Jump to content

PC runs slow, redirect and link doesn't work


Recommended Posts

My computer is acting weird

1. It runs slow and Internet explorer will freeze sometimes like there are too many programs were running but it isn't.

2. "download now" icon when clicked do not response to anything or it supposed to run the application automatically but it didn't.

3. Internet explorer sometimes redirec to other web page.

4. I have run McAfee, Avast, Malwarebytes, spybot - search & destroy, rootkitremover, stinger, tdsskiller, rkill, Hitmanpro. Hitmanpro shows 2 undeletable files ad.yieldmanager.com and www.etracker.de

Please help.

Thank you.

Link to post
Share on other sites

Can you post any relevent logs from the tools you`ve run? Especially TDSSKiller and Malwarebytes.

Next,

Run the following and post the two produced logs:

Download and save DDS to your Desktop from either of the following links:

http://download.bleepingcomputer.com/sUBs/dds.scr

http://compendiate.net/sUBs/dds/dds.scr

Double click DDS to run the scan, Vista or Windows 7 user accept UAC alert.

There will be an alert that two logs will be saved to the Desktop, DDS.txt and Attach.txt

Copy and paste those two logs to your reply when the scan is complete....

Kevin..

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.5.1

Run by Sebastian at 23:00:14 on 2013-01-04

.

============== Running Processes ================

.

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files (x86)\PPStream\PPSAP.exe

C:\Users\Sebastian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Windows\SysWOW64\Ctxfihlp.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe

C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\IndicatorOSD.exe

C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe

C:\Windows\SysWOW64\CTXFISPI.EXE

C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Windows\SysWOW64\ctfmon.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Bar = Preserve

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSAP.exe

uRun: [Google Update] "C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [spotify] "C:\Users\Sebastian\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart

uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

uRun: [spotify Web Helper] "C:\Users\Sebastian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet

uRun: [eMuleAutoStart] C:\Program Files (x86)\eMule\emule.exe -AutoStart

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Chicony_OSD] "C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe"

mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe

mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900

mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [PC Cleaners] "C:\Program Files (x86)\PC Cleaners\PCCleaners.exe" /minimize

dRunOnce: [CTAutoUpdate] "C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" /RunFromInstaller

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

TCP: NameServer = 192.168.0.1 205.171.3.25

TCP: Interfaces\{3CAC5A20-872D-458C-8D66-6C58F50B3872} : DHCPNameServer = 192.168.0.1 205.171.3.25

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck -

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup

x64-Run: [CaretakerNotifier] C:\Program Files\SurfRight\Caretaker\Notifier.exe

x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll

x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -

x64-SSODL: WebCheck -

.

============= SERVICES / DRIVERS ===============

.

R? Altair UMT;Altair UMT

R? CaretakerAntispam;Caretaker Antispam Service

R? CLKMSVC10_9EC60124;CyberLink Product - 2012/02/24 18:40:35

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64

R? Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service

R? CT20XUT;CT20XUT

R? CTEXFIFX;CTEXFIFX

R? CTHWIUT;CTHWIUT

R? DellDigitalDelivery;Dell Digital Delivery Service

R? HipShieldK;McAfee Inc. HipShieldK

R? McAWFwk;McAfee Activation Service

R? McOobeSv;McAfee OOBE Service

R? McShield;McAfee McShield

R? mferkdet;McAfee Inc. mferkdet

R? mfetdi2k;McAfee Inc. mfetdi2k

R? PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver

R? RoxMediaDB12OEM;RoxMediaDB12OEM

R? RoxWatch12;Roxio Hard Drive Watcher 12

R? TsUsbFlt;TsUsbFlt

R? TsUsbGD;Remote Desktop Generic USB Device

R? USBAAPL64;Apple Mobile USB Driver

R? WatAdminSvc;Windows Activation Technologies Service

R? wlcrasvc;Windows Live Mesh remote connections service

S? AMD External Events Utility;AMD External Events Utility

S? aswFsBlk;aswFsBlk

S? aswMonFlt;aswMonFlt

S? aswSnx;aswSnx

S? aswSP;aswSP

S? AtiHDAudioService;ATI Function Driver for HD Audio Service

S? avast! Antivirus;avast! Antivirus

S? CaretakerProxy;Caretaker Proxy

S? CaretakerSvc;Caretaker Service

S? CaretakerUpdate;Caretaker Updater

S? cfwids;McAfee Inc. cfwids

S? CT20XUT.SYS;CT20XUT.SYS

S? CTEXFIFX.SYS;CTEXFIFX.SYS

S? CTHWIUT.SYS;CTHWIUT.SYS

S? ctredr15.sys;ctredr15.sys

S? ha20x22k;Creative 20X2 HAL Driver

S? IAStorDataMgrSvc;Intel® Rapid Storage Technology

S? k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0

S? MBAMProtector;MBAMProtector

S? MBAMScheduler;MBAMScheduler

S? MBAMService;MBAMService

S? McMPFSvc;McAfee Personal Firewall Service

S? McNaiAnn;McAfee VirusScan Announcer

S? McProxy;McAfee Proxy Service

S? mfeavfk;McAfee Inc. mfeavfk

S? mfefire;McAfee Firewall Core Service

S? mfefirek;McAfee Inc. mfefirek

S? mfehidk;McAfee Inc. mfehidk

S? mfevtp;McAfee Validation Trust Protection Service

S? mfewfpk;McAfee Inc. mfewfpk

S? NAUpdate;Nero Update

S? NOBU;Dell DataSafe Online

S? nusb3hub;NEC Electronics USB 3.0 Hub Driver

S? nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver

S? OSDSvc;ChiconyOSDService

S? PCTBD;PC Tools Browser Defender Driver

S? PCTCore;PCTools KDS

S? pctDS;PC Tools Data Store

S? pctEFA;PC Tools Extended File Attributes

S? pctgntdi;pctgntdi

S? PCTSD;PC Tools Spyware Doctor Driver

S? PxHlpa64;PxHlpa64

S? SBSDWSCService;SBSD Security Center Service

S? SftService;SoftThinks Agent Service

.

=============== Created Last 30 ================

.

2013-01-05 05:42:14 710504 ----a-w- C:\Windows\isRS-000.tmp

2013-01-05 05:41:53 -------- d-----w- C:\Users\Sebastian\AppData\Local\Programs

2013-01-04 08:48:39 -------- d-----w- C:\Users\Sebastian\AppData\Roaming\PC Cleaners

2013-01-04 08:48:32 4728200 ----a-w- C:\Windows\uninst.exe

2013-01-04 08:48:31 -------- d-----w- C:\Users\Sebastian\AppData\Roaming\PCPro

2013-01-04 08:48:31 -------- d-----w- C:\ProgramData\PC1Data

2013-01-04 07:36:19 -------- d-----w- C:\ProgramData\SurfRight

2013-01-04 07:36:19 -------- d-----w- C:\Program Files\SurfRight

2013-01-04 07:36:19 -------- d-----w- C:\Program Files (x86)\SurfRight

2013-01-04 07:27:54 95184 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-01-04 07:23:14 253256 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys

2013-01-04 07:23:14 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

2013-01-04 07:22:16 -------- d-----w- C:\ProgramData\PC Tools

2013-01-04 07:22:15 -------- d-----w- C:\Users\Sebastian\AppData\Roaming\TestApp

2013-01-04 07:20:48 1081320 ----a-w- C:\Windows\System32\npDeployJava1.dll

2013-01-04 07:20:45 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2013-01-04 07:11:25 12872 ----a-w- C:\Windows\System32\bootdelete.exe

2013-01-04 06:59:06 16200 ----a-w- C:\Windows\stinger.sys

2013-01-03 03:45:47 46080 ----a-w- C:\Windows\System32\atmlib.dll

2013-01-03 03:45:47 367616 ----a-w- C:\Windows\System32\atmfd.dll

2013-01-03 03:45:47 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2013-01-03 03:45:45 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-17 11:09:20 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2012-12-17 11:09:20 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2012-12-17 11:09:20 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2012-12-17 11:09:20 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2012-12-17 11:01:47 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2012-12-17 11:01:47 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2012-12-17 11:01:46 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2012-12-17 11:01:46 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2012-12-17 11:01:45 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2012-12-17 11:01:45 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2012-12-17 11:01:45 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2012-12-17 07:39:43 10288 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys

2012-12-17 07:39:34 177680 ----a-w- C:\Windows\System32\mfevtps.exe

2012-12-17 07:39:32 771096 ----a-w- C:\Windows\System32\drivers\mfehidk.sys

2012-12-17 07:39:32 69672 ----a-w- C:\Windows\System32\drivers\cfwids.sys

2012-12-17 07:39:32 515528 ----a-w- C:\Windows\System32\drivers\mfefirek.sys

2012-12-17 07:39:32 339776 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys

2012-12-17 07:39:32 309400 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys

2012-12-17 07:39:32 178840 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys

2012-12-17 07:39:32 106112 ----a-w- C:\Windows\System32\drivers\mferkdet.sys

2012-12-17 04:59:09 -------- d-----w- C:\ProgramData\HitmanPro

2012-12-17 04:53:25 -------- d-----w- C:\Program Files (x86)\stinger

2012-12-17 04:42:57 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-12-17 04:18:10 -------- d-----w- C:\rootkitremover

2012-12-16 08:44:09 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-12-16 08:44:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-12-15 10:24:08 118600 ----a-w- C:\Windows\System32\drivers\mfetdi2k.sys

.

==================== Find3M ====================

.

2013-01-04 07:27:39 859072 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-01-04 07:27:39 779704 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-01-04 07:20:42 959976 ----a-w- C:\Windows\System32\deployJava1.dll

2012-12-12 04:53:50 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-12 04:53:50 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-12-12 04:53:43 15728568 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-10-23 10:18:31 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2012-10-23 10:18:30 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2012-10-23 10:17:48 41224 ----a-w- C:\Windows\avastSS.scr

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-15 16:59:28 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

.

============= FINISH: 23:00:22.70 ===============

Link to post
Share on other sites

21:40:02.0960 216468 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

21:40:04.0962 216468 ============================================================

21:40:04.0962 216468 Current date / time: 2013/01/04 21:40:04.0962

21:40:04.0962 216468 SystemInfo:

21:40:04.0962 216468

21:40:04.0962 216468 OS Version: 6.1.7601 ServicePack: 1.0

21:40:04.0962 216468 Product type: Workstation

21:40:04.0963 216468 ComputerName: SEBASTIAN-PC

21:40:04.0963 216468 UserName: Sebastian

21:40:04.0963 216468 Windows directory: C:\Windows

21:40:04.0963 216468 System windows directory: C:\Windows

21:40:04.0963 216468 Running under WOW64

21:40:04.0963 216468 Processor architecture: Intel x64

21:40:04.0963 216468 Number of processors: 8

21:40:04.0963 216468 Page size: 0x1000

21:40:04.0963 216468 Boot type: Normal boot

21:40:04.0963 216468 ============================================================

21:40:05.0455 216468 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

21:40:05.0476 216468 ============================================================

21:40:05.0476 216468 \Device\Harddisk0\DR0:

21:40:05.0476 216468 MBR partitions:

21:40:05.0476 216468 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1A80000

21:40:05.0476 216468 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A94000, BlocksNum 0x72C72000

21:40:05.0476 216468 ============================================================

21:40:05.0514 216468 C: \Device\Harddisk0\DR0\Partition2

21:40:05.0515 216468 ============================================================

21:40:05.0515 216468 Initialize success

21:40:05.0515 216468 ============================================================

21:40:08.0386 216788 ============================================================

21:40:08.0386 216788 Scan started

21:40:08.0386 216788 Mode: Manual;

21:40:08.0386 216788 ============================================================

21:40:09.0363 216788 ================ Scan system memory ========================

21:40:09.0363 216788 System memory - ok

21:40:09.0363 216788 ================ Scan services =============================

21:40:09.0543 216788 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

21:40:09.0547 216788 1394ohci - ok

21:40:09.0562 216788 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

21:40:09.0568 216788 ACPI - ok

21:40:09.0571 216788 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

21:40:09.0573 216788 AcpiPmi - ok

21:40:09.0696 216788 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

21:40:09.0698 216788 AdobeARMservice - ok

21:40:09.0768 216788 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

21:40:09.0772 216788 AdobeFlashPlayerUpdateSvc - ok

21:40:09.0782 216788 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

21:40:09.0789 216788 adp94xx - ok

21:40:09.0801 216788 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

21:40:09.0805 216788 adpahci - ok

21:40:09.0809 216788 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

21:40:09.0811 216788 adpu320 - ok

21:40:09.0828 216788 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

21:40:09.0831 216788 AeLookupSvc - ok

21:40:09.0896 216788 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

21:40:09.0902 216788 AFD - ok

21:40:09.0912 216788 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

21:40:09.0914 216788 agp440 - ok

21:40:09.0935 216788 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

21:40:09.0937 216788 ALG - ok

21:40:09.0939 216788 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

21:40:09.0940 216788 aliide - ok

21:40:09.0986 216788 [ DC0C66E22A1B49B4ED35BBC4FA69AB70 ] Altair UMT C:\Altair\licensing10.0\security\bin\win64\umt_dist\umt_service.exe

21:40:09.0992 216788 Altair UMT - ok

21:40:10.0014 216788 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

21:40:10.0016 216788 AMD External Events Utility - ok

21:40:10.0019 216788 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

21:40:10.0020 216788 amdide - ok

21:40:10.0030 216788 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

21:40:10.0032 216788 AmdK8 - ok

21:40:10.0168 216788 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

21:40:10.0298 216788 amdkmdag - ok

21:40:10.0319 216788 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

21:40:10.0322 216788 amdkmdap - ok

21:40:10.0325 216788 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

21:40:10.0326 216788 AmdPPM - ok

21:40:10.0337 216788 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

21:40:10.0341 216788 amdsata - ok

21:40:10.0362 216788 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

21:40:10.0366 216788 amdsbs - ok

21:40:10.0376 216788 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

21:40:10.0379 216788 amdxata - ok

21:40:10.0384 216788 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

21:40:10.0387 216788 AppID - ok

21:40:10.0402 216788 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

21:40:10.0404 216788 AppIDSvc - ok

21:40:10.0413 216788 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

21:40:10.0416 216788 Appinfo - ok

21:40:10.0481 216788 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

21:40:10.0482 216788 Apple Mobile Device - ok

21:40:10.0485 216788 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

21:40:10.0488 216788 arc - ok

21:40:10.0490 216788 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

21:40:10.0492 216788 arcsas - ok

21:40:10.0586 216788 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

21:40:10.0589 216788 aspnet_state - ok

21:40:10.0634 216788 [ F9278A56E92DF6B16476431B582236B4 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys

