09-29 18:35:38 1882104 ----a-w- C:\Windows\SysWow64\Codejock.Controls.v15.0.1.ocx 2013-09-29 18:35:38 110602 ----a-w- C:\Windows\SysWow64\xcdsfx32.bin 2013-09-29 18:35:37 526184 ----a-w- C:\Windows\SysWow64\XceedCry.dll 2013-09-29 18:35:37 456536 ----a-w- C:\Windows\SysWow64\XCEEDZIP.DLL 2013-09-29 18:35:37 152848 ----a-w- C:\Windows\SysWow64\Comdlg32.ocx 2013-09-29 18:35:37 132880 ----a-w- C:\Windows\SysWow64\Msinet.ocx 2013-09-29 18:35:37 1081616 ----a-w- C:\Windows\SysWow64\Mscomctl.ocx 2013-09-29 18:35:37 -------- d-----w- C:\Program Files (x86)\Driver Magician 2013-09-28 23:08:43 -------- d-----w- C:\Users\M6400 Owner\AppData\Local\Facebook 2013-09-28 15:31:56 -------- d-----w- C:\Program Files\BreakPoint Software 2013-09-28 14:42:27 -------- d-----w- C:\Users\M6400 Owner\AppData\Local\twitter 2013-09-28 14:41:29 862712 ----a-r- C:\Users\M6400 Owner\AppData\Roaming\Microsoft\Installer\{6848C97D-3728-4199-A70D-817E65D96ECC}\TweetDeck.exe 2013-09-28 14:41:28 -------- d-----w- C:\Program Files (x86)\Twitter 2013-09-28 04:06:03 -------- d-----w- C:\Users\M6400 Owner\AppData\Roaming\Sublime Text 2 2013-09-28 04:04:25 -------- d-----w- C:\Program Files\Sublime Text 2 2013-09-28 02:53:38 -------- d-----w- C:\Program Files (x86)\JDownloader 2013-09-27 16:40:52 -------- d-----w- C:\Users\M6400 Owner\AppData\Local\LogMeIn 2013-09-27 16:40:52 -------- d-----w- C:\ProgramData\LogMeIn 2013-09-27 14:22:04 -------- d-----w- C:\Users\M6400 Owner\AppData\Local\Apple Computer 2013-09-27 14:21:56 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2013-09-27 14:21:44 -------- d-----w- C:\Program Files\iPod 2013-09-27 14:21:43 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-09-27 14:21:43 -------- d-----w- C:\Program Files\iTunes 2013-09-27 14:21:43 -------- d-----w- C:\Program Files (x86)\iTunes 2013-09-27 14:21:08 -------- d-----w- C:\Users\M6400 Owner\AppData\Local\Apple 2013-09-27 14:18:02 -------- d-----w- C:\Program Files\Bonjour 2013-09-27 14:18:02 -------- d-----w- C:\Program Files (x86)\Bonjour 2013-09-27 00:26:40 -------- d-----w- C:\Program Files (x86)\ClipX 2013-09-26 23:27:15 -------- d-----r- C:\Users\M6400 Owner\Google Drive 2013-09-26 18:00:39 208760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll 2013-09-26 17:29:36 -------- d-----w- C:\Users\M6400 Owner\AppData\Roaming\TeamViewer 2013-09-26 17:28:38 -------- d-----w- C:\Program Files (x86)\TeamViewer 2013-09-26 16:08:00 -------- d-----w- C:\Users\M6400 Owner\AppData\Local\Diagnostics 2013-09-26 14:24:50 -------- d-----w- C:\Users\M6400 Owner\AppData\Roaming\PowerISO 2013-09-26 14:24:24 126872 ----a-w- C:\Windows\System32\drivers\scdemu.sys 2013-09-26 14:24:23 -------- d-----w- C:\Program Files (x86)\PowerISO 2013-09-26 14:21:08 119808 ----a-r- C:\Users\M6400 Owner\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe 2013-09-26 02:53:22 -------- d-----w- C:\Users\M6400 Owner\VirtualBox VMs 2013-09-26 02:46:18 -------- d-----w- C:\Downloads 2013-09-26 02:46:07 -------- d-----w- C:\Users\M6400 Owner\AppData\Roaming\BitComet 2013-09-26 02:46:06 -------- d-----w- C:\Program Files\BitComet 2013-09-26 02:42:03 -------- d-----w- C:\Users\M6400 Owner\AppData\Roaming\uTorrent 2013-09-26 02:38:56 -------- d-----w- C:\Users\M6400 Owner\.VirtualBox 2013-09-26 02:38:24 238352 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys 2013-09-26 02:38:14 119056 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys 2013-09-26 00:36:44 -------- d-----w- C:\Users\M6400 Owner\AppData\Roaming\.purple 2013-09-26 00:36:44 -------- d-----w- C:\Users\M6400 Owner\AppData\Local\enchant 2013-09-26 00:36:37 -------- d-----w- C:\Program Files (x86)\pidgin-otr 2013-09-26 00:33:34 -------- d-----w- C:\Program Files (x86)\Pidgin 2013-09-25 17:55:23 -------- d-----w- C:\Users\M6400 Owner\AppData\Local\http___www.julien-manici 2013-09-25 17:54:46 -------- d-----w- C:\Program Files (x86)\Julien MANICI 2013-09-25 13:36:16 -------- d-----w- C:\Users\M6400 Owner\AppData\Local\Macromedia 2013-09-25 13:27:57 -------- d-----w- C:\Users\M6400 Owner\AppData\Local\Google 2013-09-25 03:31:34 741480 ------w- C:\Windows\System32\HPDiscoPMa111.dll 2013-09-25 03:31:26 -------- d-----w- C:\Program Files (x86)\HP 2013-09-25 03:31:25 -------- d-----w- C:\Program Files\HP 2013-09-25 03:31:08 -------- d-----w- C:\Users\M6400 Owner\AppData\Local\HP 2013-09-25 03:15:17 -------- d-----w- C:\Windows\AutoKMS 2013-09-25 03:14:16 -------- d-----w- C:\ProgramData\Microsoft Toolkit 2013-09-25 02:52:00 -------- d-----w- C:\Program Files\Microsoft Synchronization Services 2013-09-25 02:51:30 -------- d-----w- C:\Windows\PCHEALTH 2013-09-25 02:51:30 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition 2013-09-25 02:47:36 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8 2013-09-25 02:45:38 -------- d-----w- C:\Program Files\Microsoft Analysis Services 2013-09-25 02:45:38 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services 2013-09-25 02:42:33 -------- d-----w- C:\Users\M6400 Owner\AppData\Local\Microsoft Help 2013-09-25 02:38:23 -------- d-----w- C:\Program Files\ShareX 2013-09-25 02:33:59 -------- d-----w- C:\Users\M6400 Owner\AppData\Local\Deployment 2013-09-25 02:33:59 -------- d-----w- C:\Users\M6400 Owner\AppData\Local\Apps 2013-09-25 02:19:52 -------- d-----w- C:\Users\M6400 Owner\AppData\Local\Spotify 2013-09-25 02:19:33 -------- d-----w- C:\Users\M6400 Owner\AppData\Roaming\Spotify 2013-09-25 02:13:25 -------- d-----r- C:\Program Files (x86)\Skype 2013-09-24 15:20:15 -------- d-----w- C:\Windows\SysWow64\Wat 2013-09-24 15:20:14 -------- d-----w- C:\Windows\System32\Wat 2013-09-14 00:41:41 -------- d-----w- C:\ProgramData\Oracle 2013-09-14 00:41:26 868264 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-09-14 00:41:26 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-09-14 00:41:22 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-09-14 00:40:12 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-09-14 00:40:12 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-09-14 00:39:55 -------- d-----w- C:\Users\M6400 Owner\AppData\Local\Adobe 2013-09-13 22:43:30 1643520 ----a-w- C:\Windows\System32\DWrite.dll 2013-09-13 22:43:30 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll 2013-09-13 22:10:09 -------- d-----w- C:\Windows\System32\MRT 2013-09-13 21:59:08 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2013-09-13 21:59:08 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2013-09-13 21:59:08 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui 2013-09-13 21:48:57 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-09-13 21:40:03 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2013-09-13 21:36:17 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2013-09-13 21:36:17 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2013-09-13 21:36:16 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2013-09-13 21:36:16 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2013-09-13 21:36:16 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2013-09-13 21:36:16 229888 ----a-w- C:\Windows\System32\WUDFHost.exe 2013-09-13 21:36:16 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2013-09-13 21:33:46 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2013-09-13 21:33:46 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2013-09-13 21:33:46 5120 ----a-w- C:\Windows\System32\wmi.dll 2013-09-13 21:33:46 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2013-09-13 21:33:46 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2013-09-13 21:30:36 1930752 ----a-w- C:\Windows\System32\authui.dll 2013-09-13 21:29:52 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-09-13 21:26:51 467456 ----a-w- C:\Windows\System32\drivers\srv.sys 2013-09-13 21:26:51 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys 2013-09-13 21:26:51 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2013-09-13 21:26:05 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax 2013-09-13 21:26:05 613888 ----a-w- C:\Windows\System32\psisdecd.dll 2013-09-13 21:26:05 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll 2013-09-13 21:26:05 108032 ----a-w- C:\Windows\System32\psisrndr.ax 2013-09-13 21:26:00 362496 ----a-w- C:\Windows\System32\wow64win.dll 2013-09-13 21:26:00 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2013-09-13 21:26:00 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2013-09-13 