Jump to content

Unknown virus/malware?

ELVIS7

By ELVIS7
in Resolved Malware Removal Logs

 Share

Recommended Posts

ELVIS7

ELVIS7

Posted
Posted

Last week while looking at my windows 8 startup items I noticed two unusual items: abcebcaafdacdaad.exe and iqewi.exe . searching online did not come up with anything and the reason for my looking at the startup items was because my laptop started playing a "vocal" add and I had no clue where it was coming from, it stopped after I ended those two tasks. when I went to open folder, they were located in c:users/....app data/roaming . Virus scans did not find anything,(Norton,microsoft,lavasoft,) but I managed to finally delete the files by disabling their startup and then restarting and deleting them. since then I downloaded the free version of Mbam (malwarebytes) and do a scan once a day and also check the roaming folder to see if they have reappeared. Today I ran a scan with mbam and it came back with nothing found, I looked at my startup items and the abcebcaafdacdaad.exe was back( although still disabled from starting), I located its file in roaming, in a folder named : 50ab9388-c7e1-4b6c-aa2f-98d6a44c1d4aad . I deleted it without trouble but am now unsecure for I cannot find any info on it online and mbam failed to find the threat. where do I go from here? I have the folder in the trash can, is there a way I can zip it and send it to some place where they study viruses and malware etc?

Link to post
Share on other sites
ELVIS7

ELVIS7

Posted
  • Author
Posted

also, prior to my restarting the laptop ,disabling acb etc, when ever I would try to delete the file, I would get a message saying cannot delete, file is being used by.... and even when I would end that task, it would jump to a different task and say file is being used by that task.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites
ELVIS7

ELVIS7

Posted
  • Author
Posted (edited)

here is the mbam text, ill add dds when done

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16519 BrowserJavaVersion: 10.9.2

Run by Elvis at 23:40:34 on 2013-04-01

Microsoft Windows 8 Pro with Media Center 6.2.9200.0.1252.2.1033.18.8071.5091 [GMT -4:00]

.

AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\dwm.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Windows\system32\AdminService.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Windows\system32\dashost.exe

C:\Windows\SysWOW64\irstrtsv.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Windows\SysWOW64\rpcnet.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Windows Defender\MsMpEng.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\system32\taskhostex.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\Synaptics\SynTP\DellTouchpad.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe

C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe

C:\Program Files (x86)\Stardock\ObjectDockPlus2\Dock64.exe

C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDockTray.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files\Zune\ZuneNss.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\MetaGeek\inSSIDer 3\inSSIDer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

C:\Windows\System32\RuntimeBroker.exe

C:\Windows\WinStore\WSHost.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Windows\notepad.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.ustart.org/

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [skyDrive] "C:\Users\Elvis\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background

uRun: [Rogers One Number] "C:\Program Files (x86)\Rogers\Rogers One Number\RogersOneNumber.exe" /startup

uRunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil64_11_6_602_168_Plugin.exe -update plugin

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [FAStartup] <no file>

StartupFolder: C:\Users\Elvis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab

TCP: NameServer = 192.168.1.7

TCP: Interfaces\{138FBE68-E408-4D0A-912C-AAF02AFA367A} : DHCPNameServer = 192.168.1.7

TCP: Interfaces\{138FBE68-E408-4D0A-912C-AAF02AFA367A}\34963736F61323238373 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{138FBE68-E408-4D0A-912C-AAF02AFA367A}\4456E6E69772370275962756C6563737 : DHCPNameServer = 10.0.1.1

TCP: Interfaces\{138FBE68-E408-4D0A-912C-AAF02AFA367A}\45865602741627C69636B602B496E676 : DHCPNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{138FBE68-E408-4D0A-912C-AAF02AFA367A}\5414 : DHCPNameServer = 192.168.1.7

TCP: Interfaces\{138FBE68-E408-4D0A-912C-AAF02AFA367A}\7594E444D2D4F62696C656D244130353D223242454 : DHCPNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{799B4C83-AB4E-4794-9AD0-5CE7A5164CA2} : DHCPNameServer = 192.168.1.7

TCP: Interfaces\{799B4C83-AB4E-4794-9AD0-5CE7A5164CA2}\5414 : DHCPNameServer = 192.168.1.7

TCP: Interfaces\{799B4C83-AB4E-4794-9AD0-5CE7A5164CA2}\541423 : DHCPNameServer = 192.168.1.7

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs= C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll, C:\Windows\SysWOW64\nvinit.dll

SSODL: WebCheck - <orphaned>

mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4

x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"

x64-Run: [DellWPF] C:\Program Files (x86)\Synaptics\SynTP\DellTouchpad.exe /hidegui

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe

x64-mPolicies-System: PromptOnSecureDesktop = dword:0

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

x64-STS: ObjectDockShlExt Class - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll

.

============= SERVICES / DRIVERS ===============

.