21:40:10.0636 216788 aswFsBlk - ok

21:40:10.0656 216788 [ FA86861F5B30A2909F8A555ACCF10F33 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys

21:40:10.0659 216788 aswMonFlt - ok

21:40:10.0675 216788 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys

21:40:10.0678 216788 aswRdr - ok

21:40:10.0700 216788 [ 0CB9A8CFB177E4FBA9F3A3D7EB038AC7 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys

21:40:10.0707 216788 aswSnx - ok

21:40:10.0717 216788 [ 27215E171E212EA5770406EC216F7409 ] aswSP C:\Windows\system32\drivers\aswSP.sys

21:40:10.0721 216788 aswSP - ok

21:40:10.0734 216788 [ 88AF99223812186A8046001EA22DAB86 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys

21:40:10.0737 216788 aswTdi - ok

21:40:10.0750 216788 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

21:40:10.0750 216788 AsyncMac - ok

21:40:10.0776 216788 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

21:40:10.0779 216788 atapi - ok

21:40:10.0830 216788 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys

21:40:10.0833 216788 AtiHDAudioService - ok

21:40:10.0870 216788 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

21:40:10.0876 216788 AudioEndpointBuilder - ok

21:40:10.0882 216788 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

21:40:10.0885 216788 AudioSrv - ok

21:40:10.0938 216788 [ FB05FF189FC5F57DE636315B1F5E56DB ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe

21:40:10.0939 216788 avast! Antivirus - ok

21:40:10.0967 216788 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

21:40:10.0970 216788 AxInstSV - ok

21:40:10.0988 216788 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

21:40:10.0993 216788 b06bdrv - ok

21:40:11.0006 216788 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

21:40:11.0010 216788 b57nd60a - ok

21:40:11.0077 216788 [ 8B5D16D20774FC3727F44E161BE2C0AC ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys

21:40:11.0134 216788 BCM43XX - ok

21:40:11.0148 216788 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

21:40:11.0149 216788 BDESVC - ok

21:40:11.0153 216788 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

21:40:11.0155 216788 Beep - ok

21:40:11.0177 216788 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

21:40:11.0186 216788 BFE - ok

21:40:11.0238 216788 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

21:40:11.0251 216788 BITS - ok

21:40:11.0282 216788 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

21:40:11.0289 216788 blbdrive - ok

21:40:11.0328 216788 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

21:40:11.0333 216788 Bonjour Service - ok

21:40:11.0363 216788 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

21:40:11.0367 216788 bowser - ok

21:40:11.0371 216788 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

21:40:11.0372 216788 BrFiltLo - ok

21:40:11.0376 216788 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

21:40:11.0377 216788 BrFiltUp - ok

21:40:11.0420 216788 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

21:40:11.0423 216788 Browser - ok

21:40:11.0619 216788 [ 52C724DAC8ADDC50F593E331A9863979 ] Browser Defender Update Service C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe

21:40:11.0624 216788 Browser Defender Update Service - ok

21:40:11.0639 216788 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

21:40:11.0644 216788 Brserid - ok

21:40:11.0648 216788 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

21:40:11.0651 216788 BrSerWdm - ok

21:40:11.0654 216788 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

21:40:11.0656 216788 BrUsbMdm - ok

21:40:11.0659 216788 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

21:40:11.0664 216788 BrUsbSer - ok

21:40:11.0666 216788 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

21:40:11.0668 216788 BTHMODEM - ok

21:40:11.0682 216788 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

21:40:11.0683 216788 bthserv - ok

21:40:11.0731 216788 [ 9455143681A0BCB4AA5D320A68321B9F ] CaretakerAntispam C:\Program Files\SurfRight\Caretaker\AntispamService.exe

21:40:11.0738 216788 CaretakerAntispam - ok

21:40:11.0782 216788 [ DFF9241AD73FE86A51FCF43F53F1D866 ] CaretakerProxy C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe

21:40:11.0816 216788 CaretakerProxy - ok

21:40:11.0856 216788 [ 2D574843945F8BF9DD53B7F2392A3E05 ] CaretakerSvc C:\Program Files\SurfRight\Caretaker\CaretakerService.exe

21:40:11.0881 216788 CaretakerSvc - ok

21:40:11.0898 216788 [ 0FFA9CFC6FC65E178FD237039D5F0ACA ] CaretakerUpdate C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe

21:40:11.0901 216788 CaretakerUpdate - ok

21:40:11.0923 216788 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

21:40:11.0926 216788 cdfs - ok

21:40:11.0949 216788 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

21:40:11.0951 216788 cdrom - ok

21:40:11.0964 216788 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

21:40:11.0965 216788 CertPropSvc - ok

21:40:12.0009 216788 [ DF8D07059E7237E0BE9C1421EF5F9482 ] cfwids C:\Windows\system32\drivers\cfwids.sys

21:40:12.0013 216788 cfwids - ok

21:40:12.0025 216788 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

21:40:12.0028 216788 circlass - ok

21:40:12.0043 216788 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

21:40:12.0049 216788 CLFS - ok

21:40:12.0110 216788 [ BB86F147B2A7152E4B4D71A2F0A87D41 ] CLKMSVC10_9EC60124 C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe

21:40:12.0115 216788 CLKMSVC10_9EC60124 - ok

21:40:12.0179 216788 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:40:12.0183 216788 clr_optimization_v2.0.50727_32 - ok

21:40:12.0219 216788 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

21:40:12.0223 216788 clr_optimization_v2.0.50727_64 - ok

21:40:12.0280 216788 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

21:40:12.0285 216788 clr_optimization_v4.0.30319_32 - ok

21:40:12.0299 216788 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

21:40:12.0302 216788 clr_optimization_v4.0.30319_64 - ok

21:40:12.0334 216788 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys

21:40:12.0337 216788 CmBatt - ok

21:40:12.0341 216788 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

21:40:12.0342 216788 cmdide - ok

21:40:12.0380 216788 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

21:40:12.0387 216788 CNG - ok

21:40:12.0400 216788 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

21:40:12.0403 216788 Compbatt - ok

21:40:12.0424 216788 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

21:40:12.0427 216788 CompositeBus - ok

21:40:12.0440 216788 COMSysApp - ok

21:40:12.0445 216788 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

21:40:12.0447 216788 crcdisk - ok

21:40:12.0481 216788 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

21:40:12.0485 216788 Creative Audio Engine Licensing Service - ok

21:40:12.0528 216788 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

21:40:12.0532 216788 CryptSvc - ok

21:40:12.0550 216788 [ 6B31306A6B266E0DE597AB6843C5DD46 ] CT20XUT C:\Windows\system32\drivers\CT20XUT.SYS

21:40:12.0554 216788 CT20XUT - ok

21:40:12.0571 216788 [ 6B31306A6B266E0DE597AB6843C5DD46 ] CT20XUT.SYS C:\Windows\System32\drivers\CT20XUT.SYS

21:40:12.0574 216788 CT20XUT.SYS - ok

21:40:12.0600 216788 [ 72A80F943E7E634D301C481B0CBD8337 ] ctac32k C:\Windows\system32\drivers\ctac32k.sys

21:40:12.0607 216788 ctac32k - ok

21:40:12.0638 216788 [ 4C7DD11DE800D6D913DC3E33DB97D089 ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys

21:40:12.0646 216788 ctaud2k - ok

21:40:12.0693 216788 [ CACB67BC2E73894ECBCBC4EAD2F02456 ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

21:40:12.0697 216788 CTAudSvcService - ok

21:40:12.0721 216788 [ DD86F833D8FAA19534940013664FCBA1 ] CTEXFIFX C:\Windows\system32\drivers\CTEXFIFX.SYS

21:40:12.0771 216788 CTEXFIFX - ok

21:40:12.0783 216788 [ DD86F833D8FAA19534940013664FCBA1 ] CTEXFIFX.SYS C:\Windows\System32\drivers\CTEXFIFX.SYS

21:40:12.0789 216788 CTEXFIFX.SYS - ok

21:40:12.0805 216788 [ D1E94EF3CDF0A52A91CB6B9E49317957 ] CTHWIUT C:\Windows\system32\drivers\CTHWIUT.SYS

21:40:12.0808 216788 CTHWIUT - ok

21:40:12.0810 216788 [ D1E94EF3CDF0A52A91CB6B9E49317957 ] CTHWIUT.SYS C:\Windows\System32\drivers\CTHWIUT.SYS

21:40:12.0811 216788 CTHWIUT.SYS - ok

21:40:12.0822 216788 [ 82922A0404074227D16497C2A9D1B2A6 ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys

21:40:12.0824 216788 ctprxy2k - ok

21:40:12.0856 216788 [ 19D7AAADAD93B220C9AA60F8E153E1B9 ] ctredr15.sys C:\Windows\system32\drivers\ctredr15.sys

21:40:12.0859 216788 ctredr15.sys - ok

21:40:12.0876 216788 [ ABB9A555A4A694AB76F1E195AFDE3D6A ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys

21:40:12.0878 216788 ctsfm2k - ok

21:40:12.0902 216788 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

21:40:12.0908 216788 DcomLaunch - ok

21:40:12.0929 216788 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

21:40:12.0931 216788 defragsvc - ok

21:40:12.0984 216788 [ 18B5C959CBE24D4D4C2381EFB87611DE ] DellDigitalDelivery C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe

21:40:12.0987 216788 DellDigitalDelivery - ok

21:40:12.0994 216788 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

21:40:12.0997 216788 DfsC - ok

21:40:13.0008 216788 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

21:40:13.0011 216788 Dhcp - ok

21:40:13.0035 216788 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

21:40:13.0036 216788 discache - ok

21:40:13.0063 216788 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

21:40:13.0066 216788 Disk - ok

21:40:13.0086 216788 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

21:40:13.0090 216788 Dnscache - ok

21:40:13.0109 216788 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

21:40:13.0115 216788 dot3svc - ok

21:40:13.0127 216788 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

21:40:13.0132 216788 DPS - ok

21:40:13.0165 216788 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

21:40:13.0168 216788 drmkaud - ok

21:40:13.0194 216788 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

21:40:13.0206 216788 DXGKrnl - ok

21:40:13.0218 216788 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

21:40:13.0221 216788 EapHost - ok

21:40:13.0280 216788 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

21:40:13.0335 216788 ebdrv - ok

21:40:13.0357 216788 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

21:40:13.0361 216788 EFS - ok

21:40:13.0410 216788 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

21:40:13.0417 216788 ehRecvr - ok

21:40:13.0432 216788 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

21:40:13.0436 216788 ehSched - ok

21:40:13.0460 216788 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

21:40:13.0467 216788 elxstor - ok

21:40:13.0493 216788 [ C4AFA345A83E169C7DDD1E710E55D66B ] emupia C:\Windows\system32\drivers\emupia2k.sys

21:40:13.0497 216788 emupia - ok

21:40:13.0507 216788 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

21:40:13.0509 216788 ErrDev - ok

21:40:13.0534 216788 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

21:40:13.0540 216788 EventSystem - ok

21:40:13.0561 216788 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

21:40:13.0565 216788 exfat - ok

21:40:13.0582 216788 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

21:40:13.0586 216788 fastfat - ok

21:40:13.0614 216788 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

21:40:13.0624 216788 Fax - ok

21:40:13.0636 216788 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

21:40:13.0639 216788 fdc - ok

21:40:13.0650 216788 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

21:40:13.0652 216788 fdPHost - ok

21:40:13.0659 216788 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

21:40:13.0661 216788 FDResPub - ok

21:40:13.0670 216788 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

21:40:13.0673 216788 FileInfo - ok

21:40:13.0682 216788 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

21:40:13.0685 216788 Filetrace - ok

21:40:13.0696 216788 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

21:40:13.0699 216788 flpydisk - ok

21:40:13.0714 216788 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

21:40:13.0718 216788 FltMgr - ok

21:40:13.0757 216788 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

21:40:13.0784 216788 FontCache - ok

21:40:13.0833 216788 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

21:40:13.0836 216788 FontCache3.0.0.0 - ok

21:40:13.0853 216788 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

21:40:13.0856 216788 FsDepends - ok

21:40:13.0891 216788 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

21:40:13.0894 216788 Fs_Rec - ok

21:40:13.0908 216788 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

21:40:13.0910 216788 fvevol - ok

21:40:13.0919 216788 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

21:40:13.0921 216788 gagp30kx - ok

21:40:13.0961 216788 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

21:40:13.0962 216788 GEARAspiWDM - ok

21:40:13.0989 216788 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

21:40:13.0995 216788 gpsvc - ok

21:40:14.0021 216788 [ 42E7E30324C4CF322EC34D94A8906FA0 ] ha20x22k C:\Windows\system32\drivers\ha20x22k.sys

21:40:14.0052 216788 ha20x22k - ok

21:40:14.0105 216788 [ D6050F3F040C9DEF7F8B6C82CFD09D08 ] ha20x2k C:\Windows\system32\drivers\ha20x2k.sys

21:40:14.0139 216788 ha20x2k - ok

21:40:14.0178 216788 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

21:40:14.0181 216788 hcw85cir - ok

21:40:14.0216 216788 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

21:40:14.0221 216788 HdAudAddService - ok

21:40:14.0248 216788 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

21:40:14.0252 216788 HDAudBus - ok

21:40:14.0261 216788 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

21:40:14.0264 216788 HidBatt - ok

21:40:14.0268 216788 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

21:40:14.0270 216788 HidBth - ok

21:40:14.0283 216788 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

21:40:14.0285 216788 HidIr - ok

21:40:14.0298 216788 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

21:40:14.0302 216788 hidserv - ok

21:40:14.0324 216788 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

21:40:14.0327 216788 HidUsb - ok

21:40:14.0364 216788 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys

21:40:14.0368 216788 HipShieldK - ok

21:40:14.0387 216788 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

21:40:14.0389 216788 hkmsvc - ok

21:40:14.0398 216788 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

21:40:14.0402 216788 HomeGroupListener - ok

21:40:14.0420 216788 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

21:40:14.0423 216788 HomeGroupProvider - ok

21:40:14.0435 216788 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

21:40:14.0438 216788 HpSAMD - ok

21:40:14.0460 216788 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

21:40:14.0466 216788 HTTP - ok

21:40:14.0473 216788 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

21:40:14.0473 216788 hwpolicy - ok

21:40:14.0483 216788 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

21:40:14.0486 216788 i8042prt - ok

21:40:14.0514 216788 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\drivers\iaStor.sys

