fishtaco254 Posted January 17, 2013 Author ID:635354 Share Posted January 17, 2013 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 4.4.3 (01.15.2013:1)OS: Windows 7 Home Premium x64Ran by Swag on Wed 01/16/2013 at 18:30:44.72Blog: http://thisisudax.blogspot.com~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry Values~~~ Registry Keys~~~ Files~~~ Folders~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Wed 01/16/2013 at 18:39:07.07End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
TheDarkKnight Posted January 17, 2013 ID:635442 Share Posted January 17, 2013 Howdy fishtaco254. Please download Malwarebytes Anti-Rootkit here.Unzip the contents to a folder on the Desktop.Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7).Follow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Please post the two logs produced.Please note: This tool is still in BETA mode, so please ensure you have backed up any important files. Link to post Share on other sites More sharing options...
fishtaco254 Posted January 18, 2013 Author ID:636252 Share Posted January 18, 2013 Malwarebytes Anti-Rootkit BETA 1.01.0.1016www.malwarebytes.orgDatabase version: v2013.01.09.01Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Swag :: SWAG-PC [administrator]1/18/2013 5:40:54 PMmbar-log-2013-01-18 (17-40-54).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2PScan options disabled: Objects scanned: 28042Time elapsed: 3 minute(s), 57 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)---------------------------------------Malwarebytes Anti-Rootkit BETA 1.01.0.1016© Malwarebytes Corporation 2011-2012OS version: 6.1.7601 Windows 7 Service Pack 1 x64Account is AdministrativeInternet Explorer version: 9.0.8112.16421File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 1.696000 GHzAMemory total: 3572072448, free: 1447620608------------ Kernel report ------------CA 01/18/2013 17:36:42------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\drivers\iaStor.sys\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\system32\drivers\mfehidk.sys\SystemRoot\System32\Drivers\PxHlpa64.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\mfewfpk.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\drivers\disk.sys\SystemRoot\system32\drivers\CLASSPNP.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\drivers\ws2ifsl.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\wmiacpi.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\NETwNs64.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\cykbfltr.sys\SystemRoot\system32\DRIVERS\ikbevent.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\cymfltr.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\irstrtdv.sys\SystemRoot\system32\DRIVERS\ISCTD64.sys\SystemRoot\system32\DRIVERS\AMPPAL.sys\SystemRoot\system32\DRIVERS\CompositeBus.sys\SystemRoot\system32\DRIVERS\cyhid.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\DRIVERS\iwdbus.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\RTKVHD64.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\drivers\HdAudio.sys\SystemRoot\system32\drivers\mfeavfk.sys\SystemRoot\system32\drivers\mfefirek.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\DRIVERS\iBtFltCoex.sys\SystemRoot\system32\DRIVERS\btmhsf.sys\SystemRoot\System32\Drivers\BTHUSB.sys\SystemRoot\System32\Drivers\bthport.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\CtClsFlt.sys\SystemRoot\system32\DRIVERS\rfcomm.sys\SystemRoot\system32\drivers\BthEnum.sys\SystemRoot\system32\DRIVERS\bthpan.sys\SystemRoot\system32\DRIVERS\btmaux.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\??\C:\Windows\system32\drivers\mbam.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\acpials.sys\SystemRoot\system32\DRIVERS\WUDFRd.sys\SystemRoot\system32\drivers\cfwids.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\system32\drivers\mfeapfk.sys\SystemRoot\system32\DRIVERS\FLxHCIc.sys\SystemRoot\system32\DRIVERS\FLxHCIh.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\Wldap32.dll\Windows\System32\setupapi.dll\Windows\System32\user32.dll\Windows\System32\urlmon.dll\Windows\System32\kernel32.dll\Windows\System32\rpcrt4.dll\Windows\System32\advapi32.dll\Windows\System32\msctf.dll\Windows\System32\ole32.dll\Windows\System32\oleaut32.dll\Windows\System32\psapi.dll\Windows\System32\wininet.dll\Windows\System32\normaliz.dll\Windows\System32\shlwapi.dll\Windows\System32\ws2_32.dll\Windows\System32\usp10.dll\Windows\System32\msvcrt.dll\Windows\System32\comdlg32.dll\Windows\System32\lpk.dll\Windows\System32\clbcatq.dll\Windows\System32\nsi.dll\Windows\System32\shell32.dll\Windows\System32\imm32.dll\Windows\System32\imagehlp.dll\Windows\System32\difxapi.dll\Windows\System32\sechost.dll\Windows\System32\iertutil.dll\Windows\System32\gdi32.dll\Windows\System32\cfgmgr32.dll\Windows\System32\comctl32.dll\Windows\System32\devobj.dll\Windows\System32\KernelBase.dll\Windows\System32\crypt32.dll\Windows\System32\wintrust.dll\Windows\System32\msasn1.dll\Windows\SysWOW64\normaliz.dll----------- End -----------<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa800615a060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-0\Lower Device Object: 0xfffffa8004f1c050Lower Device Driver Name: \Driver\iaStor\Driver name found: iaStorInitialization returned 0x0Load Function returned 0x0Initializing...Done!<<<2>>>Device number: 0, partition: 3Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa800615a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa80061579a0, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa800615a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8004f1c050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\------------ End ----------Upper DeviceData: 0xfffff8a00b579680, 0xfffffa800615a060, 0xfffffa8006bfd090Lower DeviceData: 0xfffff8a00b4ac990, 0xfffffa8004f1c050, 0xfffffa8006bf8460<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning directory: C:\Windows\system32\drivers...Done!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 25B19847Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 80262 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 81920 Numsec = 38268928 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 38350848 Numsec = 444975104 Partition 3 type is Other (0x84) Partition is NOT ACTIVE. Partition starts at LBA: 483325952 Numsec = 16789504Disk Size: 256060514304 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-62-500098192-500118192)...Done!Performing system, memory and registry scan...Done!Scan finished======================================= Link to post Share on other sites More sharing options...
TheDarkKnight Posted January 21, 2013 ID:637217 Share Posted January 21, 2013 fishtaco254,My apologies for the delay as I was without internet for two days.Logs are all coming back clean.Please post a fresh log from OTL. Link to post Share on other sites More sharing options...