21:23:06 1887232 ----a-w- C:\Windows\System32\d3d11.dll 2013-09-13 21:23:06 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll 2013-09-13 21:15:49 77312 ----a-w- C:\Windows\System32\packager.dll 2013-09-13 21:15:49 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2013-09-13 21:15:48 67072 ----a-w- C:\Windows\splwow64.exe 2013-09-13 21:15:48 559104 ----a-w- C:\Windows\System32\spoolsv.exe 2013-09-13 21:15:14 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2013-09-13 21:15:14 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2013-09-13 21:15:14 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2013-09-13 21:11:23 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2013-09-13 21:11:16 99840 ----a-w- C:\Windows\System32\wudriver.dll 2013-09-13 21:11:09 36864 ----a-w- C:\Windows\System32\wuapp.exe 2013-09-13 21:11:09 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2013-09-13 21:09:18 -------- d-----w- C:\Program Files (x86)\Common Files\CyberLink 2013-09-13 21:08:15 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2013-09-13 21:08:15 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2013-09-13 21:08:15 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll 2013-09-13 20:41:52 -------- d-----w- C:\ProgramData\Uninstall 2013-09-13 20:41:51 -------- d-----w- C:\Program Files (x86)\Common Files\SureThing Shared 2013-09-13 20:41:35 53488 ------w- C:\Windows\System32\drivers\PxHlpa64.sys 2013-09-13 20:41:34 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared 2013-09-13 20:41:34 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine 2013-09-13 20:41:23 -------- d-----w- C:\Users\M6400 Owner\AppData\Local\Programs 2013-09-13 20:41:22 -------- d-----w- C:\Program Files (x86)\Roxio 2013-09-13 20:41:09 -------- d-----w- C:\Users\M6400 Owner\AppData\Roaming\Roxio Log Files 2013-09-13 20:40:36 -------- d-----w- C:\DELL 2013-09-13 20:13:58 -------- d-----w- C:\Program Files\NVIDIA Corporation 2013-09-13 20:13:53 402024 ----a-w- C:\Windows\System32\nvShell.dll 2013-09-13 20:13:53 259176 ----a-w- C:\Windows\SysWow64\nViewSetup.exe 2013-09-13 20:13:53 1399400 ----a-w- C:\Windows\System32\nView64.dll 2013-09-13 20:13:53 -------- d-----w- C:\Windows\nview 2013-09-13 20:13:34 285288 ----a-w- C:\Windows\SysWow64\nvdecodemft.dll 2013-09-13 20:13:32 930272 ----a-w- C:\Windows\System32\dpinst.exe 2013-09-13 20:13:32 255080 ----a-w- C:\Windows\System32\nvcod1919.dll 2013-09-13 20:13:01 -------- d-----w- C:\Program Files\Synaptics 2013-09-13 20:12:44 -------- d-----w- C:\Windows\Panther 2013-09-13 20:12:42 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll 2013-09-13 20:12:41 395048 ----a-w- C:\Windows\System32\SynCOM.dll 2013-09-13 20:12:41 281648 ----a-w- C:\Windows\System32\drivers\SynTP.sys 2013-09-13 20:12:41 261416 ----a-w- C:\Windows\System32\SynCtrl.dll 2013-09-13 20:12:41 206120 ----a-w- C:\Windows\SysWow64\SynCtrl.dll 2013-09-13 20:12:41 204072 ----a-w- C:\Windows\System32\SynTPAPI.dll 2013-09-13 20:12:41 169256 ----a-w- C:\Windows\SysWow64\SynCOM.dll 2013-09-13 20:12:41 147752 ----a-w- C:\Windows\System32\SynTPCo4.dll 2013-09-13 20:12:41 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll 2013-09-13 20:11:59 -------- d-----w- C:\Windows\System32\OEM 2013-09-13 20:11:59 -------- d-----w- C:\Hotfix 2013-09-13 20:09:29 440208 ----a-w- C:\Windows\System32\brcmbsp.dll 2013-09-13 20:09:29 283016 ----a-w- C:\Windows\System32\bipbsp.dll 2013-09-13 20:09:23 -------- d-----w- C:\ProgramData\Broadcom 2013-09-13 20:09:23 -------- d-----w- C:\Program Files\Broadcom Corporation 2013-09-13 20:09:19 81904 ----a-w- C:\Windows\System32\pbadrvdll.dll 2013-09-13 20:09:19 80368 ----a-w- C:\Windows\SysWow64\pbadrvdll.dll 2013-09-13 20:09:19 32240 ----a-w- C:\Windows\System32\drivers\PBADRV.SYS 2013-09-13 20:09:02 405504 ----a-r- C:\Users\M6400 Owner\AppData\Roaming\Microsoft\Installer\{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}\ARPPRODUCTICON.exe 2013-09-13 20:08:58 -------- d-----w- C:\Windows\System32\BioAPIFFDB 2013-09-13 20:00:45 131072 ----a-w- C:\Windows\SysWow64\DellSPMsg.dll 2013-09-13 20:00:10 90112 ----a-w- C:\Windows\System32\snymsico.dll 2013-09-13 20:00:10 67584 ----a-w- C:\Windows\System32\drivers\rimmpx64.sys 