21:40:14.0519 216788 iaStor - ok

21:40:14.0585 216788 [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

21:40:14.0589 216788 IAStorDataMgrSvc - ok

21:40:14.0612 216788 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

21:40:14.0619 216788 iaStorV - ok

21:40:14.0670 216788 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

21:40:14.0681 216788 idsvc - ok

21:40:14.0693 216788 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

21:40:14.0696 216788 iirsp - ok

21:40:14.0730 216788 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

21:40:14.0741 216788 IKEEXT - ok

21:40:14.0764 216788 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

21:40:14.0767 216788 intelide - ok

21:40:14.0780 216788 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

21:40:14.0783 216788 intelppm - ok

21:40:14.0792 216788 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

21:40:14.0797 216788 IPBusEnum - ok

21:40:14.0809 216788 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

21:40:14.0811 216788 IpFilterDriver - ok

21:40:14.0871 216788 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

21:40:14.0880 216788 iphlpsvc - ok

21:40:14.0885 216788 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

21:40:14.0887 216788 IPMIDRV - ok

21:40:14.0913 216788 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

21:40:14.0914 216788 IPNAT - ok

21:40:14.0953 216788 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

21:40:14.0957 216788 iPod Service - ok

21:40:14.0971 216788 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

21:40:14.0972 216788 IRENUM - ok

21:40:14.0981 216788 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

21:40:14.0983 216788 isapnp - ok

21:40:15.0004 216788 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

21:40:15.0008 216788 iScsiPrt - ok

21:40:15.0040 216788 [ 12E27942DBB7C91880163634B0D8A776 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys

21:40:15.0043 216788 k57nd60a - ok

21:40:15.0051 216788 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

21:40:15.0055 216788 kbdclass - ok

21:40:15.0079 216788 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

21:40:15.0081 216788 kbdhid - ok

21:40:15.0089 216788 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

21:40:15.0092 216788 KeyIso - ok

21:40:15.0124 216788 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

21:40:15.0127 216788 KSecDD - ok

21:40:15.0139 216788 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

21:40:15.0142 216788 KSecPkg - ok

21:40:15.0153 216788 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

21:40:15.0154 216788 ksthunk - ok

21:40:15.0186 216788 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

21:40:15.0195 216788 KtmRm - ok

21:40:15.0221 216788 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

21:40:15.0228 216788 LanmanServer - ok

21:40:15.0250 216788 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

21:40:15.0257 216788 LanmanWorkstation - ok

21:40:15.0277 216788 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

21:40:15.0279 216788 lltdio - ok

21:40:15.0303 216788 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

21:40:15.0309 216788 lltdsvc - ok

21:40:15.0326 216788 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

21:40:15.0330 216788 lmhosts - ok

21:40:15.0355 216788 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

21:40:15.0359 216788 LSI_FC - ok

21:40:15.0374 216788 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

21:40:15.0378 216788 LSI_SAS - ok

21:40:15.0388 216788 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

21:40:15.0391 216788 LSI_SAS2 - ok

21:40:15.0407 216788 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

21:40:15.0411 216788 LSI_SCSI - ok

21:40:15.0416 216788 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

21:40:15.0419 216788 luafv - ok

21:40:15.0456 216788 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

21:40:15.0458 216788 MBAMProtector - ok

21:40:15.0490 216788 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

21:40:15.0495 216788 MBAMScheduler - ok

21:40:15.0544 216788 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

21:40:15.0551 216788 MBAMService - ok

21:40:15.0593 216788 [ 9504F1DDA1B67FB8D526FD4F8CC882F3 ] McAWFwk c:\PROGRA~1\mcafee\msc\mcawfwk.exe

21:40:15.0597 216788 McAWFwk - ok

21:40:15.0656 216788 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

21:40:15.0659 216788 McMPFSvc - ok

21:40:15.0665 216788 [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

21:40:15.0668 216788 mcmscsvc - ok

21:40:15.0675 216788 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

21:40:15.0678 216788 McNaiAnn - ok

21:40:15.0694 216788 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

21:40:15.0696 216788 McNASvc - ok

21:40:15.0733 216788 [ 1814532DB0404C5FB65AA3EB051B2BE5 ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe

21:40:15.0738 216788 McODS - ok

21:40:15.0744 216788 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

21:40:15.0747 216788 McOobeSv - ok

21:40:15.0752 216788 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

21:40:15.0755 216788 McProxy - ok

21:40:15.0836 216788 [ 9BBCECBE3FE5AF5958A770DC512D0473 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

21:40:15.0838 216788 McShield - ok

21:40:15.0865 216788 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

21:40:15.0869 216788 Mcx2Svc - ok

21:40:15.0882 216788 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

21:40:15.0884 216788 megasas - ok

21:40:15.0904 216788 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

21:40:15.0907 216788 MegaSR - ok

21:40:15.0931 216788 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

21:40:15.0934 216788 MEIx64 - ok

21:40:15.0953 216788 [ 2D53234C24B0103FDE0BE06782AA6F80 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys

21:40:15.0955 216788 mfeapfk - ok

21:40:15.0984 216788 [ C0EAF4F2367C44157E1DE4817238FEC2 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys

21:40:15.0988 216788 mfeavfk - ok

21:40:16.0001 216788 mfeavfk01 - ok

21:40:16.0016 216788 [ 05248F2E6E1AFA6972D058C36199DEB7 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

21:40:16.0018 216788 mfefire - ok

21:40:16.0031 216788 [ 6856931F9F5B757E9D09369CC35096B9 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys

21:40:16.0036 216788 mfefirek - ok

21:40:16.0056 216788 [ 62E4C929A4DB48616B1B90143B48C948 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys

21:40:16.0063 216788 mfehidk - ok

21:40:16.0083 216788 [ B5B96149BE124092F577DE54EC7D4D65 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys

21:40:16.0087 216788 mferkdet - ok

21:40:16.0120 216788 [ 8EC6B123D98645A587D1C5DC133BD042 ] mfetdi2k C:\Windows\system32\drivers\mfetdi2k.sys

21:40:16.0124 216788 mfetdi2k - ok

21:40:16.0141 216788 [ DC5483CAD90D95D65B618E35C66E28DF ] mfevtp C:\Windows\system32\mfevtps.exe

21:40:16.0146 216788 mfevtp - ok

21:40:16.0159 216788 [ E18162EA85F1531964F8222CC9E25E26 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys

21:40:16.0164 216788 mfewfpk - ok

21:40:16.0189 216788 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

21:40:16.0195 216788 MMCSS - ok

21:40:16.0208 216788 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

21:40:16.0210 216788 Modem - ok

21:40:16.0220 216788 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

21:40:16.0223 216788 monitor - ok

21:40:16.0244 216788 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

21:40:16.0247 216788 mouclass - ok

21:40:16.0260 216788 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

21:40:16.0263 216788 mouhid - ok

21:40:16.0277 216788 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

21:40:16.0279 216788 mountmgr - ok

21:40:16.0294 216788 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

21:40:16.0298 216788 mpio - ok

21:40:16.0313 216788 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

21:40:16.0316 216788 mpsdrv - ok

21:40:16.0343 216788 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

21:40:16.0354 216788 MpsSvc - ok

21:40:16.0379 216788 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

21:40:16.0380 216788 MRxDAV - ok

21:40:16.0404 216788 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

21:40:16.0407 216788 mrxsmb - ok

21:40:16.0424 216788 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:40:16.0429 216788 mrxsmb10 - ok

21:40:16.0438 216788 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:40:16.0441 216788 mrxsmb20 - ok

21:40:16.0474 216788 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

21:40:16.0477 216788 msahci - ok

21:40:16.0494 216788 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

21:40:16.0498 216788 msdsm - ok

21:40:16.0515 216788 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

21:40:16.0520 216788 MSDTC - ok

21:40:16.0540 216788 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

21:40:16.0542 216788 Msfs - ok

21:40:16.0566 216788 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

21:40:16.0568 216788 mshidkmdf - ok

21:40:16.0591 216788 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

21:40:16.0592 216788 msisadrv - ok

21:40:16.0608 216788 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

21:40:16.0610 216788 MSiSCSI - ok

21:40:16.0613 216788 msiserver - ok

21:40:16.0629 216788 [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

21:40:16.0631 216788 MSK80Service - ok

21:40:16.0653 216788 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

21:40:16.0654 216788 MSKSSRV - ok

21:40:16.0656 216788 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

21:40:16.0657 216788 MSPCLOCK - ok

21:40:16.0660 216788 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

21:40:16.0660 216788 MSPQM - ok

21:40:16.0680 216788 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

21:40:16.0686 216788 MsRPC - ok

21:40:16.0702 216788 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

21:40:16.0704 216788 mssmbios - ok

21:40:16.0708 216788 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

21:40:16.0710 216788 MSTEE - ok

21:40:16.0714 216788 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

21:40:16.0716 216788 MTConfig - ok

21:40:16.0734 216788 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

21:40:16.0735 216788 Mup - ok

21:40:16.0750 216788 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

21:40:16.0755 216788 napagent - ok

21:40:16.0784 216788 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

21:40:16.0787 216788 NativeWifiP - ok

21:40:16.0861 216788 [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe

21:40:16.0867 216788 NAUpdate - ok

21:40:16.0910 216788 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

21:40:16.0917 216788 NDIS - ok

21:40:16.0925 216788 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

21:40:16.0926 216788 NdisCap - ok

21:40:16.0941 216788 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

21:40:16.0942 216788 NdisTapi - ok

21:40:16.0947 216788 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

21:40:16.0949 216788 Ndisuio - ok

21:40:16.0962 216788 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

21:40:16.0964 216788 NdisWan - ok

21:40:16.0970 216788 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

21:40:16.0971 216788 NDProxy - ok

21:40:16.0980 216788 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

21:40:16.0981 216788 NetBIOS - ok

21:40:16.0991 216788 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

21:40:16.0993 216788 NetBT - ok

21:40:17.0004 216788 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

21:40:17.0005 216788 Netlogon - ok

21:40:17.0025 216788 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

21:40:17.0029 216788 Netman - ok

21:40:17.0049 216788 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:40:17.0052 216788 NetMsmqActivator - ok

21:40:17.0055 216788 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:40:17.0056 216788 NetPipeActivator - ok

21:40:17.0071 216788 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

21:40:17.0076 216788 netprofm - ok

21:40:17.0079 216788 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:40:17.0081 216788 NetTcpActivator - ok

21:40:17.0083 216788 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:40:17.0084 216788 NetTcpPortSharing - ok

21:40:17.0099 216788 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

21:40:17.0102 216788 nfrd960 - ok

21:40:17.0149 216788 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

21:40:17.0153 216788 NlaSvc - ok

21:40:17.0266 216788 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

21:40:17.0278 216788 NOBU - ok

21:40:17.0303 216788 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

21:40:17.0305 216788 Npfs - ok

21:40:17.0315 216788 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

21:40:17.0320 216788 nsi - ok

21:40:17.0332 216788 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

21:40:17.0334 216788 nsiproxy - ok

21:40:17.0400 216788 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

21:40:17.0434 216788 Ntfs - ok

21:40:17.0449 216788 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

21:40:17.0450 216788 Null - ok

21:40:17.0486 216788 [ F5BC2345E8C89D4E90FAFD23A2239935 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys

21:40:17.0490 216788 nusb3hub - ok

21:40:17.0516 216788 [ 5D42578241BC2A9B4A64837077436D5F ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys

21:40:17.0520 216788 nusb3xhc - ok

21:40:17.0544 216788 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

21:40:17.0547 216788 nvraid - ok

21:40:17.0561 216788 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

21:40:17.0565 216788 nvstor - ok

21:40:17.0591 216788 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

21:40:17.0595 216788 nv_agp - ok

21:40:17.0610 216788 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

21:40:17.0613 216788 ohci1394 - ok

21:40:17.0652 216788 [ FBE1D971EB64ABF4CE37B519307C94F1 ] OSDSvc C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe

21:40:17.0654 216788 OSDSvc - ok

21:40:17.0680 216788 [ EF80A5D03F3817227B97E220DF37C2E9 ] ossrv C:\Windows\system32\drivers\ctoss2k.sys

21:40:17.0683 216788 ossrv - ok

21:40:17.0699 216788 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

21:40:17.0707 216788 p2pimsvc - ok

21:40:17.0719 216788 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

21:40:17.0724 216788 p2psvc - ok

21:40:17.0738 216788 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

21:40:17.0740 216788 Parport - ok

21:40:17.0756 216788 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

21:40:17.0757 216788 partmgr - ok

21:40:17.0765 216788 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

21:40:17.0768 216788 PcaSvc - ok

21:40:17.0818 216788 [ 7317A0B550F7AC0223B7070897670476 ] PCDSRVC{1E208CE0-FB7451FF-06020101}_0 c:\program files\dell support center\pcdsrvc_x64.pkms

21:40:17.0822 216788 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok

21:40:17.0842 216788 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

21:40:17.0846 216788 pci - ok

21:40:17.0858 216788 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

21:40:17.0861 216788 pciide - ok

21:40:17.0877 216788 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

21:40:17.0881 216788 pcmcia - ok

21:40:17.0918 216788 [ 51019118F4715E6DA58B3372246C281A ] PCTBD C:\Windows\system32\Drivers\PCTBD64.sys

21:40:17.0922 216788 PCTBD - ok

21:40:17.0959 216788 [ 0012046DEE36BF3D241F027B4417B433 ] PCTCore C:\Windows\system32\drivers\PCTCore64.sys

21:40:17.0963 216788 PCTCore - ok

21:40:17.0997 216788 [ BA1F42A42F405F62CEFF6B69A2797F7C ] pctDS C:\Windows\system32\drivers\pctDS64.sys

21:40:18.0001 216788 pctDS - ok

21:40:18.0090 216788 [ 146CC91C93CED13E7FE40E8D8615BE39 ] pctEFA C:\Windows\system32\drivers\pctEFA64.sys

21:40:18.0101 216788 pctEFA - ok

21:40:18.0129 216788 [ E5F6DA5B178028A750C5B8D7B09B3383 ] pctgntdi C:\Windows\System32\drivers\pctgntdi64.sys

21:40:18.0132 216788 pctgntdi - ok

21:40:18.0156 216788 [ F9FC1B700D16ED0AE96A36A758E18F31 ] pctplsm C:\Windows\System32\drivers\pctplsm64.sys

21:40:18.0159 216788 pctplsm - ok

21:40:18.0192 216788 [ DB2BA2D9585101947C5A60D785A63491 ] PCTSD C:\Windows\system32\Drivers\PCTSD64.sys