fishtaco254 Posted January 24, 2013 Author ID:638549 Share Posted January 24, 2013 Still have the ad sliding out occasionallyOTL logfile created on: 1/23/2013 8:40:08 PM - Run 2OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Swag\Downloads64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy3.33 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 32.19% Memory free6.65 Gb Paging File | 3.14 Gb Available in Paging File | 47.19% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 212.18 Gb Total Space | 72.80 Gb Free Space | 34.31% Space Free | Partition Type: NTFSComputer Name: SWAG-PC | User Name: Swag | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current user | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2013/01/11 05:24:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Swag\Downloads\OTL.exePRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exePRC - [2012/12/11 18:37:26 | 000,079,384 | ---- | M] (Google) -- C:\Users\Swag\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exePRC - [2012/10/28 13:52:22 | 007,880,664 | ---- | M] (Spotify Ltd) -- C:\Users\Swag\AppData\Roaming\Spotify\spotify.exePRC - [2012/10/28 13:52:22 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Swag\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exePRC - [2012/10/09 09:22:48 | 000,173,568 | ---- | M] (Dell Products, LP.) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exePRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2011/10/18 11:50:10 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exePRC - [2011/10/18 11:50:04 | 001,354,064 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exePRC - [2011/10/18 11:49:52 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exePRC - [2011/10/18 11:49:48 | 000,846,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exePRC - [2011/09/28 16:18:02 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exePRC - [2011/09/22 10:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exePRC - [2011/09/22 10:11:26 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exePRC - [2011/09/22 10:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exePRC - [2011/09/21 10:30:12 | 004,109,312 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exePRC - [2011/08/19 11:34:32 | 002,013,168 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exePRC - [2011/08/19 11:34:32 | 000,096,240 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exePRC - [2011/08/19 11:34:28 | 002,451,440 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exePRC - [2011/08/08 18:26:12 | 000,475,200 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exePRC - [2011/08/08 18:26:00 | 000,891,456 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\DMR.exePRC - [2011/07/06 19:24:24 | 000,184,320 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exePRC - [2011/05/04 12:40:18 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exePRC - [2011/05/04 12:40:14 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exePRC - [2011/04/13 10:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exePRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exePRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe========== Modules (No Company Name) ==========MOD - [2013/01/09 20:00:14 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\07ea9ea39e1fddc8e4fe8850c849309e\System.WorkflowServices.ni.dllMOD - [2013/01/09 20:00:00 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1e04a5319c58010e945220af2751d34e\System.ServiceModel.Web.ni.dllMOD - [2013/01/09 19:59:56 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\25cfdeaf091f16f3f3a7123a91a179ab\System.Xml.Linq.ni.dllMOD - [2013/01/09 19:59:10 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dllMOD - [2013/01/09 19:06:45 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3e79256ce40faa9682f9e3511ca115ea\System.ServiceModel.ni.dllMOD - [2013/01/09 19:06:31 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dllMOD - [2013/01/09 19:06:29 | 001,084,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\219c68f83fa608b496b163fd6782e696\System.IdentityModel.ni.dllMOD - [2013/01/09 19:06:27 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dllMOD - [2013/01/09 19:01:55 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dllMOD - [2013/01/09 19:01:47 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dllMOD - [2013/01/09 19:01:33 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a013e3b347de5b1b608daebdff0d46c0\PresentationFramework.ni.dllMOD - [2013/01/09 19:01:19 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dllMOD - [2013/01/09 19:01:13 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dllMOD - [2013/01/09 19:01:11 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dllMOD - [2013/01/09 19:01:02 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dllMOD - [2013/01/09 19:00:57 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dllMOD - [2013/01/09 19:00:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dllMOD - [2013/01/09 19:00:52 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dllMOD - [2013/01/09 19:00:47 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dllMOD - [2013/01/07 18:06:22 | 000,460,392 | ---- | M] () -- C:\Users\Swag\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppgooglenaclpluginchrome.dllMOD - [2013/01/07 18:06:21 | 012,459,624 | ---- | M] () -- C:\Users\Swag\AppData\Local\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dllMOD - [2013/01/07 18:06:19 | 004,012,648 | ---- | M] () -- C:\Users\Swag\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dllMOD - [2013/01/07 18:05:29 | 000,598,120 | ---- | M] () -- C:\Users\Swag\AppData\Local\Google\Chrome\Application\24.0.1312.52\libglesv2.dllMOD - [2013/01/07 18:05:28 | 000,124,520 | ---- | M] () -- C:\Users\Swag\AppData\Local\Google\Chrome\Application\24.0.1312.52\libegl.dllMOD - [2013/01/07 18:05:25 | 001,553,000 | ---- | M] () -- C:\Users\Swag\AppData\Local\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dllMOD - [2012/10/28 13:52:22 | 020,220,376 | ---- | M] () -- C:\Users\Swag\AppData\Roaming\Spotify\Data\libcef.dllMOD - [2011/09/22 10:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exeMOD - [2011/08/19 11:34:44 | 000,089,584 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dllMOD - [2011/08/19 11:34:32 | 000,059,888 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dllMOD - [2011/08/19 11:34:22 | 000,251,888 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dllMOD - [2011/08/08 18:26:12 | 000,475,200 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exeMOD - [2011/08/08 18:26:00 | 000,891,456 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\DMR.exeMOD - [2011/07/17 10:35:36 | 000,058,944 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\DataService.dllMOD - [2011/07/06 16:53:52 | 000,068,160 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\DMRUI.dllMOD - [2011/06/24 23:20:26 | 000,565,968 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dllMOD - [2010/03/22 15:52:42 | 006,776,832 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dllMOD - [2010/03/16 20:28:28 | 000,326,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dllMOD - [2010/03/16 20:28:16 | 000,635,904 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dllMOD - [2010/03/16 20:28:04 | 001,926,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dllMOD - [2010/03/11 19:52:34 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dllMOD - [2010/03/11 19:52:34 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dllMOD - [2010/03/05 15:07:58 | 000,125,952 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dllMOD - [2010/03/05 15:07:58 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dllMOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exeMOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dllMOD - [2007/04/19 08:28:58 | 000,436,992 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\fpxlib.dllMOD - [2007/04/13 09:39:14 | 000,252,672 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\kgl.dll========== Services (SafeList) ==========SRV:64bit: - [2012/11/16 21:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)SRV:64bit: - [2012/11/09 06:37:30 | 000,177,680 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)SRV:64bit: - [2012/11/09 06:34:50 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)SRV:64bit: - [2012/11/09 06:33:08 | 000,241,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)SRV:64bit: - [2012/05/09 16:09:46 | 000,200,808 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)SRV:64bit: - [2011/11/10 12:15:06 | 000,121,856 | ---- | M] () [Auto | Running] -- c:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)SRV:64bit: - [2011/09/15 18:41:28 | 001,518,352 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)SRV:64bit: - [2011/09/15 18:28:06 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)SRV:64bit: - [2011/09/15 18:24:52 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)SRV:64bit: - [2011/09/15 09:54:46 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)SRV:64bit: - [2011/06/03 12:51:38 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)SRV:64bit: - [2011/03/08 17:00:50 | 000,224,704 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk)SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV:64bit: - [2009/11/17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2013/01/08 18:27:58 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2013/01/08 15:19:46 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2012/10/09 09:22:48 | 000,173,568 | ---- | M] (Dell Products, LP.) [Auto | Running] -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2011/10/18 11:50:10 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)SRV - [2011/10/18 11:50:04 | 001,354,064 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)SRV - [2011/10/18 11:49:52 | 000,936,272 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)SRV - [2011/09/28 16:18:02 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)SRV - [2011/09/22 10:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)SRV - [2011/08/19 11:34:28 | 002,451,440 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)SRV - [2011/07/06 19:24:24 | 000,184,320 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv)SRV - [2011/05/04 12:40:18 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)SRV - [2011/05/04 12:40:14 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)SRV - [2010/08/25 20:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)========== Driver Services (SafeList) ==========DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)DRV:64bit: - [2012/11/09 06:40:24 