R0 gfibto;gfibto;C:\Windows\System32\Drivers\gfibto.sys [2013-3-24 14456]

R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-10-27 651832]

R0 nvpciflt;nvpciflt;C:\Windows\System32\Drivers\nvpciflt.sys [2013-3-26 30496]

R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\Drivers\stdcfltn.sys [2012-10-29 22168]

R1 nvkflt;nvkflt;C:\Windows\System32\Drivers\nvkflt.sys [2013-3-26 284448]

R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\Windows\System32\Drivers\SABI.sys [2012-10-30 13824]

R2 AbsoluteNotifier;Absolute Notifier;C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2011-5-10 10920]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-10-30 98208]

R2 AtherosSvc;AtherosSvc;C:\Windows\System32\AdminService.exe [2012-8-29 208384]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-10-29 14904]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-10-30 2445968]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]

R2 irstrtsv;Intel® Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2012-11-2 193576]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-10-29 165760]

R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2012-10-30 201360]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-10-29 364416]

R3 akw8x64;Killer Wireless-N 1102 device driver;C:\Windows\System32\Drivers\akw8x64.sys [2012-11-8 3203440]

R3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2012-8-29 565760]

R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]

R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-1-10 169752]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-6-19 342528]

R3 irstrtdv;Intel® Rapid Start Technology Driver;C:\Windows\System32\Drivers\irstrtdv.sys [2012-11-2 43800]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\Drivers\RtsPStor.sys [2012-3-29 339600]

R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-3-30 723088]

R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2013-1-10 31032]

R3 ST_ACCEL;STMicroelectronics Accelerometer Service;C:\Windows\System32\Drivers\ST_Accel.sys [2012-10-29 71832]

R3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2012-11-16 23552]

S2 PRTGProbeService;PRTG Probe Service;"C:\Program Files (x86)\PRTG Network Monitor\PRTG Probe.exe" --> C:\Program Files (x86)\PRTG Network Monitor\PRTG Probe.exe [?]

S2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;"C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe" --> C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [?]

S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\Drivers\AmpPal.sys [2012-9-13 162344]

S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2013-3-19 88728]

S3 BthA2DP;Bluetooth Stereo;C:\Windows\System32\Drivers\BthA2DP.sys [2013-3-13 117632]

S3 BthHFAud;Bluetooth Hands-Free;C:\Windows\System32\Drivers\BthHfAud.sys [2013-3-13 30720]

S3 BthHFSrv;Bluetooth Handsfree Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2012-10-30 29696]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2012-9-19 102368]

S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\Drivers\facap.sys [2008-9-24 238848]

S3 GenericMount;Generic Mount Driver;C:\Windows\System32\Drivers\GenericMount.sys [2009-9-21 66608]

S3 iscFlash;iscFlash;C:\Users\Elvis\AppData\Local\Temp\7zS1F6A.tmp\iscflashx64.sys [2013-1-10 58464]

S3 NETwNe64;@oem35.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\Windows\System32\Drivers\NETwew00.sys [2012-10-10 4309032]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2012-9-19 203104]

S3 SymSnapService;SymSnapService;"C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe" --> C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-7-9 52736]

S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\Drivers\wdcsam64.sys [2008-5-6 14464]

S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]

S3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;C:\Windows\System32\Drivers\xusb22.sys [2012-7-25 89088]

S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]

S4 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe --> C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [?]

.

=============== Created Last 30 ================

.

2013-04-02 03:09:00 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E1477ECF-4C20-4B26-B0E1-36B21020E782}\offreg.dll

2013-04-02 01:22:30 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E1477ECF-4C20-4B26-B0E1-36B21020E782}\mpengine.dll

2013-04-01 07:09:29 -------- d-----w- C:\Users\Elvis\AppData\Local\MetaGeek,_LLC

2013-04-01 07:09:29 -------- d-----w- C:\Users\Elvis\AppData\Local\IsolatedStorage

2013-04-01 07:09:23 -------- d-----w- C:\Program Files (x86)\MetaGeek

2013-04-01 05:00:03 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2013-03-31 02:45:07 -------- d-----w- C:\Windows\LastGood.Tmp

2013-03-31 02:44:23 74344 ----a-w- C:\Windows\System32\RtNicProp64.dll

2013-03-31 02:44:23 723088 ----a-w- C:\Windows\System32\drivers\Rt630x64.sys

2013-03-31 02:37:40 -------- d-----w- C:\Program Files\Dell

2013-03-30 01:37:08 17408 ----a-w- C:\Windows\SysWow64\rpcnetp.dll

2013-03-28 11:44:46 187152 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10197.bin

2013-03-26 05:40:30 873448 ----a-w- C:\Program Files\Windows Defender\MpClient.dll

2013-03-25 03:36:21 -------- d-----w- C:\Users\Elvis\AppData\Roaming\Malwarebytes

2013-03-25 03:35:28 -------- d-----w- C:\ProgramData\Malwarebytes

2013-03-25 03:35:25 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-25 03:35:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-03-25 01:07:27 -------- d-----w- C:\Program Files (x86)\MSECache

2013-03-25 00:56:18 -------- d-----w- C:\Users\Elvis\AppData\Roaming\LavasoftStatistics

2013-03-25 00:53:59 -------- d-----w- C:\ProgramData\Downloaded Installations

2013-03-25 00:53:45 -------- d-----w- C:\Program Files (x86)\adawaretb

2013-03-25 00:53:41 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner

2013-03-25 00:52:13 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys

2013-03-22 03:43:44 -------- d-----w- C:\Program Files\iPod

2013-03-22 03:43:43 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-03-22 03:43:43 -------- d-----w- C:\Program Files\iTunes

2013-03-22 03:43:43 -------- d-----w- C:\Program Files (x86)\iTunes

2013-03-21 18:26:58 20992 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-03-19 23:32:43 88728 ----a-w- C:\Windows\System32\drivers\btath_flt.sys

2013-03-19 21:38:42 1122664 ----a-w- C:\Windows\System32\wdfcoinstaller01009.dll

2013-03-15 02:07:52 559904 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2013-03-14 01:31:53 468992 ----a-w- C:\Windows\System32\MFMediaEngine.dll

2013-03-14 01:31:53 361984 ----a-w- C:\Windows\SysWow64\MFMediaEngine.dll

2013-03-14 00:25:29 622080 ----a-w- C:\Windows\System32\drivers\srv2.sys

2013-03-14 00:25:29 370688 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2013-03-14 00:25:29 247808 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2013-03-14 00:25:29 215552 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2013-03-13 23:05:12 1690624 ----a-w- C:\Windows\System32\GdiPlus.dll

2013-03-13 23:05:11 1437184 ----a-w- C:\Windows\SysWow64\GdiPlus.dll

2013-03-08 01:42:37 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin

.