21:40:18.0197 216788 PCTSD - ok

21:40:18.0216 216788 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

21:40:18.0218 216788 pcw - ok

21:40:18.0235 216788 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

21:40:18.0243 216788 PEAUTH - ok

21:40:18.0291 216788 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

21:40:18.0296 216788 PerfHost - ok

21:40:18.0338 216788 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

21:40:18.0369 216788 pla - ok

21:40:18.0397 216788 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

21:40:18.0406 216788 PlugPlay - ok

21:40:18.0420 216788 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

21:40:18.0426 216788 PNRPAutoReg - ok

21:40:18.0457 216788 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

21:40:18.0463 216788 PNRPsvc - ok

21:40:18.0489 216788 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

21:40:18.0494 216788 PolicyAgent - ok

21:40:18.0535 216788 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll

21:40:18.0543 216788 Power - ok

21:40:18.0556 216788 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

21:40:18.0557 216788 PptpMiniport - ok

21:40:18.0571 216788 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

21:40:18.0574 216788 Processor - ok

21:40:18.0608 216788 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

21:40:18.0614 216788 ProfSvc - ok

21:40:18.0627 216788 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

21:40:18.0629 216788 ProtectedStorage - ok

21:40:18.0655 216788 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

21:40:18.0657 216788 Psched - ok

21:40:18.0683 216788 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys

21:40:18.0688 216788 PxHlpa64 - ok

21:40:18.0720 216788 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

21:40:18.0745 216788 ql2300 - ok

21:40:18.0939 216788 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

21:40:18.0941 216788 ql40xx - ok

21:40:18.0960 216788 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

21:40:18.0966 216788 QWAVE - ok

21:40:18.0980 216788 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

21:40:18.0982 216788 QWAVEdrv - ok

21:40:18.0997 216788 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

21:40:18.0998 216788 RasAcd - ok

21:40:19.0025 216788 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

21:40:19.0026 216788 RasAgileVpn - ok

21:40:19.0030 216788 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

21:40:19.0034 216788 RasAuto - ok

21:40:19.0045 216788 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

21:40:19.0046 216788 Rasl2tp - ok

21:40:19.0067 216788 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

21:40:19.0072 216788 RasMan - ok

21:40:19.0086 216788 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

21:40:19.0087 216788 RasPppoe - ok

21:40:19.0090 216788 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

21:40:19.0091 216788 RasSstp - ok

21:40:19.0102 216788 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

21:40:19.0105 216788 rdbss - ok

21:40:19.0118 216788 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

21:40:19.0121 216788 rdpbus - ok

21:40:19.0132 216788 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

21:40:19.0133 216788 RDPCDD - ok

21:40:19.0156 216788 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

21:40:19.0157 216788 RDPENCDD - ok

21:40:19.0179 216788 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

21:40:19.0182 216788 RDPREFMP - ok

21:40:19.0218 216788 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

21:40:19.0221 216788 RDPWD - ok

21:40:19.0240 216788 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

21:40:19.0243 216788 rdyboost - ok

21:40:19.0280 216788 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

21:40:19.0284 216788 RemoteAccess - ok

21:40:19.0303 216788 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

21:40:19.0308 216788 RemoteRegistry - ok

21:40:19.0382 216788 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe

21:40:19.0408 216788 RoxMediaDB12OEM - ok

21:40:19.0554 216788 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe

21:40:19.0559 216788 RoxWatch12 - ok

21:40:19.0568 216788 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

21:40:19.0574 216788 RpcEptMapper - ok

21:40:19.0578 216788 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

21:40:19.0580 216788 RpcLocator - ok

21:40:19.0596 216788 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

21:40:19.0600 216788 RpcSs - ok

21:40:19.0610 216788 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

21:40:19.0611 216788 rspndr - ok

21:40:19.0618 216788 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

21:40:19.0620 216788 SamSs - ok

21:40:19.0637 216788 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

21:40:19.0639 216788 sbp2port - ok

21:40:19.0707 216788 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

21:40:19.0718 216788 SBSDWSCService - ok

21:40:19.0741 216788 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

21:40:19.0745 216788 SCardSvr - ok

21:40:19.0754 216788 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

21:40:19.0755 216788 scfilter - ok

21:40:19.0775 216788 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

21:40:19.0797 216788 Schedule - ok

21:40:19.0819 216788 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

21:40:19.0822 216788 SCPolicySvc - ok

21:40:19.0928 216788 [ AE88672774DF12BEDF76768E52D23424 ] sdAuxService C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe

21:40:19.0933 216788 sdAuxService - ok

21:40:19.0968 216788 [ 5FC31ADB3B47E00349B92E57117D2C07 ] sdCoreService C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe

21:40:19.0973 216788 sdCoreService - ok

21:40:19.0990 216788 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

21:40:19.0994 216788 SDRSVC - ok

21:40:20.0015 216788 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

21:40:20.0017 216788 secdrv - ok

21:40:20.0027 216788 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

21:40:20.0030 216788 seclogon - ok

21:40:20.0050 216788 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

21:40:20.0054 216788 SENS - ok

21:40:20.0066 216788 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

21:40:20.0069 216788 SensrSvc - ok

21:40:20.0097 216788 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys

21:40:20.0099 216788 Serenum - ok

21:40:20.0106 216788 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys

21:40:20.0109 216788 Serial - ok

21:40:20.0111 216788 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

21:40:20.0112 216788 sermouse - ok

21:40:20.0131 216788 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

21:40:20.0135 216788 SessionEnv - ok

21:40:20.0138 216788 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

21:40:20.0139 216788 sffdisk - ok

21:40:20.0141 216788 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

21:40:20.0142 216788 sffp_mmc - ok

21:40:20.0157 216788 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

21:40:20.0159 216788 sffp_sd - ok

21:40:20.0162 216788 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

21:40:20.0163 216788 sfloppy - ok

21:40:20.0223 216788 [ 29DDEA72C5BDF61D62F4D438DC0E497C ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

21:40:20.0238 216788 SftService - ok

21:40:20.0282 216788 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

21:40:20.0289 216788 SharedAccess - ok

21:40:20.0314 216788 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

21:40:20.0323 216788 ShellHWDetection - ok

21:40:20.0336 216788 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

21:40:20.0339 216788 SiSRaid2 - ok

21:40:20.0350 216788 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

21:40:20.0354 216788 SiSRaid4 - ok

21:40:20.0371 216788 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

21:40:20.0373 216788 Smb - ok

21:40:20.0390 216788 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

21:40:20.0395 216788 SNMPTRAP - ok

21:40:20.0402 216788 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

21:40:20.0405 216788 spldr - ok

21:40:20.0441 216788 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

21:40:20.0445 216788 Spooler - ok

21:40:20.0509 216788 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

21:40:20.0569 216788 sppsvc - ok

21:40:20.0609 216788 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

21:40:20.0613 216788 sppuinotify - ok

21:40:20.0638 216788 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

21:40:20.0644 216788 srv - ok

21:40:20.0659 216788 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

21:40:20.0665 216788 srv2 - ok

21:40:20.0677 216788 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

21:40:20.0681 216788 srvnet - ok

21:40:20.0695 216788 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

21:40:20.0699 216788 SSDPSRV - ok

21:40:20.0705 216788 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

21:40:20.0709 216788 SstpSvc - ok

21:40:20.0724 216788 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

21:40:20.0727 216788 stexstor - ok

21:40:20.0757 216788 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

21:40:20.0828 216788 stisvc - ok

21:40:20.0860 216788 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

21:40:20.0864 216788 stllssvr - ok

21:40:20.0877 216788 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

21:40:20.0880 216788 swenum - ok

21:40:20.0900 216788 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

21:40:20.0910 216788 swprv - ok

21:40:20.0943 216788 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

21:40:20.0969 216788 SysMain - ok

21:40:20.0983 216788 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

21:40:20.0988 216788 TabletInputService - ok

21:40:21.0003 216788 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

21:40:21.0008 216788 TapiSrv - ok

21:40:21.0022 216788 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

21:40:21.0026 216788 TBS - ok

21:40:21.0087 216788 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

21:40:21.0112 216788 Tcpip - ok

21:40:21.0160 216788 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

21:40:21.0172 216788 TCPIP6 - ok

21:40:21.0197 216788 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

21:40:21.0199 216788 tcpipreg - ok

21:40:21.0212 216788 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

21:40:21.0213 216788 TDPIPE - ok

21:40:21.0244 216788 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

21:40:21.0246 216788 TDTCP - ok

21:40:21.0262 216788 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

21:40:21.0265 216788 tdx - ok

21:40:21.0286 216788 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

21:40:21.0289 216788 TermDD - ok

21:40:21.0313 216788 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

21:40:21.0325 216788 TermService - ok

21:40:21.0354 216788 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

21:40:21.0361 216788 Themes - ok

21:40:21.0384 216788 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

21:40:21.0389 216788 THREADORDER - ok

21:40:21.0397 216788 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

21:40:21.0404 216788 TrkWks - ok

21:40:21.0446 216788 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

21:40:21.0450 216788 TrustedInstaller - ok

21:40:21.0469 216788 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

21:40:21.0471 216788 tssecsrv - ok

21:40:21.0490 216788 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

21:40:21.0492 216788 TsUsbFlt - ok

21:40:21.0497 216788 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

21:40:21.0499 216788 TsUsbGD - ok

21:40:21.0520 216788 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

21:40:21.0522 216788 tunnel - ok

21:40:21.0540 216788 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

21:40:21.0544 216788 uagp35 - ok

21:40:21.0561 216788 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

21:40:21.0566 216788 udfs - ok

21:40:21.0582 216788 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

21:40:21.0588 216788 UI0Detect - ok

21:40:21.0603 216788 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

21:40:21.0606 216788 uliagpkx - ok

21:40:21.0617 216788 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

21:40:21.0620 216788 umbus - ok

21:40:21.0634 216788 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

21:40:21.0639 216788 UmPass - ok

21:40:21.0654 216788 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

21:40:21.0661 216788 upnphost - ok

21:40:21.0687 216788 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

21:40:21.0690 216788 USBAAPL64 - ok

21:40:21.0708 216788 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

21:40:21.0711 216788 usbccgp - ok

21:40:21.0723 216788 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

21:40:21.0727 216788 usbcir - ok

21:40:21.0738 216788 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

21:40:21.0742 216788 usbehci - ok

21:40:21.0776 216788 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

21:40:21.0781 216788 usbhub - ok

21:40:21.0794 216788 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

21:40:21.0798 216788 usbohci - ok

21:40:21.0812 216788 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys

21:40:21.0816 216788 usbprint - ok

21:40:21.0821 216788 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

21:40:21.0824 216788 USBSTOR - ok

21:40:21.0847 216788 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

21:40:21.0850 216788 usbuhci - ok

21:40:21.0866 216788 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

21:40:21.0873 216788 UxSms - ok

21:40:21.0878 216788 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

21:40:21.0882 216788 VaultSvc - ok

21:40:21.0910 216788 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

21:40:21.0912 216788 vdrvroot - ok

21:40:21.0928 216788 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

21:40:21.0934 216788 vds - ok

21:40:21.0950 216788 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

21:40:21.0953 216788 vga - ok

21:40:21.0965 216788 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

21:40:21.0966 216788 VgaSave - ok

21:40:21.0980 216788 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

21:40:21.0983 216788 vhdmp - ok

21:40:21.0991 216788 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

21:40:21.0993 216788 viaide - ok

21:40:22.0007 216788 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

21:40:22.0010 216788 volmgr - ok

21:40:22.0023 216788 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

21:40:22.0026 216788 volmgrx - ok

21:40:22.0036 216788 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

21:40:22.0039 216788 volsnap - ok

21:40:22.0053 216788 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

21:40:22.0056 216788 vsmraid - ok

21:40:22.0087 216788 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

21:40:22.0112 216788 VSS - ok

21:40:22.0126 216788 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

21:40:22.0128 216788 vwifibus - ok

21:40:22.0135 216788 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

21:40:22.0136 216788 vwififlt - ok

21:40:22.0153 216788 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

21:40:22.0159 216788 W32Time - ok

21:40:22.0172 216788 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

21:40:22.0174 216788 WacomPen - ok

21:40:22.0192 216788 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

21:40:22.0195 216788 WANARP - ok

21:40:22.0200 216788 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

21:40:22.0203 216788 Wanarpv6 - ok

21:40:22.0251 216788 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

21:40:22.0279 216788 WatAdminSvc - ok

21:40:22.0320 216788 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

21:40:22.0348 216788 wbengine - ok

21:40:22.0360 216788 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

21:40:22.0365 216788 WbioSrvc - ok

21:40:22.0374 216788 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

21:40:22.0379 216788 wcncsvc - ok

21:40:22.0388 216788 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

21:40:22.0392 216788 WcsPlugInService - ok

21:40:22.0407 216788 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

21:40:22.0410 216788 Wd - ok

21:40:22.0447 216788 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

21:40:22.0457 216788 Wdf01000 - ok

21:40:22.0474 216788 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

21:40:22.0482 216788 WdiServiceHost - ok

21:40:22.0487 216788 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

21:40:22.0490 216788 WdiSystemHost - ok

21:40:22.0501 216788 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

21:40:22.0505 216788 WebClient - ok

21:40:22.0514 216788 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

21:40:22.0519 216788 Wecsvc - ok

21:40:22.0526 216788 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

21:40:22.0530 216788 wercplsupport - ok

21:40:22.0549 216788 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

21:40:22.0554 216788 WerSvc - ok

21:40:22.0562 216788 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

21:40:22.0563 216788 WfpLwf - ok

21:40:22.0598 216788 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys

21:40:22.0600 216788 WimFltr - ok

21:40:22.0618 216788 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

21:40:22.0620 216788 WIMMount - ok

21:40:22.0651 216788 WinDefend - ok

21:40:22.0663 216788 WinHttpAutoProxySvc - ok

21:40:22.0708 216788 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

21:40:22.0713 216788 Winmgmt - ok

21:40:22.0765 216788 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

21:40:22.0808 216788 WinRM - ok

21:40:22.0861 216788 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

21:40:22.0865 216788 WinUsb - ok

21:40:22.0896 216788 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

21:40:22.0909 216788 Wlansvc - ok

21:40:22.0972 216788 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

21:40:22.0975 216788 wlcrasvc - ok

21:40:23.0022 216788 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

21:40:23.0056 216788 wlidsvc - ok

21:40:23.0064 216788 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

21:40:23.0066 216788 WmiAcpi - ok

21:40:23.0092 216788 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

21:40:23.0095 216788 wmiApSrv - ok

21:40:23.0106 216788 WMPNetworkSvc - ok

21:40:23.0138 216788 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

21:40:23.0142 216788 WPCSvc - ok

21:40:23.0151 216788 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

21:40:23.0159 216788 WPDBusEnum - ok

21:40:23.0168 216788 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

21:40:23.0170 216788 ws2ifsl - ok

21:40:23.0204 216788 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

21:40:23.0209 216788 wscsvc - ok

21:40:23.0215 216788 WSearch - ok

21:40:23.0291 216788 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

21:40:23.0347 216788 wuauserv - ok

21:40:23.0382 216788 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

21:40:23.0385 216788 WudfPf - ok

21:40:23.0404 216788 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

21:40:23.0408 216788 WUDFRd - ok

21:40:23.0444 216788 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

21:40:23.0452 216788 wudfsvc - ok

21:40:23.0465 216788 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

21:40:23.0473 216788 WwanSvc - ok

21:40:23.0481 216788 ================ Scan global ===============================

21:40:23.0494 216788 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

21:40:23.0527 216788 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll

21:40:23.0539 216788 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll

21:40:23.0565 216788 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

21:40:23.0589 216788 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

21:40:23.0596 216788 [Global] - ok

21:40:23.0597 216788 ================ Scan MBR ==================================

21:40:23.0613 216788 [ D7AD5AA31A559120C3BA48FD0A1B1636 ] \Device\Harddisk0\DR0

21:40:23.0768 216788 \Device\Harddisk0\DR0 - ok

21:40:23.0768 216788 ================ Scan VBR ==================================

21:40:23.0771 216788 [ 138D4A6261B6BD238D528BF3F04FA0E1 ] \Device\Harddisk0\DR0\Partition1

21:40:23.0774 216788 \Device\Harddisk0\DR0\Partition1 - ok

21:40:23.0795 216788 [ 0C2DCE233A25D747B9BB061A7E094DD4 ] \Device\Harddisk0\DR0\Partition2

21:40:23.0797 216788 \Device\Harddisk0\DR0\Partition2 - ok

21:40:23.0797 216788 ============================================================

21:40:23.0797 216788 Scan finished

21:40:23.0797 216788 ============================================================

21:40:23.0803 216780 Detected object count: 0

21:40:23.0803 216780 Actual detected object count: 0

Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:10:03 PM, on 1/3/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Safe mode

Running processes:

C:\rootkitremover\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O1 - Hosts: ::1 localhost

O1 - Hosts: 66.232.114.203 www.google-analytics.com.