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)DRV:64bit: - [2012/11/09 06:37:42 | 000,339,776 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)DRV:64bit: - [2012/11/09 06:36:30 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)DRV:64bit: - [2012/11/09 06:35:50 | 000,771,096 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)DRV:64bit: - [2012/11/09 06:34:58 | 000,515,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)DRV:64bit: - [2012/11/09 06:34:18 | 000,309,400 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)DRV:64bit: - [2012/11/09 06:33:58 | 000,178,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)DRV:64bit: - [2012/11/02 15:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)DRV:64bit: - [2012/11/02 15:38:36 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)DRV:64bit: - [2012/09/28 21:52:10 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)DRV:64bit: - [2012/09/19 09:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)DRV:64bit: - [2012/09/19 09:02:06 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)DRV:64bit: - [2012/04/20 15:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2012/02/24 05:18:11 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2012/02/24 05:18:11 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/12/08 16:40:38 | 000,079,872 | ---- | M] (Cypress Semiconductor, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cymfltr.sys -- (cymfltrService)DRV:64bit: - [2011/12/08 16:40:36 | 000,117,248 | ---- | M] (Cypress Semiconductor, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cyhid.sys -- (cyhid)DRV:64bit: - [2011/11/10 12:07:08 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)DRV:64bit: - [2011/11/10 12:07:06 | 000,025,024 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent)DRV:64bit: - [2011/10/18 22:35:58 | 000,013,824 | ---- | M] (Cypress Semiconductor, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cykbfltr.sys -- (cykbfltrService)DRV:64bit: - [2011/10/11 13:08:00 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)DRV:64bit: - [2011/10/10 16:43:16 | 000,288,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)DRV:64bit: - [2011/10/04 14:04:30 | 000,215,296 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc)DRV:64bit: - [2011/10/04 14:04:30 | 000,070,912 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh)DRV:64bit: - [2011/09/18 05:26:52 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)DRV:64bit: - [2011/09/15 09:48:24 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)DRV:64bit: - [2011/09/15 09:48:24 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)DRV:64bit: - [2011/09/08 16:20:56 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)DRV:64bit: - [2011/09/08 16:20:56 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)DRV:64bit: - [2011/08/29 16:32:18 | 000,053,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)DRV:64bit: - [2011/07/19 17:39:56 | 012,287,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)DRV:64bit: - [2011/06/16 08:50:08 | 000,026,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irstrtdv.sys -- (irstrtdv)DRV:64bit: - [2011/05/20 12:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)DRV:64bit: - [2011/01/20 11:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)DRV:64bit: - [2010/10/15 04:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)DRV:64bit: - [2010/02/26 18:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)DRV:64bit: - [2009/10/02 16:29:24 | 000,056,320 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ax88178.sys -- (AX88178)DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/07/13 18:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2008/09/24 20:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBoxIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBoxIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ieIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ieIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieIE - HKCU\..\SearchScopes,DefaultScope = {25946E0D-9F7A-4887-ADEA-F4953ECCBC44}IE - HKCU\..\SearchScopes\{25946E0D-9F7A-4887-ADEA-F4953ECCBC44}: "URL" = http://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=011313&q={searchTerms}&src=IE-SearchBoxIE - HKCU\..\SearchScopes\{2834E9C8-4F62-47D8-9F94-518C8E661BEE}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcSearchScopesIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Swag\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Swag\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Swag\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Swag\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Swag\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fassoxpcom@sensiblevision.com: C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso\ [2012/02/24 03:48:46 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/12/11 17:20:54 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013/01/18 17:38:43 | 000,000,000 | ---D | M]========== Chrome ==========CHR - homepage: http://g.msn.com/USCON/1CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},CHR - homepage: http://g.msn.com/USCON/1CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Users\Swag\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Swag\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Users\Swag\AppData\Local\Google\Chrome\Application\24.0.1312.52\gcswf32.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dllCHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dllCHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dllCHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dllCHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: Google Update (Enabled) = C:\Users\Swag\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dllCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dllCHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dllCHR - plugin: Default Plug-in (Enabled) = default_pluginCHR - Extension: YouTube = C:\Users\Swag\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\CHR - Extension: Adblock Plus = C:\Users\Swag\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\CHR - Extension: Google Search = C:\Users\Swag\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\CHR - Extension: Google Calendar = C:\Users\Swag\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\CHR - Extension: Google +1 Button = C:\Users\Swag\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp\1.1.2.424_0\CHR - Extension: Man of Steel = C:\Users\Swag\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfmphhfikndpfbllhdojajhgpmlnlef\1_0\CHR - Extension: Hover Zoom = C:\Users\Swag\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.9_0\CHR - Extension: Gmail = C:\Users\Swag\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\O1 HOSTS File: ([2013/01/10 16:01:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120630100026.dll (McAfee, Inc.)O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)O2:64bit: - BHO: (Face recognition web login for FastAccess) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision )O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120630100026.dll (McAfee, Inc.)O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O2 - BHO: (Face recognition web login for FastAccess) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)O4:64bit: - HKLM..\Run: [CyCpIo] C:\Program Files\Cypress\TrackPad\CyCpIo.exe (Cypress Semiconductor Corporation)O4:64bit: - HKLM..\Run: [CyHidWin] C:\Program Files\Cypress\TrackPad\CyHidWin.exe (Cypress Semiconductor, Inc.)O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)O4:64bit: - HKLM..\Run: [intelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)O4:64bit: - HKLM..\Run: [intelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)O4:64bit: - HKLM..\Run: [stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)O4 - HKLM..\Run: [FAStartup] File not foundO4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)O4 - HKCU..\Run: [Facebook Update] C:\Users\Swag\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)O4 - HKCU..\Run: [googletalk] C:\Users\Swag\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()O4 - HKCU..\Run: [spotify Web Helper] C:\Users\Swag\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not foundO8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O13 - gopher Prefix: missingO15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EAB716A-8BA9-43B9-BC10-7BAC604D05D6}: DhcpNameServer = 18.0.0.1 18.0.0.3O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBCA90FC-C7F9-403B-91C0-DD33AB07FD41}: DhcpNameServer = 192.168.0.1O18:64bit: - Protocol\Handler\cozi - No CLSID value foundO18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll (Sensible Vision )O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)========== Files/Folders - Created Within 30 Days ==========[2013/01/23 20:38:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee[2013/01/21 12:33:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center[2013/01/21 12:33:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center[2013/01/20 12:53:43 | 000,000,000 | ---D | C] -- C:\Users\Swag\We.Are.Legion.2012.DVDRip.x264-NOGRP[2013/01/20 10:24:33 | 000,000,000 | ---D | C] -- C:\Users\Swag\Act of Valor (2012) [1080p][2013/01/19 19:47:03 | 000,000,000 | ---D | C] -- C:\Users\Swag\That's My Boy (2012) 720p BRRip x264 AAC-Anarchy[2013/01/18 17:35:40 | 000,000,000 | ---D | C] -- C:\Users\Swag\Desktop\mbar[2013/01/16 18:30:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT[2013/01/16 18:30:27 | 000,000,000 | ---D | C] -- C:\JRT[2013/01/14 18:45:31 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro[2013/01/13 20:04:26 | 001,706,640 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll[2013/01/13 06:00:45 | 002,674,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll[2013/01/13 06:00:45 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll[2013/01/13 06:00:45 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl[2013/01/13 06:00:45 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll[2013/01/13 06:00:45 | 000,376,936 | ---- | C] (Realtek Semiconductor) -- C:\Windows\SysNative\RtkGuiCompLib.dll[2013/01/13 06:00:45 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll[2013/01/13 06:00:45 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll[2013/01/13 06:00:45 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll[2013/01/13 06:00:45 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll[2013/01/13 06:00:45 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll[2013/01/13 06:00:45 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll[2013/01/13 06:00:44 