2013-09-13 20:00:10 57856 ----a-w- C:\Windows\System32\drivers\rixdpx64.sys 2013-09-13 20:00:10 55296 ----a-w- C:\Windows\System32\drivers\rimspx64.sys 2013-09-13 20:00:10 172032 ----a-w- C:\Windows\System32\rixdicon.dll 2013-09-13 19:59:00 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll 2013-09-13 19:58:30 -------- d-----w- C:\Intel 2013-09-13 19:55:02 90624 ----a-w- C:\Windows\System32\AESTCo64.dll 2013-09-13 19:55:02 68608 ----a-w- C:\Windows\System32\AESTAR64.dll 2013-09-13 19:55:02 442368 ----a-w- C:\Windows\System32\AESTEC64.dll 2013-09-13 19:55:02 1952256 ----a-w- C:\Windows\System32\stlang64.dll 2013-09-13 19:55:02 162816 ----a-w- C:\Windows\System32\AESTAC64.dll 2013-09-13 19:55:02 12829184 ----a-w- C:\Windows\System32\idtcpl64.cpl 2013-09-13 19:55:01 -------- d-----w- C:\Windows\System32\SRSLabs 2013-09-13 19:54:39 209920 ----a-w- C:\Windows\System32\st646227.dll 2013-09-13 19:54:38 -------- d-----w- C:\Program Files\IDT 2013-09-13 19:51:47 -------- d-----w- C:\Program Files (x86)\Dell 2013-09-13 19:51:23 -------- d-sh--w- C:\Windows\Installer 2013-09-13 19:05:26 75 --sh--r- C:\Windows\CT4CET.bin 2013-09-13 19:05:13 -------- d-----w- C:\Program Files (x86)\Common Files\Reallusion 2013-09-13 19:04:38 -------- d-----w- C:\Program Files (x86)\Creative 2013-09-13 19:04:16 172032 ----a-w- C:\Windows\System32\drivers\CtClsFlt.sys 2013-09-13 19:04:16 -------- d-----w- C:\Program Files (x86)\Dell Webcam 2013-09-13 19:04:13 -------- d-----w- C:\Program Files (x86)\Creative Live! Cam 2013-09-13 19:03:53 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll 2013-09-13 19:03:53 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll 2013-09-13 19:03:53 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe 2013-09-13 19:03:53 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll 2013-09-13 19:03:53 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll 2013-09-13 19:03:53 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll 2013-09-13 19:03:50 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll 2013-09-13 19:03:50 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll 2013-09-13 03:53:16 24287424 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL 2013-09-12 17:14:42 18612928 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL 2013-09-12 05:17:50 571168 ----a-w- C:\Windows\SysWow64\nvStreaming.exe . ==================== Find3M ==================== . 2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll 2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys 2013-09-13 21:48:57 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-09-12 08:58:10 9281032 ----a-w- C:\Windows\System32\nvcuda.dll 2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll 2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll 2013-09-06 18:25:40 146704 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys 2013-09-06 18:25:40 131856 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys 2013-09-06 18:25:38 204048 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll 2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys 2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys 2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll 2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll 2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll 2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll 2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll 2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll 2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll 2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys 2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll 2013-08-20 13:33:40 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys 2013-08-20 13:32:58 29984 ----a-w- C:\Windows\System32\nvaudcap64v.dll 2013-08-20 13:32:46 28448 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll 2013-08-07 08:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys 2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe 2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe 2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2013-08-01 12:09:36 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL 2013-07-20 10:33:12 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll 2013-07-20 10:33:08 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll 2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll 2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll . ============= FINISH: 23:07:15.53 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 9/13/2013 1:03:43 PM System Uptime: 10/11/2013 9:57:46 PM (2 hours ago) . Motherboard: Dell Inc. | | 076V94 Processor: Intel® Core2 Duo CPU T9600 @ 2.80GHz | Microprocessor | 2772/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 149 GiB total, 27.604 GiB free. D: is CDROM () E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP70: 10/11/2013 2:29:59 PM - Removed Google Drive RP71: 10/11/2013 2:31:08 PM - Removed Google Drive . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.05) Advanced Audio FX Engine Advanced Office Password Recovery Apple Application Support Apple Mobile Device Support Apple Software Update Article Spinner 3.0.2.0 BioAPI Framework Blender Bonjour ClipX Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition Dell ControlVault Host Components Installer 64Bit Dell Security Device Driver Pack Dell System Detect Dell Touchpad Dell Webcam Central DJ Java Decompiler v.3.12.12.96 DmC Devil may Cry version 5.1 Driver Reviver Dropbox EaseUS Partition Master 9.2.1 Professional Facebook Video Calling 1.2.0.287 FLV to AVI MPEG WMV 3GP MP4 iPod Converter 5.3.0402 GeForce Experience NvStream Client Components GlassFish Server Open Source Edition 4.0 Google AdWords Editor Google Chrome Google Update Helper GTA San Andreas Guifications Plugin (remove only) Hex Workshop v6.7 HP Photosmart 5510 series Basic Device Software IDT Audio iTunes Java 7 Update 40 Java 7 Update 40 (64-bit) Java Auto Updater Java SE Development Kit 7 Update 40 (64-bit) JDownloader 2 Live! Cam Avatar Creator Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Mouse and Keyboard Center Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 32-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 32-bit MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 24.0 (x86 en-US) Mozilla Maintenance Service NetBeans IDE 7.3.1 NVIDIA 3D Vision Driver 327.23 NVIDIA Control Panel 327.23 NVIDIA GeForce Experience 1.6.1 NVIDIA Graphics Driver 327.23 NVIDIA Install Application NVIDIA nView 140.62 NVIDIA PhysX NVIDIA PhysX System Software 9.13.0725 NVIDIA Stereoscopic 3D Driver NVIDIA Update 8.3.14 NVIDIA Update Components NVIDIA Virtual Audio 1.2.5 Oracle VM VirtualBox 4.2.18 PeerBlock 1.1 (r518) Pidgin pidgin-otr 4.0.0-1 PowerISO qBittorrent 3.0.11 RICOH Media Driver ver.2.07.01.01 Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE 10.3 Roxio Creator Tools Roxio Express Labeler 3 Roxio Update Manager Sandboxie 4.04 (64-bit) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2) Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687422) 64-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2826023) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2826035) 64-Bit Edition Security Update for Microsoft Outlook 2010 (KB2794707) 64-Bit Edition Security Update for Microsoft Publisher 2010 (KB2553147) 64-Bit Edition Security Update for Microsoft Visio 2010 (KB2810068) 64-Bit Edition SEO PowerSuite ShareX 8.2.0.655 SHIELD Streaming Skype™ 6.7 Sophos Virus Removal Tool Spotify Sublime Text 2.0.2 TeamViewer 8 TheBestSpinner3 TweetDeck Unlocker 1.9.2 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2836939) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition Update for Microsoft Word 2010 (KB2827323) 64-Bit Edition UPEK TouchChip Fingerprint Reader Windows 7 Logon Background Changer Windows 7 USB/DVD Download Tool Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) WinRAR 5.00 (64-bit) . ==== Event Viewer Messages From Past Week ======== . 10/9/2013 7:49:34 AM, Error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s). 10/7/2013 9:16:58 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3. 10/7/2013 8:07:33 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect. 10/5/2013 7:14:31 PM, Error: volsnap [8] - The flush and hold writes operation on volume C: timed out while waiting for a release writes command. 