O1 - Hosts: 66.232.114.203 ad-emea.doubleclick.net.

O1 - Hosts: 66.232.114.203 www.statcounter.com.

O1 - Hosts: 108.163.215.51 www.google-analytics.com.

O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.

O1 - Hosts: 108.163.215.51 www.statcounter.com.

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120630014225.dll (file missing)

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

O4 - HKLM\..\Run: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Chicony_OSD] "C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe"

O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

O4 - HKLM\..\Run: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe

O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900

O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSAP.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [updater] C:\Windows\Adobe\Updater.exe

O4 - HKCU\..\Run: [spotify] "C:\Users\Sebastian\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart

O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Sebastian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files (x86)\eMule\emule.exe -AutoStart

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [CTAutoUpdate] "C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" /RunFromInstaller (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [CTAutoUpdate] "C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" /RunFromInstaller (User 'Default user')

O4 - Startup: Dropbox.lnk = Sebastian\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: PPS.lnk = C:\Program Files (x86)\PPStream\PPStream.exe

O4 - Global Startup: HyperWorkswin64Desktop Quick Launch.lnk = C:\Altairwin64\hw10.0\hw\bin\win64\hw.exe

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll

O23 - Service: McAfee Application Installer Cleanup (0283801357186074) (0283801357186074mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\028380~1.EXE

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Altair UMT - Unknown owner - C:\Altair\licensing10.0\security\bin\win64\umt_dist\umt_service.exe

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: CyberLink Product - 2012/02/24 18:40:35 (CLKMSVC10_9EC60124) - CyberLink - C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe

O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe

O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

O23 - Service: ChiconyOSDService (OSDSvc) - Chicony - C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe

O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 14980 bytes

Link to post
Share on other sites

There is a rogue program running on your system :- mRun: [PC Cleaners] "C:\Program Files (x86)\PC Cleaners\PCCleaners.exe" /minimize Also possible other hidden extras, OK we continue with Combofix:

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*

  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin

Link to post
Share on other sites

ComboFix 13-01-05.01 - Sebastian 01/05/2013 10:08:15.2.8 - x64

Running from: c:\users\Sebastian\Desktop\ComboFix.exe

* Resident AV is active

.

.

.

((((((((((((((((((((((((( Files Created from 2012-12-05 to 2013-01-05 )))))))))))))))))))))))))))))))

.

.

2013-01-05 18:11 . 2013-01-05 18:11 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-05 05:41 . 2013-01-05 05:41 -------- d-----w- c:\users\Sebastian\AppData\Local\Programs

2013-01-04 08:48 . 2013-01-04 08:48 -------- d-----w- c:\users\Sebastian\AppData\Roaming\PC Cleaners

2013-01-04 08:48 . 2013-01-04 08:53 4728200 ----a-w- c:\windows\uninst.exe

2013-01-04 08:48 . 2013-01-04 08:53 -------- d-----w- c:\users\Sebastian\AppData\Roaming\PCPro

2013-01-04 08:48 . 2013-01-04 08:48 -------- d-----w- c:\programdata\PC1Data

2013-01-04 07:36 . 2013-01-04 07:36 -------- d-----w- c:\programdata\SurfRight

2013-01-04 07:36 . 2013-01-04 07:36 -------- d-----w- c:\program files\SurfRight

2013-01-04 07:36 . 2013-01-04 07:36 -------- d-----w- c:\program files (x86)\SurfRight

2013-01-04 07:28 . 2013-01-04 07:28 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-01-04 07:27 . 2013-01-04 07:27 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-01-04 07:23 . 2013-01-05 07:30 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2013-01-04 07:23 . 2012-11-01 23:35 253256 ----a-w- c:\windows\system32\drivers\PCTSD64.sys

2013-01-04 07:22 . 2013-01-05 06:48 -------- d-----w- c:\programdata\PC Tools

2013-01-04 07:22 . 2013-01-04 07:22 -------- d-----w- c:\users\Sebastian\AppData\Roaming\TestApp

2013-01-04 07:20 . 2013-01-04 07:20 308200 ----a-w- c:\windows\system32\javaws.exe

2013-01-04 07:20 . 2013-01-04 07:20 1081320 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-01-04 07:20 . 2013-01-04 07:20 188392 ----a-w- c:\windows\system32\javaw.exe

2013-01-04 07:20 . 2013-01-04 07:20 188392 ----a-w- c:\windows\system32\java.exe

2013-01-04 07:20 . 2013-01-04 07:20 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2013-01-04 07:11 . 2013-01-04 07:11 12872 ----a-w- c:\windows\system32\bootdelete.exe

2013-01-04 06:59 . 2013-01-04 06:59 16200 ----a-w- c:\windows\stinger.sys

2013-01-03 03:45 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2013-01-03 03:45 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2013-01-03 03:45 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2013-01-03 03:45 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-17 11:09 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-12-17 11:09 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-12-17 11:09 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-12-17 11:09 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-12-17 11:01 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-12-17 11:01 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-12-17 11:01 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-12-17 11:01 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-12-17 11:01 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-12-17 11:01 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-12-17 11:01 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-12-17 07:39 . 2012-11-09 14:36 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2012-12-17 07:39 . 2012-11-09 14:37 177680 ----a-w- c:\windows\system32\mfevtps.exe

2012-12-17 07:39 . 2012-11-09 14:40 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys

2012-12-17 07:39 . 2012-11-09 14:37 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2012-12-17 07:39 . 2012-11-09 14:36 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2012-12-17 07:39 . 2012-11-09 14:35 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-12-17 07:39 . 2012-11-09 14:34 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2012-12-17 07:39 . 2012-11-09 14:34 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2012-12-17 07:39 . 2012-11-09 14:33 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2012-12-17 04:59 . 2013-01-04 07:11 -------- d-----w- c:\programdata\HitmanPro

2012-12-17 04:53 . 2013-01-04 07:06 -------- d-----w- c:\program files (x86)\stinger

2012-12-17 04:42 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-12-17 04:18 . 2013-01-05 07:00 -------- d-----w- C:\rootkitremover

2012-12-16 08:44 . 2013-01-05 05:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-12-16 08:44 . 2012-12-15 00:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-15 10:24 . 2012-11-09 14:37 118600 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-04 07:27 . 2012-07-24 05:29 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-01-04 07:27 . 2012-02-25 00:30 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-01-04 07:20 . 2012-02-25 00:31 959976 ----a-w- c:\windows\system32\deployJava1.dll

2012-12-17 11:27 . 2012-05-23 18:45 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2012-12-17 11:27 . 2012-05-23 18:45 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2012-12-12 04:53 . 2012-06-07 04:21 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-12 04:53 . 2012-02-25 00:19 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-12 04:53 . 2012-08-16 03:06 15728568 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-11-28 23:58 . 2012-06-07 04:11 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-10-23 10:18 . 2012-09-24 04:37 364096 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-10-23 10:18 . 2012-09-24 04:36 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-10-23 10:18 . 2012-09-24 04:36 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-10-23 10:18 . 2012-09-24 04:37 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-10-23 10:18 . 2012-09-24 04:36 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-10-23 10:17 . 2012-09-24 04:36 41224 ----a-w- c:\windows\avastSS.scr

2012-10-23 10:17 . 2012-09-24 04:36 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-10-23 10:17 . 2012-09-24 04:36 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-10-16 08:38 . 2012-12-17 04:42 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-12-17 04:42 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-12-17 04:42 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-15 16:59 . 2012-09-24 04:36 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PPS Accelerator"="c:\program files (x86)\PPStream\PPSAP.exe" [2010-02-24 214408]

"Spotify"="c:\users\Sebastian\AppData\Roaming\Spotify\Spotify.exe" [2012-11-26 7880664]

"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-09-10 59280]

"Spotify Web Helper"="c:\users\Sebastian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-26 1199576]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]

"eMuleAutoStart"="c:\program files (x86)\eMule\emule.exe" [2010-04-07 5758976]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"CTxfiHlp"="CTXFIHLP.EXE" [2010-03-05 24064]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]

"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]

"Chicony_OSD"="c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe" [2011-01-13 53248]

"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]

"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2011-08-12 75048]

"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]

"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-07 66872]

"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-23 4297136]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"CTAutoUpdate"="c:\program files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" [2009-06-19 623416]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]

@="FSFilter System Recovery"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]

@="Driver"

.

R2 Altair UMT;Altair UMT;c:\altair\licensing10.0\security\bin\win64\umt_dist\umt_service.exe [2009-03-31 1118208]

R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/02/24 18:40;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2011-08-11 248304]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-06-19 173056]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

R3 CaretakerAntispam;Caretaker Antispam Service;c:\program files\SurfRight\Caretaker\AntispamService.exe [2012-01-23 575816]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-02-25 79360]

R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-03-05 230488]

R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-03-05 1445976]

R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-03-05 95320]

R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176]

R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-11-09 106112]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-03-18 25072]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-06 1255736]

R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]

R4 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2012-11-09 118600]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-09 339776]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 ctredr15.sys;ctredr15.sys;c:\windows\system32\drivers\ctredr15.sys [2008-04-11 22016]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-23 71600]

S2 CaretakerProxy;Caretaker Proxy;c:\program files\SurfRight\Caretaker\CaretakerProxy.exe [2011-12-23 1416520]

S2 CaretakerSvc;Caretaker Service;c:\program files\SurfRight\Caretaker\CaretakerService.exe [2011-12-23 1490760]

S2 CaretakerUpdate;Caretaker Updater;c:\program files\SurfRight\Caretaker\CaretakerUpdater.exe [2011-12-23 222536]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-09 177680]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-26 687400]

S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

S2 OSDSvc;ChiconyOSDService;c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [2010-12-01 176128]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-09 69672]

S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-03-05 230488]

S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-03-05 1445976]

S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-03-05 95320]

S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-03-05 1623128]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-06-08 406056]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-09 515528]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-10-27 75264]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-10-27 176640]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - CLKMDRV10_9EC60124

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 04:53]

.

2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-591801800-512401281-386040104-1000Core.job

- c:\users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-09 06:41]

.

2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-591801800-512401281-386040104-1000UA.job

- c:\users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-09 06:41]

.

2013-01-04 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-03-22 17:20]

.

2013-01-05 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\pcdrcui.exe [2011-03-22 17:20]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-23 10:17 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]

"CaretakerNotifier"="c:\program files\SurfRight\Caretaker\Notifier.exe" [2011-12-23 779264]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run- - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-05 10:12:24

ComboFix-quarantined-files.txt 2013-01-05 18:12

ComboFix2.txt 2013-01-05 18:04

.

Pre-Run: 788,056,301,568 bytes free

Post-Run: 787,985,948,672 bytes free

.

- - End Of File - - 4D5E42292F7632D37368E0D5C5315191

Link to post
Share on other sites

ComboFix 13-01-05.01 - Sebastian 01/05/2013 9:58.1.8 - x64

Running from: c:\users\Sebastian\Desktop\ComboFix.exe

* Resident AV is active

.

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Sebastian\AppData\Roaming\A75D5A.dat

.

.

((((((((((((((((((((((((( Files Created from 2012-12-05 to 2013-01-05 )))))))))))))))))))))))))))))))

.

.