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll[2013/01/13 06:00:44 | 005,096,448 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCORES64.dat[2013/01/13 06:00:44 | 003,615,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll[2013/01/13 06:00:44 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll[2013/01/13 06:00:44 | 001,345,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll[2013/01/13 06:00:44 | 001,262,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll[2013/01/13 06:00:44 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll[2013/01/13 06:00:44 | 000,897,152 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBAPO64.dll[2013/01/13 06:00:44 | 000,869,520 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll[2013/01/13 06:00:44 | 000,753,280 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBAPO32.dll[2013/01/13 06:00:44 | 000,626,304 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBTHX64.dll[2013/01/13 06:00:44 | 000,576,856 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO4064.dll[2013/01/13 06:00:44 | 000,561,792 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBTHX32.dll[2013/01/13 06:00:44 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll[2013/01/13 06:00:44 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll[2013/01/13 06:00:44 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll[2013/01/13 06:00:44 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll[2013/01/13 06:00:44 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll[2013/01/13 06:00:44 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll[2013/01/13 06:00:44 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll[2013/01/13 06:00:44 | 000,105,616 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll[2013/01/13 06:00:44 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll[2013/01/13 06:00:44 | 000,083,072 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBWrp64.dll[2013/01/13 06:00:44 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll[2013/01/13 06:00:44 | 000,065,112 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBppld64.dll[2013/01/13 06:00:44 | 000,060,504 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBPPCn64.dll[2013/01/13 06:00:43 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll[2013/01/13 06:00:43 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll[2013/01/13 06:00:43 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll[2013/01/13 06:00:43 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll[2013/01/13 06:00:43 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll[2013/01/13 06:00:43 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll[2013/01/13 06:00:43 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll[2013/01/13 06:00:43 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll[2013/01/13 06:00:43 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll[2013/01/13 06:00:43 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll[2013/01/13 06:00:43 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll[2013/01/13 06:00:43 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll[2013/01/13 06:00:43 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll[2013/01/13 06:00:43 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll[2013/01/13 06:00:43 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll[2013/01/12 21:18:56 | 000,000,000 | ---D | C] -- C:\Users\Swag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell[2013/01/12 18:59:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype[2013/01/12 18:59:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype[2013/01/11 17:38:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET[2013/01/11 16:54:11 | 000,000,000 | ---D | C] -- C:\Users\Swag\Desktop\RK_Quarantine[2013/01/11 16:50:10 | 000,000,000 | ---D | C] -- C:\_OTL[2013/01/10 18:55:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2013/01/10 16:03:36 | 000,000,000 | ---D | C] -- C:\Windows\temp[2013/01/10 15:56:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2013/01/10 15:56:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2013/01/10 15:56:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2013/01/10 15:56:40 | 000,000,000 | ---D | C] -- C:\Qoobox[2013/01/10 15:56:32 | 000,000,000 | ---D | C] -- C:\Windows\erdnt[2013/01/09 21:29:19 | 000,000,000 | ---D | C] -- C:\Users\Swag\AppData\Roaming\Malwarebytes[2013/01/09 21:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2013/01/09 21:29:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2013/01/09 21:29:03 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[2013/01/09 21:29:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware[2013/01/09 21:28:53 | 000,000,000 | ---D | C] -- C:\Users\Swag\AppData\Local\Programs[2013/01/09 21:21:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HLP Free PC Cleaner[2013/01/09 21:21:05 | 001,077,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscomctl.ocx[2013/01/09 21:21:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HLPSOFT[2013/01/09 20:54:54 | 000,000,000 | ---D | C] -- C:\Users\Swag\AppData\Local\Microsoft Games[2013/01/09 18:33:42 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll[2013/01/09 18:33:42 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll[2013/01/09 18:33:27 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll[2013/01/09 18:33:26 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll[2013/01/09 18:33:20 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs[2013/01/09 18:33:20 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs[2013/01/09 18:33:20 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs[2013/01/09 18:33:20 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs[2013/01/09 18:33:19 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs[2013/01/09 18:33:19 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs[2013/01/09 18:33:19 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs[2013/01/09 18:33:19 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs[2013/01/09 18:33:19 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs[2013/01/09 18:33:19 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs[2013/01/09 18:33:19 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs[2013/01/09 18:33:19 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs[2013/01/09 18:33:19 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs[2013/01/09 18:33:19 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs[2013/01/09 18:33:19 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs[2013/01/09 18:33:19 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs[2013/01/09 18:33:19 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs[2013/01/09 18:33:19 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs[2013/01/09 18:33:18 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll[2013/01/09 18:33:18 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll[2013/01/09 18:33:18 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll[2013/01/09 18:33:18 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll[2013/01/09 18:33:18 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs[2013/01/09 18:33:18 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs[2013/01/09 18:33:16 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs[2013/01/09 18:33:16 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs[2013/01/09 18:33:16 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs[2013/01/09 18:33:16 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs[2013/01/09 18:33:16 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs[2013/01/09 18:33:16 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs[2013/01/09 18:33:16 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs[2013/01/09 18:33:16 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs[2013/01/09 18:32:35 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll[2013/01/09 18:32:34 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll[2013/01/09 18:32:34 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll[2013/01/09 18:32:34 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe[2013/01/09 18:32:34 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll[2013/01/09 18:32:34 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll[2013/01/09 18:32:34 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll[2013/01/09 18:32:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll[2013/01/09 18:32:34 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll[2013/01/09 18:32:34 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll[2013/01/09 18:32:33 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll[2013/01/09 18:32:33 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll[2013/01/09 18:32:33 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll[2013/01/09 18:32:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll[2013/01/09 18:32:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll[2013/01/09 18:32:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll[2013/01/09 18:32:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll[2013/01/09 18:32:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll[2013/01/09 18:32:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll[2013/01/09 18:32:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll[2013/01/09 18:32:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll[2013/01/09 18:32:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll[2013/01/09 18:32:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll[2013/01/09 18:32:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll[2013/01/09 18:32:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll[2013/01/09 18:32:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll[2013/01/09 18:32:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll[2013/01/09 18:32:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll[2013/01/09 18:32:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll[2013/01/09 18:32:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll[2013/01/09 18:32:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll[2013/01/09 18:32:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll[2013/01/09 18:32:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll[2013/01/09 18:32:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll[2013/01/09 18:32:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll[2013/01/09 18:32:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll[2013/01/09 18:32:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll[2013/01/09 18:32:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll[2013/01/09 