==================== Find3M ====================

.

2013-04-02 01:20:57 17408 ----a-w- C:\Windows\System32\rpcnetp.exe

2013-03-31 16:02:26 69792 ----a-w- C:\Windows\SysWow64\rpcnet.dll

2013-03-31 16:02:21 17408 ------w- C:\Windows\SysWow64\rpcnetp.exe

2013-03-31 16:02:19 29336 ----a-w- C:\Windows\System32\wpbbin.exe

2013-03-31 02:41:40 1536 ----a-w- C:\Windows\SysWow64\RtkMsgs.dll

2013-03-29 20:51:51 69792 ------w- C:\Windows\SysWow64\rpcnet.exe

2013-03-15 04:16:18 3477280 ----a-w- C:\Windows\System32\nvsvc64.dll

2013-03-15 04:16:17 6398240 ----a-w- C:\Windows\System32\nvcpl.dll

2013-03-15 04:16:10 877856 ----a-w- C:\Windows\System32\nvvsvc.exe

2013-03-15 04:16:10 76064 ----a-w- C:\Windows\System32\nv3dappshextr.dll

2013-03-15 04:16:10 63776 ----a-w- C:\Windows\System32\nvshext.dll

2013-03-15 04:16:10 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll

2013-03-15 04:16:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll

2013-03-15 04:16:10 1016096 ----a-w- C:\Windows\System32\nv3dappshext.dll

2013-03-13 16:24:01 3065455 ----a-w- C:\Windows\System32\nvcoproc.bin

2013-03-05 23:07:25 78168 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-05 23:07:25 692568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-02-15 07:58:59 39936 ----a-w- C:\Windows\apppatch\apppatch64\acspecfc.dll

2013-02-15 06:35:40 444416 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 01:30:04 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll

2013-02-12 00:56:19 53760 ----a-w- C:\Windows\System32\UXInit.dll

2013-02-12 00:25:18 4041728 ----a-w- C:\Windows\System32\win32k.sys

2013-02-10 03:25:27 1807136 ----a-w- C:\Windows\System32\nvdispco6420294.dll

2013-02-10 03:25:27 1510176 ----a-w- C:\Windows\System32\nvdispgenco6420162.dll

2013-02-07 04:09:56 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys

2013-02-07 03:34:58 10115072 ----a-w- C:\Windows\System32\twinui.dll

2013-02-07 03:33:47 2302464 ----a-w- C:\Windows\System32\authui.dll

2013-02-07 03:33:42 2146816 ----a-w- C:\Windows\System32\actxprxy.dll

2013-02-07 01:34:00 8856576 ----a-w- C:\Windows\SysWow64\twinui.dll

2013-02-07 01:33:03 2033664 ----a-w- C:\Windows\SysWow64\authui.dll

2013-02-07 01:33:01 754176 ----a-w- C:\Windows\SysWow64\actxprxy.dll

2013-02-05 04:58:01 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-05 04:56:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-05 04:56:27 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-02-05 04:56:27 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-02-05 03:55:27 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-02-05 01:44:50 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll

2013-02-04 22:39:47 2246656 ----a-w- C:\Windows\System32\wininet.dll

2013-02-04 22:39:39 907776 ----a-w- C:\Windows\System32\uxtheme.dll

2013-02-04 22:38:55 3966464 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-04 22:38:53 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-02-02 11:19:44 496872 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2013-02-02 11:19:44 446184 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS

2013-02-02 11:19:41 329960 ----a-w- C:\Windows\System32\drivers\storport.sys

2013-02-02 11:19:33 61672 ----a-w- C:\Windows\System32\drivers\crashdmp.sys

2013-02-02 10:54:54 1933544 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-02-02 10:28:54 993512 ----a-w- C:\Windows\System32\drivers\ndis.sys

2013-02-02 10:28:54 2226408 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-02-02 09:42:07 2207232 ----a-w- C:\Windows\SysWow64\PrintConfig.dll

2013-02-02 08:40:58 375808 ----a-w- C:\Windows\SysWow64\wbem\WmiPrvSE.exe

2013-02-02 08:40:55 80896 ----a-w- C:\Windows\SysWow64\tasklist.exe

2013-02-02 08:40:55 79360 ----a-w- C:\Windows\SysWow64\taskkill.exe

2013-02-02 08:40:36 155136 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll

2013-02-02 08:40:35 370688 ----a-w- C:\Windows\SysWow64\WWanAPI.dll

2013-02-02 08:40:27 131072 ----a-w- C:\Windows\SysWow64\wbem\WmiDcPrv.dll

2013-02-02 08:40:26 410624 ----a-w- C:\Windows\SysWow64\wlroamextension.dll

2013-02-02 08:40:22 197632 ----a-w- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll

2013-02-02 08:40:22 10792448 ----a-w- C:\Windows\SysWow64\Windows.UI.Xaml.dll

2013-02-02 08:40:01 356352 ----a-w- C:\Windows\SysWow64\SettingSync.dll

2013-02-02 08:39:59 325632 ----a-w- C:\Windows\SysWow64\schannel.dll

2013-02-02 08:39:47 18432 ----a-w- C:\Windows\SysWow64\npmproxy.dll

2013-02-02 08:39:34 55296 ----a-w- C:\Windows\SysWow64\nlaapi.dll

2013-02-02 08:39:34 15872 ----a-w- C:\Windows\SysWow64\nlmproxy.dll

2013-02-02 08:39:34 12288 ----a-w- C:\Windows\SysWow64\nlmsprep.dll

2013-02-02 08:39:33 115712 ----a-w- C:\Windows\SysWow64\netprofm.dll

2013-02-02 08:39:28 5090816 ----a-w- C:\Windows\SysWow64\mstscax.dll

2013-02-02 08:39:15 157696 ----a-w- C:\Windows\SysWow64\mbsmsapi.dll

2013-02-02 08:38:54 567808 ----a-w- C:\Windows\SysWow64\duser.dll

2013-02-02 08:24:19 107520 ----a-w- C:\Windows\System32\taskkill.exe

2013-02-02 08:24:19 102400 ----a-w- C:\Windows\System32\tasklist.exe

2013-02-02 08:23:44 228352 ----a-w- C:\Windows\System32\XpsRasterService.dll

2013-02-02 08:23:43 475136 ----a-w- C:\Windows\System32\WWanAPI.dll

2013-02-02 08:23:37 611840 ----a-w- C:\Windows\System32\wpd_ci.dll

2013-02-02 08:23:37 105472 ----a-w- C:\Windows\System32\wpdbusenum.dll

2013-02-02 08:23:30 830464 ----a-w- C:\Windows\System32\wbem\WmiPrvSD.dll

2013-02-02 08:23:28 543232 ----a-w- C:\Windows\System32\wlroamextension.dll

2013-02-02 08:23:21 13643264 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll

2013-02-02 08:23:19 293376 ----a-w- C:\Windows\System32\Windows.Networking.Connectivity.dll

2013-02-02 08:23:18 731648 ----a-w- C:\Windows\System32\win32spl.dll

2013-02-02 08:23:16 87552 ----a-w- C:\Windows\System32\wersvc.dll

2013-02-02 08:22:28 448512 ----a-w- C:\Windows\System32\SettingSync.dll

2013-02-02 08:22:22 416256 ----a-w- C:\Windows\System32\schannel.dll

2013-02-02 08:21:45 467456 ----a-w- C:\Windows\System32\netprofmsvc.dll

2013-02-02 08:21:44 385024 ----a-w- C:\Windows\System32\ncsi.dll

2013-02-02 08:21:38 5977600 ----a-w- C:\Windows\System32\mstscax.dll

2013-02-02 08:21:10 225280 ----a-w- C:\Windows\System32\mbsmsapi.dll

2013-02-02 08:20:47 260096 ----a-w- C:\Windows\System32\hotspotauth.dll

2013-02-02 08:20:31 729600 ----a-w- C:\Windows\System32\duser.dll

2013-02-02 07:30:05 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-02 07:26:24 18432 ----a-w- C:\Windows\System32\drivers\BtaMPM.sys

2013-02-02 07:25:52 297984 ----a-w- C:\Windows\System32\drivers\ks.sys

2013-02-02 07:25:26 82944 ----a-w- C:\Windows\System32\drivers\hidclass.sys

2013-02-02 07:25:23 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys

2013-02-02 07:24:50 117632 ----a-w- C:\Windows\System32\drivers\BthA2DP.sys

2013-02-02 07:24:42 30720 ----a-w- C:\Windows\System32\drivers\BthHfAud.sys

2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe

2013-01-29 01:57:05 35232 ----a-w- C:\Windows\System32\drivers\WdBoot.sys

2013-01-28 23:08:22 230904 ----a-w- C:\Windows\System32\drivers\WdFilter.sys

2013-01-14 15:40:02 112128 ----a-w- C:\Windows\System32\SystemInfo.dll

2013-01-14 03:56:14 6967016 ----a-w- C:\Windows\System32\ntoskrnl.exe

.

============= FINISH: 23:41:02.99 ===============

mbam-log-2013-04-01 (22-37-06).txt

Edited by Maurice Naggar
Link to post
Share on other sites
ELVIS7

ELVIS7

Posted
  • Author
Posted

also note, since then (prior to mbam/dds) I used roguekiller and adwcleaner . they both found files, temp files, and registry keys, I selected the remove/clean/continue and they removed all they had found. would you like the logs for those two as well?

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Please understand that I require that you -not- run tools on your own, while I am helping you & until I give the all clear.

Doing things on your own will over-complicate things.

I need a copy of Attach.txt from the run of DDS. It should be on your desktop.

Also, do not attach logs {unless they are way too huge to fit inside a given reply} but do a copy all of contents and then Paste directly into the main body of reply box.

Yes, I need a copy of the roguekiller log & the AdwCleaner log so I can review.

You may use a separate reply for each individual log.