2013-01-05 18:03 . 2013-01-05 18:03 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-05 05:41 . 2013-01-05 05:41 -------- d-----w- c:\users\Sebastian\AppData\Local\Programs

2013-01-04 08:48 . 2013-01-04 08:48 -------- d-----w- c:\users\Sebastian\AppData\Roaming\PC Cleaners

2013-01-04 08:48 . 2013-01-04 08:53 4728200 ----a-w- c:\windows\uninst.exe

2013-01-04 08:48 . 2013-01-04 08:53 -------- d-----w- c:\users\Sebastian\AppData\Roaming\PCPro

2013-01-04 08:48 . 2013-01-04 08:48 -------- d-----w- c:\programdata\PC1Data

2013-01-04 07:36 . 2013-01-04 07:36 -------- d-----w- c:\programdata\SurfRight

2013-01-04 07:36 . 2013-01-04 07:36 -------- d-----w- c:\program files\SurfRight

2013-01-04 07:36 . 2013-01-04 07:36 -------- d-----w- c:\program files (x86)\SurfRight

2013-01-04 07:28 . 2013-01-04 07:28 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-01-04 07:27 . 2013-01-04 07:27 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-01-04 07:23 . 2013-01-05 07:30 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2013-01-04 07:23 . 2012-11-01 23:35 253256 ----a-w- c:\windows\system32\drivers\PCTSD64.sys

2013-01-04 07:22 . 2013-01-05 06:48 -------- d-----w- c:\programdata\PC Tools

2013-01-04 07:22 . 2013-01-04 07:22 -------- d-----w- c:\users\Sebastian\AppData\Roaming\TestApp

2013-01-04 07:20 . 2013-01-04 07:20 308200 ----a-w- c:\windows\system32\javaws.exe

2013-01-04 07:20 . 2013-01-04 07:20 1081320 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-01-04 07:20 . 2013-01-04 07:20 188392 ----a-w- c:\windows\system32\javaw.exe

2013-01-04 07:20 . 2013-01-04 07:20 188392 ----a-w- c:\windows\system32\java.exe

2013-01-04 07:20 . 2013-01-04 07:20 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2013-01-04 07:11 . 2013-01-04 07:11 12872 ----a-w- c:\windows\system32\bootdelete.exe

2013-01-04 06:59 . 2013-01-04 06:59 16200 ----a-w- c:\windows\stinger.sys

2013-01-03 03:45 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2013-01-03 03:45 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2013-01-03 03:45 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2013-01-03 03:45 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-17 11:09 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-12-17 11:09 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-12-17 11:09 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-12-17 11:09 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-12-17 11:01 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-12-17 11:01 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-12-17 11:01 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-12-17 11:01 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-12-17 11:01 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-12-17 11:01 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-12-17 11:01 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-12-17 07:39 . 2012-11-09 14:36 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2012-12-17 07:39 . 2012-11-09 14:37 177680 ----a-w- c:\windows\system32\mfevtps.exe

2012-12-17 07:39 . 2012-11-09 14:40 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys

2012-12-17 07:39 . 2012-11-09 14:37 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2012-12-17 07:39 . 2012-11-09 14:36 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2012-12-17 07:39 . 2012-11-09 14:35 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-12-17 07:39 . 2012-11-09 14:34 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2012-12-17 07:39 . 2012-11-09 14:34 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2012-12-17 07:39 . 2012-11-09 14:33 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2012-12-17 04:59 . 2013-01-04 07:11 -------- d-----w- c:\programdata\HitmanPro

2012-12-17 04:53 . 2013-01-04 07:06 -------- d-----w- c:\program files (x86)\stinger

2012-12-17 04:42 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-12-17 04:18 . 2013-01-05 07:00 -------- d-----w- C:\rootkitremover

2012-12-16 08:44 . 2013-01-05 05:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-12-16 08:44 . 2012-12-15 00:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-15 10:24 . 2012-11-09 14:37 118600 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-04 07:27 . 2012-07-24 05:29 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-01-04 07:27 . 2012-02-25 00:30 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-01-04 07:20 . 2012-02-25 00:31 959976 ----a-w- c:\windows\system32\deployJava1.dll

2012-12-17 11:27 . 2012-05-23 18:45 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2012-12-17 11:27 . 2012-05-23 18:45 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2012-12-12 04:53 . 2012-06-07 04:21 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-12 04:53 . 2012-02-25 00:19 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-12 04:53 . 2012-08-16 03:06 15728568 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-11-28 23:58 . 2012-06-07 04:11 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-10-23 10:18 . 2012-09-24 04:37 364096 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-10-23 10:18 . 2012-09-24 04:36 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-10-23 10:18 . 2012-09-24 04:36 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-10-23 10:18 . 2012-09-24 04:37 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-10-23 10:18 . 2012-09-24 04:36 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-10-23 10:17 . 2012-09-24 04:36 41224 ----a-w- c:\windows\avastSS.scr

2012-10-23 10:17 . 2012-09-24 04:36 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-10-23 10:17 . 2012-09-24 04:36 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-10-16 08:38 . 2012-12-17 04:42 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-12-17 04:42 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-12-17 04:42 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-15 16:59 . 2012-09-24 04:36 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PPS Accelerator"="c:\program files (x86)\PPStream\PPSAP.exe" [2010-02-24 214408]

"Spotify"="c:\users\Sebastian\AppData\Roaming\Spotify\Spotify.exe" [2012-11-26 7880664]

"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-09-10 59280]

"Spotify Web Helper"="c:\users\Sebastian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-26 1199576]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]

"eMuleAutoStart"="c:\program files (x86)\eMule\emule.exe" [2010-04-07 5758976]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"CTxfiHlp"="CTXFIHLP.EXE" [2010-03-05 24064]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]

"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]

"Chicony_OSD"="c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe" [2011-01-13 53248]

"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]

"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2011-08-12 75048]

"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]

"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-07 66872]

"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-23 4297136]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"CTAutoUpdate"="c:\program files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" [2009-06-19 623416]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]

@="FSFilter System Recovery"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]

@="Driver"

.

R2 Altair UMT;Altair UMT;c:\altair\licensing10.0\security\bin\win64\umt_dist\umt_service.exe [2009-03-31 1118208]

R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/02/24 18:40;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2011-08-11 248304]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-06-19 173056]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

R3 CaretakerAntispam;Caretaker Antispam Service;c:\program files\SurfRight\Caretaker\AntispamService.exe [2012-01-23 575816]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-02-25 79360]

R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-03-05 230488]

R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-03-05 1445976]

R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-03-05 95320]

R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176]

R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-11-09 106112]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-03-18 25072]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-06 1255736]

R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]

R4 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2012-11-09 118600]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-09 339776]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 ctredr15.sys;ctredr15.sys;c:\windows\system32\drivers\ctredr15.sys [2008-04-11 22016]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-23 71600]

S2 CaretakerProxy;Caretaker Proxy;c:\program files\SurfRight\Caretaker\CaretakerProxy.exe [2011-12-23 1416520]

S2 CaretakerSvc;Caretaker Service;c:\program files\SurfRight\Caretaker\CaretakerService.exe [2011-12-23 1490760]

S2 CaretakerUpdate;Caretaker Updater;c:\program files\SurfRight\Caretaker\CaretakerUpdater.exe [2011-12-23 222536]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-09 177680]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-26 687400]

S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

S2 OSDSvc;ChiconyOSDService;c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [2010-12-01 176128]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-09 69672]

S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-03-05 230488]

S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-03-05 1445976]

S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-03-05 95320]

S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-03-05 1623128]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-06-08 406056]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-09 515528]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-10-27 75264]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-10-27 176640]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - CLKMDRV10_9EC60124

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 04:53]

.

2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-591801800-512401281-386040104-1000Core.job

- c:\users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-09 06:41]

.

2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-591801800-512401281-386040104-1000UA.job

- c:\users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-09 06:41]

.

2013-01-04 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-03-22 17:20]

.

2013-01-05 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\pcdrcui.exe [2011-03-22 17:20]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-23 10:17 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]

"CaretakerNotifier"="c:\program files\SurfRight\Caretaker\Notifier.exe" [2011-12-23 779264]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run- - (no file)

Wow6432Node-HKLM-Run-PC Cleaners - c:\program files (x86)\PC Cleaners\PCCleaners.exe

SafeBoot-dmadmin

SafeBoot-dmserver

SafeBoot-SRService

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-05 10:04:58

ComboFix-quarantined-files.txt 2013-01-05 18:04

.

Pre-Run: 787,281,686,528 bytes free

Post-Run: 787,993,186,304 bytes free

.

- - End Of File - - 106A059BCC512ECAF28551E7BFD666E9

Link to post
Share on other sites

2013-01-05 18:04:23 . 2013-01-05 18:04:23 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat

2013-01-05 18:04:18 . 2013-01-05 18:04:18 550 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-SRService.reg.dat

2013-01-05 18:04:18 . 2013-01-05 18:04:18 546 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-dmserver.reg.dat

2013-01-05 18:04:18 . 2013-01-05 18:04:18 542 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-dmadmin.reg.dat

2013-01-05 18:04:14 . 2013-01-05 18:04:14 176 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-PC Cleaners.reg.dat

2013-01-05 18:04:12 . 2013-01-05 18:11:35 104 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat

2013-01-05 18:01:11 . 2013-01-05 18:10:09 6,140 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2013-01-05 17:57:29 . 2013-01-05 18:07:40 102 ----a-w- C:\Qoobox\Quarantine\catchme.log

2012-09-05 17:32:00 . 2012-09-10 05:19:07 48 ----a-w- C:\Qoobox\Quarantine\C\Users\Sebastian\AppData\Roaming\A75D5A.dat.vir

Link to post
Share on other sites

Run the following:

Download OTL from any of the following links and save to your desktop.

http://itxassociates.com/OT-Tools/OTL.com

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.scr

Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)

  • When the window appears, underneath Output at the top, make sure Standard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Click Run Scan and let the program run uninterrupted.
  • When the scan is complete, two text files will be created on your Desktop.
  • OTL.Txt <- this one will be opened
  • Extras.txt <- this one will be minimized

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

AAlso give me an update on how your system is currently responding and if any specific issues/concerns remain...

Kevin

Link to post
Share on other sites

OTL logfile created on: 1/6/2013 11:04:21 AM - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\rootkitremover

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.98 Gb Total Physical Memory | 15.00 Gb Available Physical Memory | 93.86% Memory free

31.96 Gb Paging File | 31.00 Gb Available in Paging File | 96.98% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 918.22 Gb Total Space | 738.72 Gb Free Space | 80.45% Space Free | Partition Type: NTFS

Computer Name: SEBASTIAN-PC | User Name: Sebastian | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/06 02:14:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\rootkitremover\OTL.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:64bit: - [2012/11/16 21:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)

SRV:64bit: - [2012/11/09 06:37:30 | 000,177,680 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)

SRV:64bit: - [2012/11/09 06:34:50 | 000,218,320 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)

SRV:64bit: - [2012/11/09 06:33:08 | 000,241,016 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV:64bit: - [2012/10/23 02:17:40 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)

SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)

SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)

SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV:64bit: - [2012/01/23 11:21:46 | 000,575,816 | --S- | M] (SurfRight B.V.) [On_Demand | Stopped] -- C:\Program Files\SurfRight\Caretaker\AntispamService.exe -- (CaretakerAntispam)

SRV:64bit: - [2011/12/22 16:39:36 | 001,416,520 | --S- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe -- (CaretakerProxy)

SRV:64bit: - [2011/12/22 16:37:44 | 000,222,536 | --S- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe -- (CaretakerUpdate)

SRV:64bit: - [2011/12/22 16:37:24 | 001,490,760 | --S- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Program Files\SurfRight\Caretaker\CaretakerService.exe -- (CaretakerSvc)

SRV:64bit: - [2011/04/19 17:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2011/03/08 15:00:50 | 000,224,704 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk)

SRV:64bit: - [2010/09/22 16:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/12/14 20:38:46 | 001,236,968 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)

SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/12/11 20:53:51 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Stopped] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)

SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/06/19 13:33:06 | 000,173,056 | ---- | M] (Dell Products, LP.) [Auto | Stopped] -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)

SRV - [2012/04/03 21:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/02/24 16:15:59 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)

SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011/09/22 08:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)

SRV - [2011/08/11 15:48:06 | 000,248,304 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)

SRV - [2011/05/20 08:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2010/12/01 13:07:46 | 000,176,128 | ---- | M] (Chicony) [Auto | Stopped] -- C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe -- (OSDSvc)

SRV - [2010/11/25 03:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)

SRV - [2010/11/25 03:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)

SRV - [2010/08/25 18:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/27 14:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/03/31 13:04:02 | 001,118,208 | ---- | M] () [Auto | Stopped] -- C:\Altair\licensing10.0\security\bin\win64\umt_dist\umt_service.exe -- (Altair UMT)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/17 06:43:13 | 000,038,096 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiark.sys -- (gfiark)

DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/11/09 06:40:24 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)

DRV:64bit: - [2012/11/09 06:37:42 | 000,339,776 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)

DRV:64bit: - [2012/11/09 06:37:10 | 000,118,600 | ---- | M] (McAfee, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\mfetdi2k.sys -- (mfetdi2k)

DRV:64bit: - [2012/11/09 06:36:30 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)

DRV:64bit: - [2012/11/09 06:35:50 | 000,771,096 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)

DRV:64bit: - [2012/11/09 06:34:58 | 000,515,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)

DRV:64bit: - [2012/11/09 06:34:18 | 000,309,400 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)

DRV:64bit: - [2012/11/09 06:33:58 | 000,178,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)

DRV:64bit: - [2012/10/23 02:18:31 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2012/10/23 02:18:31 | 000,364,096 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2012/10/23 02:18:31 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2012/10/23 02:18:30 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2012/10/23 02:18:30 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2012/10/15 08:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2012/09/12 20:19:38 | 000,082,872 | ---- | M] (GFI Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)

DRV:64bit: - [2012/04/25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/04/20 15:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)

DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/24 18:07:31 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2012/02/24 18:07:31 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011/04/19 17:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/04/19 16:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/03/17 22:58:44 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)

DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/11/17 02:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2010/09/21 19:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010/06/08 04:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)

DRV:64bit: - [2010/05/20 15:42:44 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2010/03/19 01:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2010/03/05 13:48:42 | 001,623,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)

DRV:64bit: - [2010/03/05 13:48:18 | 001,578,072 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)

DRV:64bit: - [2010/03/05 13:47:48 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)

DRV:64bit: - [2010/03/05 13:47:30 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV:64bit: - [2010/03/05 13:47:16 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)

DRV:64bit: - [2010/03/05 13:46:54 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)

DRV:64bit: - [2010/03/05 13:46:22 | 000,699,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)

DRV:64bit: - [2010/03/05 13:45:48 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)

DRV:64bit: - [2010/03/05 13:45:12 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)

DRV:64bit: - [2010/03/05 13:45:12 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)

DRV:64bit: - [2010/03/05 13:44:36 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)

DRV:64bit: - [2010/03/05 13:44:36 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)

DRV:64bit: - [2010/03/05 13:44:04 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)

DRV:64bit: - [2010/03/05 13:44:04 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)

DRV:64bit: - [2009/10/26 23:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2009/10/26 23:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/04/11 08:58:48 | 000,022,016 | --S- | M] (SurfRight B.V.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ctredr15.sys -- (ctredr15.sys)

DRV:64bit: - [2006/11/01 10:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-591801800-512401281-386040104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-591801800-512401281-386040104-1000\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}

IE - HKU\S-1-5-21-591801800-512401281-386040104-1000\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://findgala.com/?&uid=3259&q={searchTerms}

IE - HKU\S-1-5-21-591801800-512401281-386040104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-591801800-512401281-386040104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sebastian\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sebastian\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/12/16 23:39:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013/01/02 20:07:53 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 7 U1 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Sebastian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll

CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll

CHR - Extension: avast! WebRep = C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1473_0\

O1 HOSTS File: ([2013/01/05 10:03:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [CaretakerNotifier] C:\Program Files\SurfRight\Caretaker\Notifier.exe (SurfRight B.V.)