18:32:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll[2013/01/09 18:32:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll[2013/01/09 18:32:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll[2013/01/09 18:32:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll[2013/01/09 18:32:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll[2013/01/09 18:32:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll[2013/01/09 18:32:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll[2013/01/09 18:32:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll[2013/01/09 18:32:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll[2013/01/09 18:32:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll[2013/01/09 18:32:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll[2013/01/09 18:32:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll[2013/01/09 18:32:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll[2013/01/09 18:32:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll[2013/01/09 18:32:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll[2013/01/09 18:32:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll[2013/01/09 18:32:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll[2013/01/09 18:32:30 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe[2013/01/09 18:32:30 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe[2013/01/09 18:32:30 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll[2013/01/09 18:32:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll[2013/01/09 18:32:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll[2013/01/09 18:32:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll[2013/01/09 18:32:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll[2013/01/09 18:32:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll[2013/01/09 18:32:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll[2013/01/09 18:32:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll[2013/01/09 18:32:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll[2013/01/09 18:32:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll[2013/01/09 18:32:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll[2013/01/09 18:32:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe[2013/01/09 18:32:09 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe[2013/01/06 09:42:08 | 000,000,000 | ---D | C] -- C:\Users\Swag\The.Big.Bang.Theory.S02.720p.HDTV.x264.AC3[2013/01/05 10:42:27 | 000,000,000 | ---D | C] -- C:\Users\Swag\The Big Bang Theory Season 3 Complete 720p[2013/01/05 10:42:11 | 000,000,000 | ---D | C] -- C:\Users\Swag\The Big Bang Theory - The Complete Season 5 [HDTV] + EXTRA[2012/12/31 20:26:36 | 000,000,000 | ---D | C] -- C:\Users\Swag\Ted (2012) [1080p][2012/12/30 20:12:47 | 000,000,000 | ---D | C] -- C:\Users\Swag\Never Back Down (2008) [1080p][2012/12/25 22:56:33 | 000,000,000 | ---D | C] -- C:\Users\Swag\Taylor Swift - Red (Deluxe Edition ) (Album - 2012) - [HP]========== Files - Modified Within 30 Days ==========[2013/01/23 20:40:19 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1776734167-4077454340-648305318-1001Core.job[2013/01/23 20:30:21 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1776734167-4077454340-648305318-1001UA.job[2013/01/23 20:30:14 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1776734167-4077454340-648305318-1001UA.job[2013/01/23 20:30:12 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2013/01/23 20:30:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2013/01/22 21:38:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1776734167-4077454340-648305318-1001Core.job[2013/01/21 17:47:02 | 000,001,978 | ---- | M] () -- C:\Users\Swag\AppData\Roaming\AbsoluteReminder.xml[2013/01/21 12:42:05 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2013/01/21 12:42:05 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2013/01/21 12:41:05 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2013/01/21 12:41:05 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2013/01/21 12:41:05 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2013/01/21 12:34:54 | 000,276,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2013/01/21 12:33:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf[2013/01/21 12:33:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf[2013/01/21 12:27:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf[2013/01/14 18:50:22 | 000,001,096 | ---- | M] () -- C:\Users\Swag\Desktop\HitmanPro_20130114_1849.zip[2013/01/14 18:49:11 | 000,011,710 | ---- | M] () -- C:\Users\Swag\Desktop\HitmanPro_20130114_1849.xml[2013/01/13 20:05:51 | 000,190,454 | ---- | M] () -- C:\Windows\SysNative\drivers\RTWAVES40.dat[2013/01/10 16:01:51 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts[2013/01/09 21:29:09 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/01/09 18:52:49 | 000,773,050 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2013/01/08 18:27:56 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe[2013/01/08 18:27:56 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl========== Files Created - No Company Name ==========[2013/01/21 12:33:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf[2013/01/21 12:33:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf[2013/01/21 12:27:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf[2013/01/14 18:50:22 | 000,001,096 | ---- | C] () -- C:\Users\Swag\Desktop\HitmanPro_20130114_1849.zip[2013/01/14 18:49:11 | 000,011,710 | ---- | C] () -- C:\Users\Swag\Desktop\HitmanPro_20130114_1849.xml[2013/01/13 06:00:44 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT[2013/01/10 15:56:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2013/01/10 15:56:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2013/01/10 15:56:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2013/01/10 15:56:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2013/01/10 15:56:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2013/01/09 21:29:09 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2012/11/19 11:12:22 | 168,616,500 | ---- | C] () -- C:\Users\Swag\cm-10-20121118-EXPERIMENTAL-d2spr-bass-bluetooth-test.zip[2012/11/18 10:12:11 | 006,898,796 | ---- | C] () -- C:\Users\Swag\Timomatic - Set It Off.mp3[2012/06/30 07:49:06 | 000,001,978 | ---- | C] () -- C:\Users\Swag\AppData\Roaming\AbsoluteReminder.xml[2012/03/31 11:46:46 | 000,137,732 | ---- | C] () -- C:\Windows\hpoins44.dat[2012/03/31 11:46:46 | 000,000,512 | ---- | C] () -- C:\Windows\hpomdl44.dat[2012/02/24 04:58:37 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin[2012/02/24 04:58:37 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin[2012/02/24 04:58:36 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll[2012/02/24 04:58:35 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin[2012/02/24 04:58:34 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll[2011/08/19 11:34:44 | 000,089,584 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll[2011/08/19 11:34:32 | 000,059,888 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll[2011/08/19 11:34:22 | 000,251,888 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll[2011/02/10 10:10:51 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI========== ZeroAccess Check ==========[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32][HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]< End of report > Link to post Share on other sites More sharing options...
TheDarkKnight Posted January 24, 2013 ID:638618 Share Posted January 24, 2013 Good afternoon fishtaco254. OK well OTL came up clean. Let's get a little more information first.Does it happen in all your browsers? Link to post Share on other sites More sharing options...
fishtaco254 Posted January 28, 2013 Author ID:640646 Share Posted January 28, 2013 Yes it's happening in both chrome and IE. If I upgrade to windows 8 would it rid the problem? I was wanting to upgrade anyway. Link to post Share on other sites More sharing options...
TheDarkKnight Posted January 29, 2013 ID:640748 Share Posted January 29, 2013 Hey fishtaco254,Most likely. If you save your files and reformat with Windows 8 it will be gone. Let me know what you want to do. Link to post Share on other sites More sharing options...
fishtaco254 Posted January 31, 2013 Author ID:641630 Share Posted January 31, 2013 Yea I'll just put windows 8 on my comp. It offers a 2gb download of it. What's the best way to backup my data? Thanks for the help Link to post Share on other sites More sharing options...
TheDarkKnight Posted January 31, 2013 ID:641751 Share Posted January 31, 2013 Hello fishtaco254,When you reformat you will get the option to not wipe your files. In addition, you could use a hard drive or a CD.Please let me know how it goes. Link to post Share on other sites More sharing options...
fishtaco254 Posted February 5, 2013 Author ID:643648 Share Posted February 5, 2013 Well me being the moron that I am I didn't realize microsoft was ending the $39.99 upgrade to W8 on jan 31st.. so I guess I need to press on fixing this issue. Unless you know of a way to get it at $39.99 still. Thanks Link to post Share on other sites More sharing options...
TheDarkKnight Posted February 5, 2013 ID:643671 Share Posted February 5, 2013 Hello fishtaco254,For x32 (x86) bit systems please download the Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.For x64 bit systems please download the Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options.To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using the Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt.[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select Computer, find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter.Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to the disclaimer.[*]Press the Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it in your reply. Link to post Share on other sites More sharing options...
LDTate Posted February 15, 2013 ID:647375 Share Posted February 15, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
TheDarkKnight Posted February 18, 2013 ID:648589 Share Posted February 18, 2013 Hey fishtaco254,Please follow the instructions in my previous post. Link to post Share on other sites More sharing options...
fishtaco254 Posted February 18, 2013 Author ID:648647 Share Posted February 18, 2013 Will do, got a little behind. Will do this either today or tomorrow thanks! Link to post Share on other sites More sharing options...
TheDarkKnight Posted February 19, 2013 ID:648749 Share Posted February 19, 2013 No worries. Link to post Share on other sites More sharing options...