To show all files:

  • Press and hold Windows-key & then press R key to get the RUN menu.
  • Type in 
    explorer.exe

    and press Enter

  • When in Windows Explorer, press ALT-key then V key to get VIEW menu
  • Look at the top ribbon, right side. {the Show/Hide block}
  • Look at the line Hidden items. IF it has no checkmark, then Click the box one time so that it is checked.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the otlDesktopIcon.png icon (for Vista, or Windows 7 or 8 Right click the icon and Run as Administrator) to start the program.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Then copy/paste the following into your post (in order):
  • the contents of OTL.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Add Reply because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites
ELVIS7

ELVIS7

Posted
  • Author
Posted

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16519 BrowserJavaVersion: 10.9.2

Run by Elvis at 23:40:34 on 2013-04-01

Microsoft Windows 8 Pro with Media Center 6.2.9200.0.1252.2.1033.18.8071.5091 [GMT -4:00]

.

AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\dwm.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Windows\system32\AdminService.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Windows\system32\dashost.exe

C:\Windows\SysWOW64\irstrtsv.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Windows\SysWOW64\rpcnet.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Windows Defender\MsMpEng.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\system32\taskhostex.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\Synaptics\SynTP\DellTouchpad.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe

C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe

C:\Program Files (x86)\Stardock\ObjectDockPlus2\Dock64.exe

C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDockTray.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files\Zune\ZuneNss.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\MetaGeek\inSSIDer 3\inSSIDer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

C:\Windows\System32\RuntimeBroker.exe

C:\Windows\WinStore\WSHost.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Windows\notepad.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.ustart.org/

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [skyDrive] "C:\Users\Elvis\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background

uRun: [Rogers One Number] "C:\Program Files (x86)\Rogers\Rogers One Number\RogersOneNumber.exe" /startup

uRunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil64_11_6_602_168_Plugin.exe -update plugin

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [FAStartup] <no file>

StartupFolder: C:\Users\Elvis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab

TCP: NameServer = 192.168.1.7

TCP: Interfaces\{138FBE68-E408-4D0A-912C-AAF02AFA367A} : DHCPNameServer = 192.168.1.7

TCP: Interfaces\{138FBE68-E408-4D0A-912C-AAF02AFA367A}\34963736F61323238373 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{138FBE68-E408-4D0A-912C-AAF02AFA367A}\4456E6E69772370275962756C6563737 : DHCPNameServer = 10.0.1.1

TCP: Interfaces\{138FBE68-E408-4D0A-912C-AAF02AFA367A}\45865602741627C69636B602B496E676 : DHCPNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{138FBE68-E408-4D0A-912C-AAF02AFA367A}\5414 : DHCPNameServer = 192.168.1.7

TCP: Interfaces\{138FBE68-E408-4D0A-912C-AAF02AFA367A}\7594E444D2D4F62696C656D244130353D223242454 : DHCPNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{799B4C83-AB4E-4794-9AD0-5CE7A5164CA2} : DHCPNameServer = 192.168.1.7

TCP: Interfaces\{799B4C83-AB4E-4794-9AD0-5CE7A5164CA2}\5414 : DHCPNameServer = 192.168.1.7

TCP: Interfaces\{799B4C83-AB4E-4794-9AD0-5CE7A5164CA2}\541423 : DHCPNameServer = 192.168.1.7

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs= C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll, C:\Windows\SysWOW64\nvinit.dll

SSODL: WebCheck - <orphaned>

mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4

x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"

x64-Run: [DellWPF] C:\Program Files (x86)\Synaptics\SynTP\DellTouchpad.exe /hidegui

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe

x64-mPolicies-System: PromptOnSecureDesktop = dword:0

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

x64-STS: ObjectDockShlExt Class - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll

.

============= SERVICES / DRIVERS ===============

.

R0 gfibto;gfibto;C:\Windows\System32\Drivers\gfibto.sys [2013-3-24 14456]

R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-10-27 651832]

R0 nvpciflt;nvpciflt;C:\Windows\System32\Drivers\nvpciflt.sys [2013-3-26 30496]

R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\Drivers\stdcfltn.sys [2012-10-29 22168]

R1 nvkflt;nvkflt;C:\Windows\System32\Drivers\nvkflt.sys [2013-3-26 284448]

R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\Windows\System32\Drivers\SABI.sys [2012-10-30 13824]

R2 AbsoluteNotifier;Absolute Notifier;C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2011-5-10 10920]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-10-30 98208]

R2 AtherosSvc;AtherosSvc;C:\Windows\System32\AdminService.exe [2012-8-29 208384]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-10-29 14904]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-10-30 2445968]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]

R2 irstrtsv;Intel® Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2012-11-2 193576]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-10-29 165760]

R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2012-10-30 201360]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-10-29 364416]

R3 akw8x64;Killer Wireless-N 1102 device driver;C:\Windows\System32\Drivers\akw8x64.sys [2012-11-8 3203440]

R3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2012-8-29 565760]

R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]

R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-1-10 169752]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-6-19 342528]

R3 irstrtdv;Intel® Rapid Start Technology Driver;C:\Windows\System32\Drivers\irstrtdv.sys [2012-11-2 43800]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\Drivers\RtsPStor.sys [2012-3-29 339600]

R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-3-30 723088]

R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2013-1-10 31032]

R3 ST_ACCEL;STMicroelectronics Accelerometer Service;C:\Windows\System32\Drivers\ST_Accel.sys [2012-10-29 71832]

R3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2012-11-16 23552]

S2 PRTGProbeService;PRTG Probe Service;"C:\Program Files (x86)\PRTG Network Monitor\PRTG Probe.exe" --> C:\Program Files (x86)\PRTG Network Monitor\PRTG Probe.exe [?]