10/5/2013 7:02:10 PM, Error: Service Control Manager [7031] - The Avira Real-Time Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 10/5/2013 7:01:44 PM, Error: Service Control Manager [7001] - The Avira Web Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error: The service has not been started. 10/5/2013 7:01:44 PM, Error: Service Control Manager [7001] - The Avira Mail Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error: The service has not been started. 10/5/2013 6:58:19 PM, Error: Service Control Manager [7024] - The Avira Mail Protection service terminated with service-specific error Incorrect function.. 10/5/2013 6:28:42 PM, Error: Service Control Manager [7031] - The Avira FireWall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 10/5/2013 4:01:20 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 10/5/2013 3:41:35 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.159.1395.0). 10/5/2013 3:40:03 PM, Error: Service Control Manager [7024] - The Avira Web Protection service terminated with service-specific error Incorrect function.. 10/5/2013 2:42:42 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 10/4/2013 5:55:35 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer UNKNOWN that believes that it is the master browser for the domain on transport NetBT_Tcpip_{87DA3285-F760-43F9-83D5-32193B72A3DB}. The master browser is stopping or an election is being forced. 10/11/2013 6:54:54 PM, Error: Service Control Manager [7000] - The rimmptsk service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 10/11/2013 6:13:37 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TeamViewer 8 service to connect. 10/11/2013 6:13:37 AM, Error: Service Control Manager [7000] - The TeamViewer 8 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/11/2013 3:38:15 AM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The pipe has been ended. 10/11/2013 3:38:15 AM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: A system shutdown is in progress. 10/11/2013 3:38:15 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: A system shutdown is in progress. 10/11/2013 3:37:31 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied. 10/11/2013 2:40:06 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 10/11/2013 12:32:56 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer WIRELESSROUTER that believes that it is the master browser for the domain on transport NetBT_Tcpip_{87DA3285-F760-43F9-83D5-32193B72A3DB}. The master browser is stopping or an election is being forced. 10/11/2013 12:23:12 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 10/11/2013 11:16:41 AM, Error: WudfUsbccidDriver [12] - The device generated 60949 unknown interrupt(s) in 2698 ms. Last Unknown Interrupt Message: 0x0. 10/11/2013 11:16:41 AM, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'Broadcom Corp Contacted SmartCard 0' rejected IOCTL GET_STATE: The I/O operation has been aborted because of either a thread exit or an application request. If this error persists, your smart card or reader may not be functioning correctly. Command Header: XX XX XX XX 10/10/2013 3:39:11 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MYNETN750 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{87DA3285-F760-43F9-83D5-32193B72A3DB}. The master browser is stopping or an election is being forced. . ==== End Of File =========================== I'm going to follow the other steps now.
  9. So I had downloaded something and ran it that I probably shouldn't have . I first noticed somethign was up becasue in my Startup folder there was a 3.vbs the code inside was obsfuscated (or however you spell that) and everytime I would delete the file it would come back. So I opened up ProcMon and found out that DropBox.exe was creating the file so killed the process deleted the 3.vbs and it didn't come back but NOW everytime I start my computer I find this is: C:\Users\%USERNAME%\AppData\Local\Temp\_MEI30602 - and this directory is filled with a bunch of python files If someone could help me that would be awesome. If not I'm just going to reformat after work
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.