fishtaco254 Posted February 20, 2013 Author ID:649077 Share Posted February 20, 2013 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-02-2013 (ATTENTION: FRST version is 13 days old)Ran by SYSTEM at 19-02-2013 21:32:02Running from E:\Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) The current controlset is ControlSet001==================== Registry (Whitelisted) ===================HKLM\...\Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-09-15] (Intel® Corporation)HKLM\...\Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10357008 2011-10-18] (Intel Corporation)HKLM\...\Run: [stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet [2034752 2011-08-08] ()HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [497648 2010-07-29] (Adobe Systems Incorporated)HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [482661 2011-11-03] ()HKLM\...\Run: [CyCpIo] C:\Program Files\Cypress\TrackPad\CyCpIo.exe [2375168 2011-11-08] (Cypress Semiconductor Corporation)HKLM\...\Run: [CyHidWin] C:\Program Files\Cypress\TrackPad\CyHidWin.exe [2354176 2011-10-18] (Cypress Semiconductor, Inc.)HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6548112 2012-06-12] (Realtek Semiconductor)HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4 [1212560 2012-06-13] (Realtek Semiconductor)HKLM\...\Run: [intelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" [1464944 2012-11-02] (Microsoft Corporation)HKLM\...\Run: [intelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2076272 2012-11-02] (Microsoft Corporation)HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [4391072 2012-12-10] (Dell Inc.)HKLM-x32\...\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [96240 2011-08-19] (Sensible Vision )HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [503942 2011-04-13] (Creative Technology Ltd)HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35768 2012-07-27] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1534504 2013-01-14] (McAfee, Inc.)HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2829241 2011-11-03] ()HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)HKLM-x32\...\Run: [FAStartup] [x]HKU\Swag\...\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" [495616 2007-09-02] ()HKU\Swag\...\Run: [Facebook Update] "C:\Users\Swag\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)HKU\Swag\...\Run: [spotify Web Helper] "C:\Users\Swag\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1199576 2012-10-28] (Spotify Ltd)HKU\Swag\...\Run: [googletalk] C:\Users\Swag\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google)HKU\Swag\...\Run: [Google Update] "C:\Users\Swag\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-03-06] (Google Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.0.1Lsa: [Notification Packages] scecli FAPassSyncStartup: C:\Users\All Users\Start Menu\Programs\Startup\Rainmeter.lnkShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()==================== Services (Whitelisted) ===================2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [184320 2011-07-06] (Intel Corporation)2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [121856 2011-11-10] ()2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)3 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [224704 2011-03-08] (McAfee, Inc.)2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [383608 2012-11-16] (McAfee, Inc.)4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [241016 2012-12-26] (McAfee, Inc.)2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218320 2012-12-26] (McAfee, Inc.)2 mfevtp; "C:\Windows\system32\mfevtps.exe" [182312 2012-12-26] (McAfee, Inc.)2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] ()2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [200808 2012-05-09] (Realtek Semiconductor)==================== Drivers (Whitelisted) =====================3 AX88178; C:\Windows\System32\Drivers\AX88178.sys [56320 2009-10-02] (ASIX Electronics Corp.)3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [69672 2012-12-26] (McAfee, Inc.)3 cyhid; C:\Windows\System32\Drivers\cyhid.sys [117248 2011-12-08] (Cypress Semiconductor, Inc.)3 cykbfltrService; C:\Windows\System32\DRIVERS\cykbfltr.sys [13824 2011-10-18] (Cypress Semiconductor, Inc.)3 cymfltrService; C:\Windows\System32\DRIVERS\cymfltr.sys [79872 2011-12-08] (Cypress Semiconductor, Inc.)3 FLxHCIh; C:\Windows\System32\Drivers\FLxHCIh.sys [70912 2011-10-04] (Fresco Logic)3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)3 ikbevent; C:\Windows\System32\Drivers\ikbevent.sys [25024 2011-11-10] ()3 irstrtdv; C:\Windows\System32\Drivers\irstrtdv.sys [26504 2011-06-16] (Intel Corporation)3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2011-11-10] ()3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [178840 2012-12-26] (McAfee, Inc.)3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [309400 2012-12-26] (McAfee, Inc.)3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [515528 2012-12-26] (McAfee, Inc.)0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [771096 2012-12-26] (McAfee, Inc.)3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [106112 2012-12-26] (McAfee, Inc.)0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [339776 2012-12-26] (McAfee, Inc.)3 catchme; \??\C:\ComboFix\catchme.sys [x]3 mfeavfk01; [x]3 TDKLIB; \??\C:\Users\Swag\AppData\Local\Temp\ExtactTemp\TdkLib64.sys [x]==================== NetSvcs (Whitelisted) ======================================== One Month Created Files and Folders ========2013-02-19 21:31 - 2013-02-19 21:31 - 00000000 ____D C:\FRST2013-02-19 21:23 - 2013-02-19 21:23 - 01464401 ____A (Farbar) C:\Users\Swag\Downloads\FRST64 (1).exe2013-02-17 18:02 - 2013-02-17 18:42 - 00000000 ____D C:\Users\Swag\Project X (2012) [1080p]2013-02-17 17:57 - 2013-02-17 18:04 - 00000000 ____D C:\Users\Swag\Halo.4.Forward.Unto.Dawn.2012.BDRip.XviD-GECKOS2013-02-15 07:56 - 2013-01-08 19:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-02-15 07:56 - 2013-01-08 19:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-02-15 07:56 - 2013-01-08 19:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-02-15 07:56 - 2013-01-08 19:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-02-15 07:56 - 2013-01-08 19:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-02-15 07:56 - 2013-01-08 19:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2013-02-15 07:56 - 2013-01-08 19:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll2013-02-15 07:56 - 2013-01-08 19:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-02-15 07:56 - 2013-01-08 19:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-02-15 07:56 - 2013-01-08 19:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll2013-02-15 07:56 - 2013-01-08 19:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2013-02-15 07:56 - 2013-01-08 19:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-02-15 07:56 - 2013-01-08 19:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-02-15 07:56 - 2013-01-08 19:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-02-15 07:56 - 2013-01-08 19:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2013-02-15 07:56 - 2013-01-08 19:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-02-15 07:56 - 2013-01-08 16:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-02-15 07:56 - 2013-01-08 16:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-02-15 07:56 - 2013-01-08 16:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-02-15 07:56 - 2013-01-08 16:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2013-02-15 07:56 - 2013-01-08 16:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-02-15 07:56 - 2013-01-08 16:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-02-15 07:56 - 2013-01-08 16:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2013-02-15 07:56 - 2013-01-08 16:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-02-15 07:56 - 2013-01-08 15:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2013-02-15 07:56 - 2013-01-08 15:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-02-15 07:56 - 