S2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;"C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe" --> C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [?]

S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\Drivers\AmpPal.sys [2012-9-13 162344]

S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2013-3-19 88728]

S3 BthA2DP;Bluetooth Stereo;C:\Windows\System32\Drivers\BthA2DP.sys [2013-3-13 117632]

S3 BthHFAud;Bluetooth Hands-Free;C:\Windows\System32\Drivers\BthHfAud.sys [2013-3-13 30720]

S3 BthHFSrv;Bluetooth Handsfree Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2012-10-30 29696]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2012-9-19 102368]

S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\Drivers\facap.sys [2008-9-24 238848]

S3 GenericMount;Generic Mount Driver;C:\Windows\System32\Drivers\GenericMount.sys [2009-9-21 66608]

S3 iscFlash;iscFlash;C:\Users\Elvis\AppData\Local\Temp\7zS1F6A.tmp\iscflashx64.sys [2013-1-10 58464]

S3 NETwNe64;@oem35.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\Windows\System32\Drivers\NETwew00.sys [2012-10-10 4309032]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2012-9-19 203104]

S3 SymSnapService;SymSnapService;"C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe" --> C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-7-9 52736]

S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\Drivers\wdcsam64.sys [2008-5-6 14464]

S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]

S3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;C:\Windows\System32\Drivers\xusb22.sys [2012-7-25 89088]

S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]

S4 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe --> C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [?]

.

=============== Created Last 30 ================

.

2013-04-02 03:09:00 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E1477ECF-4C20-4B26-B0E1-36B21020E782}\offreg.dll

2013-04-02 01:22:30 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E1477ECF-4C20-4B26-B0E1-36B21020E782}\mpengine.dll

2013-04-01 07:09:29 -------- d-----w- C:\Users\Elvis\AppData\Local\MetaGeek,_LLC

2013-04-01 07:09:29 -------- d-----w- C:\Users\Elvis\AppData\Local\IsolatedStorage

2013-04-01 07:09:23 -------- d-----w- C:\Program Files (x86)\MetaGeek

2013-04-01 05:00:03 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2013-03-31 02:45:07 -------- d-----w- C:\Windows\LastGood.Tmp

2013-03-31 02:44:23 74344 ----a-w- C:\Windows\System32\RtNicProp64.dll

2013-03-31 02:44:23 723088 ----a-w- C:\Windows\System32\drivers\Rt630x64.sys

2013-03-31 02:37:40 -------- d-----w- C:\Program Files\Dell

2013-03-30 01:37:08 17408 ----a-w- C:\Windows\SysWow64\rpcnetp.dll

2013-03-28 11:44:46 187152 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10197.bin

2013-03-26 05:40:30 873448 ----a-w- C:\Program Files\Windows Defender\MpClient.dll

2013-03-25 03:36:21 -------- d-----w- C:\Users\Elvis\AppData\Roaming\Malwarebytes

2013-03-25 03:35:28 -------- d-----w- C:\ProgramData\Malwarebytes

2013-03-25 03:35:25 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-25 03:35:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-03-25 01:07:27 -------- d-----w- C:\Program Files (x86)\MSECache

2013-03-25 00:56:18 -------- d-----w- C:\Users\Elvis\AppData\Roaming\LavasoftStatistics

2013-03-25 00:53:59 -------- d-----w- C:\ProgramData\Downloaded Installations

2013-03-25 00:53:45 -------- d-----w- C:\Program Files (x86)\adawaretb

2013-03-25 00:53:41 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner

2013-03-25 00:52:13 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys

2013-03-22 03:43:44 -------- d-----w- C:\Program Files\iPod

2013-03-22 03:43:43 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-03-22 03:43:43 -------- d-----w- C:\Program Files\iTunes

2013-03-22 03:43:43 -------- d-----w- C:\Program Files (x86)\iTunes

2013-03-21 18:26:58 20992 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-03-19 23:32:43 88728 ----a-w- C:\Windows\System32\drivers\btath_flt.sys

2013-03-19 21:38:42 1122664 ----a-w- C:\Windows\System32\wdfcoinstaller01009.dll

2013-03-15 02:07:52 559904 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2013-03-14 01:31:53 468992 ----a-w- C:\Windows\System32\MFMediaEngine.dll

2013-03-14 01:31:53 361984 ----a-w- C:\Windows\SysWow64\MFMediaEngine.dll

2013-03-14 00:25:29 622080 ----a-w- C:\Windows\System32\drivers\srv2.sys

2013-03-14 00:25:29 370688 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2013-03-14 00:25:29 247808 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2013-03-14 00:25:29 215552 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2013-03-13 23:05:12 1690624 ----a-w- C:\Windows\System32\GdiPlus.dll

2013-03-13 23:05:11 1437184 ----a-w- C:\Windows\SysWow64\GdiPlus.dll

2013-03-08 01:42:37 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin

.

==================== Find3M ====================

.