O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()

O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)

O4 - HKLM..\Run: [Chicony_OSD] C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe ()

O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)

O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()

O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)

O4 - HKLM..\Run: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)

O4 - HKLM..\Run: [startCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-21-591801800-512401281-386040104-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)

O4 - HKU\S-1-5-21-591801800-512401281-386040104-1000..\Run: [eMuleAutoStart] C:\Program Files (x86)\eMule\emule.exe (http://www.emule-project.net)

O4 - HKU\S-1-5-21-591801800-512401281-386040104-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKU\S-1-5-21-591801800-512401281-386040104-1000..\Run: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSAP.exe (PPStream Inc)

O4 - HKU\S-1-5-21-591801800-512401281-386040104-1000..\Run: [spotify] C:\Users\Sebastian\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)

O4 - HKU\S-1-5-21-591801800-512401281-386040104-1000..\Run: [spotify Web Helper] C:\Users\Sebastian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)

O4 - HKU\.DEFAULT..\RunOnce: [CTAutoUpdate] C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe (Creative Technology Ltd)

O4 - HKU\S-1-5-18..\RunOnce: [CTAutoUpdate] C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe (Creative Technology Ltd)

O4 - Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PPS.lnk = C:\Program Files (x86)\PPStream\PPStream.exe (PPStream Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-591801800-512401281-386040104-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-591801800-512401281-386040104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CAC5A20-872D-458C-8D66-6C58F50B3872}: DhcpNameServer = 192.168.0.1 205.171.3.25

O18:64bit: - Protocol\Handler\cozi - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)

O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/06 10:49:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/01/06 04:35:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2013/01/06 04:28:52 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\Skype

[2013/01/06 04:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2013/01/06 04:25:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2013/01/06 04:24:47 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype

[2013/01/05 20:04:25 | 000,038,096 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfiark.sys

[2013/01/05 19:57:53 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\Ad-Aware Antivirus

[2013/01/05 19:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus

[2013/01/05 19:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus

[2013/01/05 19:57:26 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe

[2013/01/05 19:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft

[2013/01/05 19:57:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus

[2013/01/05 19:56:18 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\Downloaded Installations

[2013/01/05 13:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications

[2013/01/05 11:17:49 | 000,000,000 | RH-D | C] -- C:\MSOCache

[2013/01/05 11:12:44 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\SoftGrid Client

[2013/01/05 11:12:43 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\SoftGrid Client

[2013/01/05 11:12:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)

[2013/01/05 11:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2013/01/05 11:12:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client

[2013/01/05 11:12:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER

[2013/01/05 11:11:55 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\TP

[2013/01/05 09:57:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013/01/05 09:57:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013/01/05 09:57:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013/01/05 09:57:25 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/01/05 09:57:13 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/01/05 09:41:53 | 005,019,547 | R--- | C] (Swearware) -- C:\Users\Sebastian\Desktop\ComboFix.exe

[2013/01/04 21:41:53 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\Programs

[2013/01/04 00:48:39 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\PC Cleaners

[2013/01/04 00:48:32 | 004,728,200 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe

[2013/01/04 00:48:31 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\PCPro

[2013/01/04 00:48:31 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data

[2013/01/03 23:36:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SurfRight

[2013/01/03 23:36:19 | 000,000,000 | ---D | C] -- C:\Program Files\SurfRight

[2013/01/03 23:36:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SurfRight

[2013/01/03 23:36:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Caretaker

[2013/01/03 23:28:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2013/01/03 23:28:37 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2013/01/03 23:27:54 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2013/01/03 23:27:54 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2013/01/03 23:27:54 | 000,095,184 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2013/01/03 23:23:14 | 000,253,256 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys

[2013/01/03 23:23:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools

[2013/01/03 23:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools

[2013/01/03 23:22:15 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\TestApp

[2013/01/03 23:20:48 | 001,081,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll

[2013/01/03 23:20:48 | 000,308,200 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe

[2013/01/03 23:20:45 | 000,188,392 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe

[2013/01/03 23:20:45 | 000,188,392 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe

[2013/01/03 23:20:45 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll

[2013/01/03 23:11:25 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe

[2013/01/03 22:59:06 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys

[2013/01/02 20:08:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

[2013/01/02 19:45:47 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2013/01/02 19:45:47 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2013/01/02 19:45:47 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2013/01/02 19:45:45 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2012/12/17 03:09:20 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys

[2012/12/17 03:09:20 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll

[2012/12/17 03:02:20 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/12/17 03:02:20 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/12/17 03:02:19 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012/12/17 03:02:19 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/12/17 03:02:19 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/12/17 03:02:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/12/17 03:02:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/12/17 03:02:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012/12/17 03:02:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012/12/17 03:02:18 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012/12/17 03:02:18 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012/12/17 03:02:18 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012/12/17 03:02:17 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012/12/17 03:02:17 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/12/17 03:02:17 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2012/12/17 03:01:46 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll

[2012/12/17 03:01:45 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll

[2012/12/17 03:01:45 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe

[2012/12/17 03:01:45 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll

[2012/12/16 23:39:43 | 000,010,288 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys

[2012/12/16 23:39:34 | 000,177,680 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe

[2012/12/16 23:39:32 | 000,771,096 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfehidk.sys

[2012/12/16 23:39:32 | 000,515,528 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfefirek.sys

[2012/12/16 23:39:32 | 000,339,776 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfewfpk.sys

[2012/12/16 23:39:32 | 000,309,400 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys

[2012/12/16 23:39:32 | 000,178,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeapfk.sys

[2012/12/16 23:39:32 | 000,106,112 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys

[2012/12/16 23:39:32 | 000,069,672 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\cfwids.sys

[2012/12/16 20:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

[2012/12/16 20:58:13 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\rkill

[2012/12/16 20:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger

[2012/12/16 20:43:33 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll

[2012/12/16 20:43:33 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll

[2012/12/16 20:43:29 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll

[2012/12/16 20:43:29 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll

[2012/12/16 20:43:29 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll

[2012/12/16 20:43:07 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2012/12/16 20:43:07 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2012/12/16 20:43:07 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2012/12/16 20:43:03 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys

[2012/12/16 20:43:01 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll

[2012/12/16 20:42:57 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys

[2012/12/16 20:42:57 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll

[2012/12/16 20:42:57 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll

[2012/12/16 20:42:56 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS

[2012/12/16 20:42:56 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll

[2012/12/16 20:42:56 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll

[2012/12/16 20:42:56 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll

[2012/12/16 20:42:56 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll

[2012/12/16 20:42:49 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll

[2012/12/16 20:42:48 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2012/12/16 20:42:48 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe

[2012/12/16 20:42:48 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2012/12/16 20:42:47 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll

[2012/12/16 20:42:47 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2012/12/16 20:42:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2012/12/16 20:42:47 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll

[2012/12/16 20:42:47 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2012/12/16 20:42:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll

[2012/12/16 20:42:47 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2012/12/16 20:42:47 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2012/12/16 20:42:47 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2012/12/16 20:42:47 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2012/12/16 20:42:47 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2012/12/16 20:42:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2012/12/16 20:42:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2012/12/16 20:42:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2012/12/16 20:42:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2012/12/16 20:42:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2012/12/16 20:42:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2012/12/16 20:42:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2012/12/16 20:42:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2012/12/16 20:42:46 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2012/12/16 20:42:46 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2012/12/16 20:42:46 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2012/12/16 20:42:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2012/12/16 20:42:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2012/12/16 20:42:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2012/12/16 20:42:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2012/12/16 20:42:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2012/12/16 20:42:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2012/12/16 20:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2012/12/16 20:42:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2012/12/16 20:42:39 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll

[2012/12/16 20:42:39 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll

[2012/12/16 20:42:38 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

[2012/12/16 20:42:37 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe

[2012/12/16 20:42:19 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll

[2012/12/16 20:42:19 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll

[2012/12/16 20:18:10 | 000,000,000 | ---D | C] -- C:\rootkitremover

[2012/12/16 00:44:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/12/16 00:44:09 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/12/16 00:44:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/12/15 02:24:08 | 000,118,600 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfetdi2k.sys

========== Files - Modified Within 30 Days ==========

[2013/01/06 11:02:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/01/06 11:02:35 | 4281,159,678 | -HS- | M] () -- C:\hiberfil.sys

[2013/01/06 10:58:15 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job

[2013/01/06 10:18:32 | 000,063,640 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000000-00001102-0000000B-00441102}.rfx

[2013/01/06 10:18:32 | 000,063,640 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000000-00001102-0000000B-00441102}.rfx

[2013/01/06 10:18:32 | 000,001,376 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000000-00001102-0000000B-00441102}.rfx

[2013/01/06 10:14:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/01/06 10:07:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-591801800-512401281-386040104-1000UA.job

[2013/01/06 05:53:28 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/01/06 05:53:28 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/01/06 05:00:05 | 000,660,520 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/01/06 05:00:05 | 000,121,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/01/06 04:59:57 | 000,795,928 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/01/05 19:59:52 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk

[2013/01/05 19:03:52 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-591801800-512401281-386040104-1000Core.job

[2013/01/05 10:03:26 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013/01/05 09:56:17 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/01/05 09:42:28 | 005,019,547 | R--- | M] (Swearware) -- C:\Users\Sebastian\Desktop\ComboFix.exe

[2013/01/04 21:46:00 | 001,806,838 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB

[2013/01/04 00:53:09 | 004,728,200 | ---- | M] (PC Cleaners) -- C:\Windows\uninst.exe

[2013/01/04 00:24:02 | 000,002,767 | ---- | M] () -- C:\Users\Public\Desktop\SyncUP.lnk

[2013/01/03 23:56:41 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

[2013/01/03 23:27:51 | 000,095,184 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2013/01/03 23:27:42 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2013/01/03 23:27:42 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2013/01/03 23:27:41 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2013/01/03 23:27:39 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll

[2013/01/03 23:27:39 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll

[2013/01/03 23:20:42 | 001,081,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll

[2013/01/03 23:20:42 | 000,959,976 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll

[2013/01/03 23:20:42 | 000,308,200 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe

[2013/01/03 23:20:42 | 000,188,392 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe

[2013/01/03 23:20:42 | 000,188,392 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe

[2013/01/03 23:20:42 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll

[2013/01/03 23:11:25 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe

[2013/01/03 22:59:06 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys

[2013/01/02 19:52:40 | 000,322,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/12/17 06:43:13 | 000,038,096 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfiark.sys

[2012/12/16 19:58:22 | 000,001,669 | ---- | M] () -- C:\Users\Sebastian\Desktop\Desktop.rar

[2012/12/16 19:57:11 | 000,000,555 | ---- | M] () -- C:\Users\Sebastian\Desktop\MBR.rar

[2012/12/16 09:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2012/12/16 06:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2012/12/16 06:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2012/12/16 06:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/12/12 03:02:08 | 000,002,507 | ---- | M] () -- C:\Users\Sebastian\Desktop\Google Chrome.lnk

[2012/12/11 20:53:50 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/12/11 20:53:50 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/12/11 20:53:43 | 015,728,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

========== Files Created - No Company Name ==========

[2013/01/05 19:57:29 | 000,001,830 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk

[2013/01/05 09:57:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/01/05 09:57:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/01/05 09:57:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/01/05 09:57:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/01/05 09:57:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/01/04 00:24:02 | 000,002,767 | ---- | C] () -- C:\Users\Public\Desktop\SyncUP.lnk

[2013/01/03 23:23:19 | 001,806,838 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB

[2012/12/17 03:09:21 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

[2012/12/17 03:01:45 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

[2012/12/16 19:58:22 | 000,001,669 | ---- | C] () -- C:\Users\Sebastian\Desktop\Desktop.rar

[2012/12/16 19:57:11 | 000,000,555 | ---- | C] () -- C:\Users\Sebastian\Desktop\MBR.rar

[2012/07/22 13:46:21 | 067,817,370 | ---- | C] () -- C:\Users\Sebastian\P90X 12 - Ab Ripper X.mp4

[2012/07/22 13:46:17 | 177,323,321 | ---- | C] () -- C:\Users\Sebastian\P90X 11 - Cardio X.mp4

[2012/07/22 13:46:15 | 282,987,030 | ---- | C] () -- C:\Users\Sebastian\P90X 10 - Back & Biceps.mp4

[2012/07/22 13:46:12 | 303,599,084 | ---- | C] () -- C:\Users\Sebastian\P90X 09 - Chest & Shoulders & Triceps.mp4

[2012/07/22 13:46:08 | 241,288,538 | ---- | C] () -- C:\Users\Sebastian\P90X 08 - Core Synergistics.mp4

[2012/07/22 13:46:05 | 241,728,168 | ---- | C] () -- C:\Users\Sebastian\P90X 07 - X Stretch.mp4

[2012/07/22 13:46:02 | 248,433,499 | ---- | C] () -- C:\Users\Sebastian\P90X 06 - Kenpo X.mp4

[2012/07/22 13:46:01 | 314,455,103 | ---- | C] () -- C:\Users\Sebastian\P90X 05 - Legs & Back.mp4

[2012/07/22 13:45:57 | 379,152,421 | ---- | C] () -- C:\Users\Sebastian\P90X 04 - Yoga X.mp4

[2012/07/22 13:45:54 | 321,005,498 | ---- | C] () -- C:\Users\Sebastian\P90X 03 - Shoulders & Arms.mp4

[2012/07/22 13:45:47 | 248,628,523 | ---- | C] () -- C:\Users\Sebastian\P90X 02 - Plyometrics.mp4

[2012/07/22 13:45:44 | 285,558,879 | ---- | C] () -- C:\Users\Sebastian\P90X 01 - Chest & Back.mp4

[2012/07/17 20:41:46 | 484,393,492 | ---- | C] () -- C:\Users\Sebastian\P90X Beachbody - Hip Hop Abs.avi

[2012/07/15 22:13:57 | 011,474,436 | ---- | C] () -- C:\Users\Sebastian\P90x Diet Guide - Beachbody.pdf

[2012/07/15 22:13:49 | 2634,411,960 | ---- | C] () -- C:\Users\Sebastian\p90x_all_videos_hi_quality.zip

[2012/03/05 22:18:47 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat

[2012/02/24 18:12:09 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2012/02/24 18:12:09 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2012/02/24 17:57:39 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2012/02/24 17:55:59 | 000,386,451 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat

[2012/02/24 17:55:59 | 000,051,902 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat

[2012/02/24 17:55:59 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll

[2012/02/24 17:55:58 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe

[2012/02/24 17:55:58 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe

[2012/02/24 17:55:56 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll

[2012/02/24 17:55:55 | 000,030,299 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini

[2012/02/24 17:55:55 | 000,000,287 | ---- | C] () -- C:\Windows\SysWow64\kill.ini

[2012/02/24 17:55:55 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini

[2012/02/24 16:56:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011/04/19 20:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

[2011/02/10 08:10:51 | 000,795,928 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/06 05:44:15 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Ad-Aware Antivirus

[2013/01/05 09:51:36 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Dropbox

[2012/03/03 21:44:02 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Fingertapps

[2013/01/04 00:48:39 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\PC Cleaners

[2013/01/04 00:53:37 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\PCPro

[2013/01/05 09:52:09 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\PPStream

[2013/01/06 05:44:10 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\SoftGrid Client

[2013/01/06 10:54:33 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Spotify

[2013/01/03 23:22:15 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\TestApp

[2013/01/05 11:12:49 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\TP

[2012/09/10 18:21:09 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Ufasoft

[2012/07/30 19:23:43 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\youku

========== Purity Check ==========

========== Files - Unicode (All) ==========

[2012/07/23 09:20:48 | 005,295,666 | ---- | M] ()(C:\Users\Sebastian\??? - ???.mp3) -- C:\Users\Sebastian\韋禮安 - 因為愛.mp3

[2012/07/22 13:13:51 | 005,295,666 | ---- | C] ()(C:\Users\Sebastian\??? - ???.mp3) -- C:\Users\Sebastian\韋禮安 - 因為愛.mp3

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:DFC5A2B2

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 1/6/2013 2:32:00 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\rootkitremover

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.98 Gb Total Physical Memory | 13.58 Gb Available Physical Memory | 84.94% Memory free

31.96 Gb Paging File | 28.69 Gb Available in Paging File | 89.76% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 918.22 Gb Total Space | 738.85 Gb Free Space | 80.47% Space Free | Partition Type: NTFS

Computer Name: SEBASTIAN-PC | User Name: Sebastian | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"TCP Query User{4C1D65AD-A6D1-4E1B-97CA-63EB623EFD50}C:\program files (x86)\ppstream\ppsap.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ppstream\ppsap.exe |

"TCP Query User{973ACBB0-BF10-476A-A159-684545D7AB86}C:\users\sebastian\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\sebastian\appdata\roaming\spotify\spotify.exe |

"TCP Query User{AAA3B3BA-9ECB-41B8-B70F-A75E66E4D70E}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |

"TCP Query User{E917EA6B-FF98-4EE1-944B-31CD2C4ABC2B}C:\users\sebastian\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\sebastian\appdata\roaming\spotify\spotify.exe |

"UDP Query User{00B705DC-BB19-4410-AAA6-FD2897103A84}C:\program files (x86)\ppstream\ppsap.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ppstream\ppsap.exe |

"UDP Query User{63ABA74B-4D05-439C-A275-0F5A97338A40}C:\users\sebastian\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\sebastian\appdata\roaming\spotify\spotify.exe |

"UDP Query User{64799906-BEB7-4937-9E01-865D636EE6A8}C:\users\sebastian\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\sebastian\appdata\roaming\spotify\spotify.exe |

"UDP Query User{688FD59F-3009-4069-8ABE-33879AB81433}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)

"{2F2FB795-02E4-C0B7-4C7E-33F5DBBBC299}" = ccc-utility64

"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{72E244E5-ABBF-4905-B29C-4A8BA9190A9C}" = ATI AVIVO64 Codecs

"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst

"{AEB46DCE-9391-4A16-B3DC-1E3520FCD444}" = Caretaker Antispam 1.9.10 (64-bit)

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{E73155E5-E75F-D09E-30C0-C18E3C3A1FA3}" = ATI Catalyst Install Manager

"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Dell Support Center" = Dell Support Center

"DW WLAN Card" = DW WLAN Card

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0C39C9B6-2DD9-A78C-DB11-D542912480BE}" = CCC Help Spanish

"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{16D3E1ED-6F49-CE9E-93C5-0303D0D16196}" = CCC Help Dutch

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{23F80A0D-95AA-5001-B4C6-A42E4B3D6615}" = CCC Help Greek

"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10

"{25B30DCB-97E2-7A3A-F159-D970B73B71A5}" = CCC Help Italian

"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10

"{26D7162F-9D1B-CA6D-15C3-1114F551F9A6}" = CCC Help Polish

"{2819e172-81d5-4113-88bd-4605b02344e0}" = Ad-Aware Antivirus

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2BD9E081-9383-1E4B-D33F-6A6D6DCADBCF}" = CCC Help Hungarian

"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{33E2517D-E262-EA4A-842C-0BE9B1263AC8}" = CCC Help French

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{36ADF0B5-55B8-C2F6-387D-3A6715055B51}" = CCC Help Korean

"{37D4213E-49E9-DCCF-5C64-7E090A456C9A}" = CCC Help Czech

"{382F1842-0E6C-4782-B920-D96ED5165F03}" = Catalyst Control Center - Branding

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{400182B4-CA55-46A9-9D88-F8413DCFB36D}" = Blio

"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP

"{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader

"{44743861-8050-E256-42DE-57DD79BE88FC}" = CCC Help Thai

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)

"{55586382-6704-4237-AAA7-85FF9C055022}" = Dell KM632 Wireless Keyboard Caps Lock Indicator

"{5778D89F-205C-6575-1EB8-A9C6BA6C4143}" = CCC Help Swedish

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack

"{63CC9CC0-B26B-4FDC-B393-C0C7ECEB61CC}" = Altair HyperWorks 10.0win64

"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support

"{654AC5F1-A109-6CA6-090E-D848AF7749C4}" = CCC Help Japanese

"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update

"{65DB503C-C379-2F23-C24D-232586D0E479}" = CCC Help Chinese Standard

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6B94DEB7-98DB-1C8D-85D5-A315A2407C3E}" = CCC Help Portuguese

"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10

"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter

"{6F73FF67-09CE-F7B6-551D-5A4EA4CAA4CB}" = CCC Help German

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7D10390B-B895-8DCA-F140-C951B3110731}" = Catalyst Control Center InstallProxy

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online

"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{81E4A484-448D-4F69-9E48-CD9419D36C72}" = CCC Help Finnish

"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{855945E0-69F8-EE59-257E-271AD70EBB18}" = CCC Help Turkish

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B0682D6-D608-2430-F3A8-492C91F4F892}" = Catalyst Control Center Localization All

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English

"{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{938D5F72-6759-4C4A-0CF6-203C4C377717}" = CCC Help Chinese Traditional

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module

"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5

"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC1FDED4-5F1F-49C8-A188-9B21E625BF4F}" = HyperWorks

"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI

"{ACCDD881-A880-58EF-D6C8-1B962297C7FA}" = CCC Help Russian

"{AD4E8E65-65D4-4936-9A8D-54BD3127EA83}" = Altair Licensing 10.0win64

"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime

"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C70F962E-EABC-8FB5-16FD-89B01378214A}" = CCC Help Danish

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP

"{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}" = Dell Digital Delivery

"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E27CA8FE-3A09-E040-711C-397A97D85DA3}" = CCC Help English

"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage

"{E54120CB-FA9C-7037-71C9-342761EBC5FF}" = CCC Help Norwegian

"{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}" = Cozi

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter

"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement

"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{F9EE9A09-99B7-B29E-53C3-BBAD0ECB8A78}" = Catalyst Control Center

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE182796-F6BA-486A-8590-89B7E8D1D60F}" = Dell Stage

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"AudioCS" = Creative Audio Control Panel

"avast" = avast! Free Antivirus

"Creative Software AutoUpdate" = Creative Software AutoUpdate

"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition

"eMule" = eMule

"GetFLV_is1" = GetFLV 9.1.2.0

"InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader

"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5

"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

"MSC" = McAfee SecurityCenter

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"PC Cleaners" = PC Cleaners

"PPStream" = PPStream V2.7.0.1499 Final

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.11 (32-bit)

"Yahoo! Messenger" = Yahoo! Messenger

"ZinioReader4" = Zinio Reader 4

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-591801800-512401281-386040104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"Google Chrome" = Google Chrome

"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 12/5/2012 3:14:52 AM | Computer Name = Sebastian-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 2013

Error - 12/5/2012 3:14:53 AM | Computer Name = Sebastian-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/5/2012 3:14:53 AM | Computer Name = Sebastian-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 3011

Error - 12/5/2012 3:14:53 AM | Computer Name = Sebastian-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 3011

Error - 12/5/2012 3:14:54 AM | Computer Name = Sebastian-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/5/2012 3:14:54 AM | Computer Name = Sebastian-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 4009

Error - 12/5/2012 3:14:54 AM | Computer Name = Sebastian-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 4009

Error - 12/5/2012 3:14:55 AM | Computer Name = Sebastian-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/5/2012 3:14:55 AM | Computer Name = Sebastian-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 5008

Error - 12/5/2012 3:14:55 AM | Computer Name = Sebastian-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 5008

Error - 12/5/2012 3:14:56 AM | Computer Name = Sebastian-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

[ Media Center Events ]

Error - 12/15/2012 1:04:22 AM | Computer Name = Sebastian-PC | Source = MCUpdate | ID = 0

Description = 9:04:21 PM - Failed to retrieve Broadband.enc (Error: BITS 0x80070424)

Error - 12/15/2012 1:34:01 PM | Computer Name = Sebastian-PC | Source = MCUpdate | ID = 0

Description = 9:34:01 AM - Failed to retrieve dSM-2.cab (Error: BITS 0x80070424)

9:34:01

AM - Failed to retrieve Logos-2.cab (Error: BITS 0x80070424) 9:34:01 AM - Failed

to retrieve SMTiles-2.cab (Error: BITS 0x80070424) 9:34:01 AM - Failed to retrieve

UpdateableMarkup-2.cab (Error: BITS 0x80070424)

Error - 12/15/2012 1:34:03 PM | Computer Name = Sebastian-PC | Source = MCUpdate | ID = 0

Description = 9:34:03 AM - Failed to retrieve SportsSchedule.enc (Error: BITS 0x80070424)

Error - 12/15/2012 1:34:30 PM | Computer Name = Sebastian-PC | Source = MCUpdate | ID = 0

Description = 9:34:27 AM - Failed to retrieve Broadband.enc (Error: BITS 0x80070424)

Error - 12/16/2012 1:00:49 AM | Computer Name = Sebastian-PC | Source = MCUpdate | ID = 0

Description = 9:00:49 PM - Failed to retrieve dSM-2.cab (Error: BITS 0x80070424)

9:00:49

PM - Failed to retrieve Logos-2.cab (Error: BITS 0x80070424) 9:00:49 PM - Failed

to retrieve SMTiles-2.cab (Error: BITS 0x80070424) 9:00:49 PM - Failed to retrieve

UpdateableMarkup-2.cab (Error: BITS 0x80070424)

Error - 12/16/2012 1:00:50 AM | Computer Name = Sebastian-PC | Source = MCUpdate | ID = 0

Description = 9:00:50 PM - Failed to retrieve SportsSchedule.enc (Error: BITS 0x80070424)

Error - 12/16/2012 1:00:51 AM | Computer Name = Sebastian-PC | Source = MCUpdate | ID = 0

Description = 9:00:50 PM - Failed to retrieve Broadband.enc (Error: BITS 0x80070424)

Error - 12/16/2012 10:42:02 PM | Computer Name = Sebastian-PC | Source = MCUpdate | ID = 0

Description = 6:42:02 PM - Failed to retrieve dSM-2.cab (Error: BITS 0x80070424)

6:42:02

PM - Failed to retrieve Logos-2.cab (Error: BITS 0x80070424) 6:42:02 PM - Failed

to retrieve SMTiles-2.cab (Error: BITS 0x80070424) 6:42:02 PM - Failed to retrieve

UpdateableMarkup-2.cab (Error: BITS 0x80070424)

Error - 12/16/2012 10:42:03 PM | Computer Name = Sebastian-PC | Source = MCUpdate | ID = 0

Description = 6:42:03 PM - Failed to retrieve SportsSchedule.enc (Error: BITS 0x80070424)

Error - 12/16/2012 10:42:06 PM | Computer Name = Sebastian-PC | Source = MCUpdate | ID = 0

Description = 6:42:03 PM - Failed to retrieve Broadband.enc (Error: BITS 0x80070424)

[ System Events ]

Error - 1/5/2013 1:52:20 PM | Computer Name = Sebastian-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the Browser service.

Error - 1/5/2013 1:53:22 PM | Computer Name = Sebastian-PC | Source = Service Control Manager | ID = 7034

Description = The Dell Digital Delivery Service service terminated unexpectedly.

It has done this 1 time(s).

Error - 1/5/2013 1:54:21 PM | Computer Name = Sebastian-PC | Source = DCOM | ID = 10010

Description =

Error - 1/5/2013 1:58:24 PM | Computer Name = Sebastian-PC | Source = Service Control Manager | ID = 7034

Description = The Altair UMT service terminated unexpectedly. It has done this

1 time(s).

Error - 1/5/2013 2:00:22 PM | Computer Name = Sebastian-PC | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 1/5/2013 2:02:32 PM | Computer Name = Sebastian-PC | Source = Application Popup | ID = 1060

Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility

with this system. Please contact your software vendor for a compatible version

of the driver.

Error - 1/5/2013 2:03:28 PM | Computer Name = Sebastian-PC | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 1/5/2013 2:09:37 PM | Computer Name = Sebastian-PC | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 1/5/2013 2:11:16 PM | Computer Name = Sebastian-PC | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 1/5/2013 10:58:53 PM | Computer Name = Sebastian-PC | Source = DCOM | ID = 10010

Description =

< End of report >

Link to post
Share on other sites

What security applications are actually running, I can see McAfee, Avast and Lavasoft Adaware AV....???

Run this please:

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.56

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Windows Firewall Disabled!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Ad-Aware

Spybot - Search & Destroy

Malwarebytes Anti-Malware version 1.70.0.1100

PC Cleaners

JavaFX 2.1.1

Java 7 Update 10

Java version out of Date!

Adobe Reader 10.1.3 Adobe Reader out of Date!

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

Google Chrome 22.0.1229.92

Google Chrome 22.0.1229.94

Google Chrome 23.0.1271.64

Google Chrome 23.0.1271.91

Google Chrome 23.0.1271.95

Google Chrome 23.0.1271.97

````````Process Check: objlist.exe by Laurent````````

Ad-Aware AAWService.exe is disabled!

Ad-Aware AAWTray.exe is disabled!

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Ad-Aware Antivirus AdAwareService.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.