2013-01-08 15:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2013-02-15 07:56 - 2013-01-08 15:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-02-15 07:56 - 2013-01-08 15:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-02-15 07:56 - 2013-01-08 15:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-02-15 07:56 - 2013-01-08 15:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2013-02-15 07:56 - 2013-01-08 15:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-02-12 18:56 - 2013-01-04 23:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe2013-02-12 18:56 - 2013-01-04 23:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2013-02-12 18:56 - 2013-01-04 23:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2013-02-12 18:56 - 2013-01-03 23:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll2013-02-12 18:56 - 2013-01-03 22:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2013-02-12 18:56 - 2013-01-03 21:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys2013-02-12 18:56 - 2013-01-03 20:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2013-02-12 18:56 - 2013-01-03 20:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2013-02-12 18:56 - 2013-01-03 20:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2013-02-12 18:56 - 2013-01-03 20:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2013-02-12 18:56 - 2013-01-03 00:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys2013-02-12 18:56 - 2013-01-03 00:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS2013-02-09 19:16 - 2013-02-09 19:16 - 00002055 ____A C:\Users\Swag\Desktop\foobar2000 - Shortcut.lnk2013-02-06 20:36 - 2013-02-06 20:36 - 01464149 ____A (Farbar) C:\Users\Swag\Downloads\FRST64.exe2013-02-05 21:35 - 2013-02-05 21:35 - 00000000 ____D C:\Users\Swag\Application Data\Mozilla2013-02-05 21:35 - 2013-02-05 21:35 - 00000000 ____D C:\Users\Swag\AppData\Roaming\Mozilla2013-02-04 21:11 - 2013-02-04 21:11 - 05487016 ____A (Microsoft Corporation) C:\Users\Swag\Downloads\Windows8-UpgradeAssistant (2).exe2013-01-27 11:37 - 2013-01-27 11:49 - 171822579 ____A C:\Users\Swag\Downloads\cm-10.1-20130127-NIGHTLY-d2spr.zip2013-01-27 08:21 - 2013-01-27 08:21 - 05442160 ____A (Microsoft Corporation) C:\Users\Swag\Downloads\Windows8-UpgradeAssistant (1).exe2013-01-26 22:11 - 2013-01-26 22:12 - 00000000 ____D C:\Users\Swag\Last.Man.Standing.S012013-01-26 12:18 - 2013-01-26 12:19 - 07964160 ____A C:\Users\Swag\Downloads\APP_Quickset_W78_A07_HP6F0-Setup_ZPE.exe2013-01-26 09:39 - 2013-01-26 09:39 - 05442160 ____A (Microsoft Corporation) C:\Users\Swag\Downloads\Windows8-UpgradeAssistant.exe2013-01-21 12:33 - 2013-01-21 12:33 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_point64_01011.Wdf2013-01-21 12:33 - 2013-01-21 12:33 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_NuidFltr_01009.Wdf2013-01-21 12:33 - 2013-01-21 12:33 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center2013-01-21 12:27 - 2013-01-21 12:27 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01011.Wdf2013-01-20 12:53 - 2013-01-20 13:35 - 00000000 ____D C:\Users\Swag\We.Are.Legion.2012.DVDRip.x264-NOGRP2013-01-20 10:24 - 2013-01-20 10:32 - 00000000 ____D C:\Users\Swag\Act of Valor (2012) [1080p]==================== One Month Modified Files and Folders =======2013-02-19 21:31 - 2013-02-19 21:31 - 00000000 ____D C:\FRST2013-02-19 21:25 - 2012-02-24 03:50 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks2013-02-19 21:25 - 2012-02-24 03:50 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks2013-02-19 21:25 - 2012-02-24 03:50 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks2013-02-19 21:25 - 2012-02-24 03:50 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks2013-02-19 21:25 - 2012-02-24 03:50 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks2013-02-19 21:25 - 2012-02-24 03:50 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks2013-02-19 21:25 - 2012-02-24 03:43 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup2013-02-19 21:24 - 2012-03-11 20:33 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1776734167-4077454340-648305318-1001Core.job2013-02-19 21:24 - 2012-03-06 16:02 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1776734167-4077454340-648305318-1001Core.job2013-02-19 21:24 - 2012-02-24 03:24 - 01084029 ____A C:\Windows\WindowsUpdate.log2013-02-19 21:24 - 2009-07-13 23:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2013-02-19 21:24 - 2009-07-13 22:51 - 00084124 ____A C:\Windows\setupact.log2013-02-19 21:23 - 2013-02-19 21:23 - 01464401 ____A (Farbar) C:\Users\Swag\Downloads\FRST64 (1).exe2013-02-19 21:22 - 2009-07-13 23:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI2013-02-19 21:20 - 2012-09-05 05:51 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2013-02-19 21:20 - 2012-03-11 20:33 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1776734167-4077454340-648305318-1001UA.job2013-02-19 21:20 - 2012-03-06 16:02 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1776734167-4077454340-648305318-1001UA.job2013-02-18 07:54 - 2009-07-13 22:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-02-18 07:54 - 2009-07-13 22:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-02-17 22:35 - 2012-03-06 21:12 - 00000000 ____D C:\Users\Swag\Local Settings\CrashDumps2013-02-17 22:35 - 2012-03-06 21:12 - 00000000 ____D C:\Users\Swag\Local Settings\Application Data\CrashDumps2013-02-17 22:35 - 2012-03-06 21:12 - 00000000 ____D C:\Users\Swag\AppData\Local\CrashDumps2013-02-17 22:33 - 2012-03-06 16:46 - 00000000 ____D C:\Users\Swag\Application Data\Spotify2013-02-17 22:33 - 2012-03-06 16:46 - 00000000 ____D C:\Users\Swag\AppData\Roaming\Spotify2013-02-17 22:32 - 2012-05-26 10:06 - 00000000 ____D C:\Users\Swag\Application Data\uTorrent2013-02-17 22:32 - 2012-05-26 10:06 - 00000000 ____D C:\Users\Swag\AppData\Roaming\uTorrent2013-02-17 22:28 - 2012-03-06 16:47 - 00000000 ____D C:\Users\Swag\Local Settings\Spotify2013-02-17 22:28 - 2012-03-06 16:47 - 00000000 ____D C:\Users\Swag\Local Settings\Application Data\Spotify2013-02-17 22:28 - 2012-03-06 16:47 - 00000000 ____D C:\Users\Swag\AppData\Local\Spotify2013-02-17 18:42 - 2013-02-17 18:02 - 00000000 ____D C:\Users\Swag\Project X (2012) [1080p]2013-02-17 18:04 - 2013-02-17 17:57 - 00000000 ____D C:\Users\Swag\Halo.4.Forward.Unto.Dawn.2012.BDRip.XviD-GECKOS2013-02-17 18:02 - 2012-03-06 15:50 - 00000000 ____D C:\users\Swag2013-02-15 09:26 - 2009-07-13 22:45 - 00276128 ____A C:\Windows\System32\FNTCACHE.DAT2013-02-15 07:59 - 2012-03-11 20:29 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe2013-02-15 07:52 - 2012-02-24 03:58 - 00000000 ____D C:\Program Files\Common Files\mcafee2013-02-15 07:52 - 2010-11-20 21:47 - 00032232 ____A C:\Windows\PFRO.log2013-02-13 21:59 - 2012-11-29 14:12 - 00000000 ____D C:\Users\Swag\Application Data\foobar20002013-02-13 21:59 - 2012-11-29 14:12 - 00000000 ____D C:\Users\Swag\AppData\Roaming\foobar20002013-02-12 18:25 - 2012-03-09 19:19 - 00000000 ____D C:\Users\Swag\Application Data\Skype2013-02-12 18:25 - 2012-03-09 19:19 - 00000000 ____D C:\Users\Swag\AppData\Roaming\Skype2013-02-12 16:37 - 2012-04-16 08:12 - 00000000 ____D C:\Program Files\Dell Support Center2013-02-12 16:36 - 2012-03-06 16:00 - 00000000 ____D C:\Users\All Users\PCDr2013-02-12 16:36 - 2012-03-06 16:00 - 00000000 ____D C:\Users\All Users\Application Data\PCDr2013-02-10 20:28 - 2012-09-05 05:51 - 00697712 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-02-10 20:28 - 2012-02-24 03:25 - 00074096 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-02-09 19:16 - 2013-02-09 19:16 - 00002055 ____A C:\Users\Swag\Desktop\foobar2000 - Shortcut.lnk2013-02-09 19:00 - 2012-08-08 19:31 - 00000000 ____D C:\Users\Swag\Application Data\vlc2013-02-09 19:00 - 2012-08-08 19:31 - 00000000 ____D C:\Users\Swag\AppData\Roaming\vlc2013-02-09 19:00 - 2012-06-30 07:49 - 00002070 ____A C:\Users\Swag\Application Data\AbsoluteReminder.xml2013-02-09 19:00 - 2012-06-30 07:49 - 00002070 ____A C:\Users\Swag\AppData\Roaming\AbsoluteReminder.xml2013-02-06 20:36 - 2013-02-06 20:36 - 01464149 ____A (Farbar) C:\Users\Swag\Downloads\FRST64.exe2013-02-05 21:35 - 2013-02-05 21:35 - 00000000 ____D C:\Users\Swag\Application Data\Mozilla2013-02-05 21:35 - 2013-02-05 21:35 - 00000000 ____D C:\Users\Swag\AppData\Roaming\Mozilla2013-02-04 21:11 - 2013-02-04 21:11 - 05487016 ____A (Microsoft Corporation) C:\Users\Swag\Downloads\Windows8-UpgradeAssistant (2).exe2013-02-03 17:57 - 2012-02-24 03:58 - 00000000 ____D C:\Users\All Users\Application Data\Adobe2013-02-03 17:56 - 2012-02-24 03:58 - 00000000 ____D C:\Users\All Users\Adobe2013-01-27 11:49 - 2013-01-27 11:37 - 171822579 ____A C:\Users\Swag\Downloads\cm-10.1-20130127-NIGHTLY-d2spr.zip2013-01-27 08:21 - 2013-01-27 08:21 - 05442160 ____A (Microsoft Corporation) C:\Users\Swag\Downloads\Windows8-UpgradeAssistant (1).exe2013-01-27 01:29 - 2013-01-05 10:42 - 00000000 ____D C:\Users\Swag\The Big Bang Theory Season 3 Complete 720p2013-01-26 22:12 - 2013-01-26 22:11 - 00000000 ____D C:\Users\Swag\Last.Man.Standing.S012013-01-26 12:19 - 2013-01-26 12:18 - 07964160 ____A C:\Users\Swag\Downloads\APP_Quickset_W78_A07_HP6F0-Setup_ZPE.exe2013-01-26 09:39 - 2013-01-26 09:39 - 05442160 ____A (Microsoft Corporation) C:\Users\Swag\Downloads\Windows8-UpgradeAssistant.exe2013-01-23 20:47 - 2013-01-11 05:32 - 00152654 ____A C:\Users\Swag\Downloads\OTL.Txt2013-01-21 12:34 - 2012-03-06 15:51 - 00060064 ____A C:\Users\Swag\Local Settings\GDIPFONTCACHEV1.DAT2013-01-21 12:34 - 2012-03-06 15:51 - 00060064 ____A C:\Users\Swag\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2013-01-21 12:34 - 2012-03-06 15:51 - 00060064 ____A C:\Users\Swag\AppData\Local\GDIPFONTCACHEV1.DAT2013-01-21 12:33 - 2013-01-21 12:33 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_point64_01011.Wdf2013-01-21 12:33 - 2013-01-21 12:33 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_NuidFltr_01009.Wdf2013-01-21 12:33 - 2013-01-21 12:33 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center2013-01-21 12:27 - 2013-01-21 12:27 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01011.Wdf2013-01-20 13:35 - 2013-01-20 12:53 - 00000000 ____D C:\Users\Swag\We.Are.Legion.2012.DVDRip.x264-NOGRP2013-01-20 10:32 - 2013-01-20 10:24 - 00000000 ____D C:\Users\Swag\Act of Valor (2012) [1080p]==================== Known DLLs (Whitelisted) ===================================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK==================== Restore Points =========================Restore point made on: 2013-01-21 09:54:34Restore point made on: 2013-01-21 12:33:37Restore point made on: 2013-01-29 00:00:13Restore point made on: 2013-02-12 17:31:07Restore point made on: 2013-02-15 07:56:25==================== Memory info =========================== Percentage of memory in use: 16%Total physical RAM: 3406.59 MBAvailable physical RAM: 2832.63 MBTotal Pagefile: 3404.79 MBAvailable Pagefile: 2835.09 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.89 MB==================== Partitions =============================1 Drive c: (OS) (Fixed) (Total:212.18 GB) (Free:55.75 GB) NTFS2 Drive d: (RECOVERY) (Fixed) (Total:18.25 GB) (Free:8.02 GB) NTFS ==>[system with boot components (obtained from reading drive)]3 Drive e: () (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT324 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 238 GB 0 B Disk 1 Online 7633 MB 0 B Partitions of Disk 0:===============Disk ID: 25B19847 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 39 MB 31 KB Partition 2 Primary 18 GB 40 MB Partition 3 Primary 212 GB 18 GB Partition 4 OEM 8 GB 230 GB==================================================================================Disk: 0Partition 1Type : DEHidden: YesActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 3 FAT Partition 39 MB Healthy Hidden =========================================================Disk: 0Partition 2Type : 07Hidden: NoActive: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 0 D RECOVERY NTFS Partition 18 GB Healthy =========================================================Disk: 0Partition 3Type : 07Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 1 C OS NTFS Partition 212 GB Healthy =========================================================Disk: 0Partition 4Type : 84Hidden: YesActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 3 RAW Partition 8 GB Healthy Hidden =========================================================Partitions of Disk 1:===============Disk ID: 00000000 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 7633 MB 16 KB==================================================================================Disk: 1Partition 1Type : 0BHidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 2 E FAT32 Removable 7633 MB Healthy =========================================================Last Boot: 2013-02-16 04:22==================== End Of Log ============================= Link to post Share on other sites More sharing options...
TheDarkKnight Posted February 20, 2013 ID:649121 Share Posted February 20, 2013 Howdy fishtaco254. Please go to http://www.virustotal.com, click on Choose File, and upload the following file for analysis: You will only be able to have one file scanned at a time.C:\Users\Swag\AppData\Local\Temp\ExtactTemp\TdkLib64.sysThen click Scan It!. Allow the file to be scanned, and then please copy/paste the results here for me to see.Note: If a message appears saying the file has already been analysed, please resend the file. Link to post Share on other sites More sharing options...
fishtaco254 Posted February 20, 2013 Author ID:649413 Share Posted February 20, 2013 Unfortunately I can't find that file. I've tried searching numerous ways and I can't find it... Link to post Share on other sites More sharing options...
TheDarkKnight Posted February 21, 2013 ID:649553 Share Posted February 21, 2013 Good afternoon fishtaco254,To do this, please set Win7 to show hidden/system files and folders so that you can find them:Please click Start and open My Computer.On the Organize tab, click on Folder and search options.On the View tab, uncheck Hide file extensions for known file types.Also uncheck Hide protected operating system files (Recommended) and click Yes on the warning message.Under Hidden files and folders, check Show hidden files, folders, or drives.Click Apply.Click OK and close My Computer.I will give you instructions for hiding them again after it looks like your computer is clean.Now try to find it. Link to post Share on other sites More sharing options...
fishtaco254 Posted February 21, 2013 Author ID:649571 Share Posted February 21, 2013 Still can't find it. I get all the the way to Temp and the trail goes dead, no ExactTemp folder to be found. I tried searching for the file also Link to post Share on other sites More sharing options...
TheDarkKnight Posted February 22, 2013 ID:649786 Share Posted February 22, 2013 Hey fishtaco254,Please download to your Desktop SystemLook by jpshortstuff from here.Double-click SystemLook.exe and copy and paste the content of the following codebox (starting with :filefind) into the main textfield and click the Look button to start the scan::filefindTdkLib64.sysWhen finished, a notepad window will open with the results of the scan. Please post this log in your next reply.Note: The log can also be found on your Desktop entitled SystemLook.txt. Link to post Share on other sites More sharing options...
fishtaco254 Posted February 22, 2013 Author ID:649791 Share Posted February 22, 2013 <p> </p><div>========== filefind ==========</div><div> </div><div>Searching for "TdkLib64.sys"</div><div>No files found.</div><div> </div><div>-= EOF =-</div> Link to post Share on other sites More sharing options...
TheDarkKnight Posted February 22, 2013 ID:649835 Share Posted February 22, 2013 Hello fishtaco254,So this popup you are seeing is appearing in what browsers? Link to post Share on other sites More sharing options...
TheDarkKnight Posted February 23, 2013 ID:650397 Share Posted February 23, 2013 Just a side note: I am away until Tuesday. Link to post Share on other sites More sharing options...
Recommended Posts