2013-04-02 01:20:57 17408 ----a-w- C:\Windows\System32\rpcnetp.exe

2013-03-31 16:02:26 69792 ----a-w- C:\Windows\SysWow64\rpcnet.dll

2013-03-31 16:02:21 17408 ------w- C:\Windows\SysWow64\rpcnetp.exe

2013-03-31 16:02:19 29336 ----a-w- C:\Windows\System32\wpbbin.exe

2013-03-31 02:41:40 1536 ----a-w- C:\Windows\SysWow64\RtkMsgs.dll

2013-03-29 20:51:51 69792 ------w- C:\Windows\SysWow64\rpcnet.exe

2013-03-15 04:16:18 3477280 ----a-w- C:\Windows\System32\nvsvc64.dll

2013-03-15 04:16:17 6398240 ----a-w- C:\Windows\System32\nvcpl.dll

2013-03-15 04:16:10 877856 ----a-w- C:\Windows\System32\nvvsvc.exe

2013-03-15 04:16:10 76064 ----a-w- C:\Windows\System32\nv3dappshextr.dll

2013-03-15 04:16:10 63776 ----a-w- C:\Windows\System32\nvshext.dll

2013-03-15 04:16:10 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll

2013-03-15 04:16:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll

2013-03-15 04:16:10 1016096 ----a-w- C:\Windows\System32\nv3dappshext.dll

2013-03-13 16:24:01 3065455 ----a-w- C:\Windows\System32\nvcoproc.bin

2013-03-05 23:07:25 78168 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-05 23:07:25 692568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-02-15 07:58:59 39936 ----a-w- C:\Windows\apppatch\apppatch64\acspecfc.dll

2013-02-15 06:35:40 444416 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 01:30:04 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll

2013-02-12 00:56:19 53760 ----a-w- C:\Windows\System32\UXInit.dll

2013-02-12 00:25:18 4041728 ----a-w- C:\Windows\System32\win32k.sys

2013-02-10 03:25:27 1807136 ----a-w- C:\Windows\System32\nvdispco6420294.dll

2013-02-10 03:25:27 1510176 ----a-w- C:\Windows\System32\nvdispgenco6420162.dll

2013-02-07 04:09:56 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys

2013-02-07 03:34:58 10115072 ----a-w- C:\Windows\System32\twinui.dll

2013-02-07 03:33:47 2302464 ----a-w- C:\Windows\System32\authui.dll

2013-02-07 03:33:42 2146816 ----a-w- C:\Windows\System32\actxprxy.dll

2013-02-07 01:34:00 8856576 ----a-w- C:\Windows\SysWow64\twinui.dll

2013-02-07 01:33:03 2033664 ----a-w- C:\Windows\SysWow64\authui.dll

2013-02-07 01:33:01 754176 ----a-w- C:\Windows\SysWow64\actxprxy.dll

2013-02-05 04:58:01 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-05 04:56:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-05 04:56:27 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-02-05 04:56:27 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-02-05 03:55:27 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-02-05 01:44:50 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll

2013-02-04 22:39:47 2246656 ----a-w- C:\Windows\System32\wininet.dll

2013-02-04 22:39:39 907776 ----a-w- C:\Windows\System32\uxtheme.dll

2013-02-04 22:38:55 3966464 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-04 22:38:53 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-02-02 11:19:44 496872 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2013-02-02 11:19:44 446184 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS

2013-02-02 11:19:41 329960 ----a-w- C:\Windows\System32\drivers\storport.sys

2013-02-02 11:19:33 61672 ----a-w- C:\Windows\System32\drivers\crashdmp.sys

2013-02-02 10:54:54 1933544 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-02-02 10:28:54 993512 ----a-w- C:\Windows\System32\drivers\ndis.sys

2013-02-02 10:28:54 2226408 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-02-02 09:42:07 2207232 ----a-w- C:\Windows\SysWow64\PrintConfig.dll

2013-02-02 08:40:58 375808 ----a-w- C:\Windows\SysWow64\wbem\WmiPrvSE.exe

2013-02-02 08:40:55 80896 ----a-w- C:\Windows\SysWow64\tasklist.exe

2013-02-02 08:40:55 79360 ----a-w- C:\Windows\SysWow64\taskkill.exe

2013-02-02 08:40:36 155136 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll

2013-02-02 08:40:35 370688 ----a-w- C:\Windows\SysWow64\WWanAPI.dll

2013-02-02 08:40:27 131072 ----a-w- C:\Windows\SysWow64\wbem\WmiDcPrv.dll

2013-02-02 08:40:26 410624 ----a-w- C:\Windows\SysWow64\wlroamextension.dll

2013-02-02 08:40:22 197632 ----a-w- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll

2013-02-02 08:40:22 10792448 ----a-w- C:\Windows\SysWow64\Windows.UI.Xaml.dll

2013-02-02 08:40:01 356352 ----a-w- C:\Windows\SysWow64\SettingSync.dll

2013-02-02 08:39:59 325632 ----a-w- C:\Windows\SysWow64\schannel.dll

2013-02-02 08:39:47 18432 ----a-w- C:\Windows\SysWow64\npmproxy.dll

2013-02-02 08:39:34 55296 ----a-w- C:\Windows\SysWow64\nlaapi.dll

2013-02-02 08:39:34 15872 ----a-w- C:\Windows\SysWow64\nlmproxy.dll

2013-02-02 08:39:34 12288 ----a-w- C:\Windows\SysWow64\nlmsprep.dll

2013-02-02 08:39:33 115712 ----a-w- C:\Windows\SysWow64\netprofm.dll

2013-02-02 08:39:28 5090816 ----a-w- C:\Windows\SysWow64\mstscax.dll

2013-02-02 08:39:15 157696 ----a-w- C:\Windows\SysWow64\mbsmsapi.dll

2013-02-02 08:38:54 567808 ----a-w- C:\Windows\SysWow64\duser.dll

2013-02-02 08:24:19 107520 ----a-w- C:\Windows\System32\taskkill.exe

2013-02-02 08:24:19 102400 ----a-w- C:\Windows\System32\tasklist.exe

2013-02-02 08:23:44 228352 ----a-w- C:\Windows\System32\XpsRasterService.dll

2013-02-02 08:23:43 475136 ----a-w- C:\Windows\System32\WWanAPI.dll

2013-02-02 08:23:37 611840 ----a-w- C:\Windows\System32\wpd_ci.dll

2013-02-02 08:23:37 105472 ----a-w- C:\Windows\System32\wpdbusenum.dll

2013-02-02 08:23:30 830464 ----a-w- C:\Windows\System32\wbem\WmiPrvSD.dll

2013-02-02 08:23:28 543232 ----a-w- C:\Windows\System32\wlroamextension.dll

2013-02-02 08:23:21 13643264 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll

2013-02-02 08:23:19 293376 ----a-w- C:\Windows\System32\Windows.Networking.Connectivity.dll

2013-02-02 08:23:18 731648 ----a-w- C:\Windows\System32\win32spl.dll

2013-02-02 08:23:16 87552 ----a-w- C:\Windows\System32\wersvc.dll

2013-02-02 08:22:28 448512 ----a-w- C:\Windows\System32\SettingSync.dll

2013-02-02 08:22:22 416256 ----a-w- C:\Windows\System32\schannel.dll

2013-02-02 08:21:45 467456 ----a-w- C:\Windows\System32\netprofmsvc.dll

2013-02-02 08:21:44 385024 ----a-w- C:\Windows\System32\ncsi.dll

2013-02-02 08:21:38 5977600 ----a-w- C:\Windows\System32\mstscax.dll

2013-02-02 08:21:10 225280 ----a-w- C:\Windows\System32\mbsmsapi.dll

2013-02-02 08:20:47 260096 ----a-w- C:\Windows\System32\hotspotauth.dll

2013-02-02 08:20:31 729600 ----a-w- C:\Windows\System32\duser.dll

2013-02-02 07:30:05 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-02 07:26:24 18432 ----a-w- C:\Windows\System32\drivers\BtaMPM.sys

2013-02-02 07:25:52 297984 ----a-w- C:\Windows\System32\drivers\ks.sys

2013-02-02 07:25:26 82944 ----a-w- C:\Windows\System32\drivers\hidclass.sys

2013-02-02 07:25:23 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys

2013-02-02 07:24:50 117632 ----a-w- C:\Windows\System32\drivers\BthA2DP.sys

2013-02-02 07:24:42 30720 ----a-w- C:\Windows\System32\drivers\BthHfAud.sys

2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe

2013-01-29 01:57:05 35232 ----a-w- C:\Windows\System32\drivers\WdBoot.sys

2013-01-28 23:08:22 230904 ----a-w- C:\Windows\System32\drivers\WdFilter.sys

2013-01-14 15:40:02 112128 ----a-w- C:\Windows\System32\SystemInfo.dll

2013-01-14 03:56:14 6967016 ----a-w- C:\Windows\System32\ntoskrnl.exe

.

============= FINISH: 23:41:02.99 ===============

Link to post
Share on other sites
ELVIS7

ELVIS7

Posted
  • Author
Posted

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version

Started in : Normal mode

User : Elvis [Admin rights]

Mode : Scan -- Date : 03/30/2013 03:20:17

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : Adobe CSx Manager (C:\Users\Elvis\AppData\Roaming\50ab9388-c7e1-4b6c-aa2f-98d6a44c1d4aad\abcebcaafdacdaad.exe) [x] -> FOUND

[RUN][sUSP PATH] HKCU\[...]\Run : Pumeqiweut (C:\Users\Elvis\AppData\Roaming\Edul\iqewi.exe) [x] -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-2445134525-547576882-1556999920-1001[...]\Run : Adobe CSx Manager (C:\Users\Elvis\AppData\Roaming\50ab9388-c7e1-4b6c-aa2f-98d6a44c1d4aad\abcebcaafdacdaad.exe) [x] -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-2445134525-547576882-1556999920-1001[...]\Run : Pumeqiweut (C:\Users\Elvis\AppData\Roaming\Edul\iqewi.exe) [x] -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9750420AS +++++

--- User ---

[MBR] d72ac6358a83a1809d69b0a85a10d888

[bSP] 825a45dab5bae1a50a8b1133826f576e : Empty MBR Code

Partition table:

0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive1: SAMSUNG SSD PM8 +++++

--- User ---

[MBR] f8658f2cec2f8e0c87b6121d33d5036b

[bSP] a332f4f151a5ad199d78973f4faf8e72 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] OS/2-HIBER (0x84) [HIDDEN!] Offset (sectors): 206848 | Size: 8192 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1]_S_03302013_02d0320.txt >>

RKreport[1]_S_03302013_02d0320.txt

Link to post
Share on other sites
ELVIS7

ELVIS7

Posted
  • Author
Posted

OTL logfile created on: 2013-04-03 1:38:02 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Elvis\Downloads

64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16519)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd

7.88 Gb Total Physical Memory | 6.25 Gb Available Physical Memory | 79.29% Memory free

9.07 Gb Paging File | 7.23 Gb Available in Paging File | 79.71% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 698.12 Gb Total Space | 366.19 Gb Free Space | 52.45% Space Free | Partition Type: NTFS

Drive D: | 100.00 Mb Total Space | 68.09 Mb Free Space | 68.09% Space Free | Partition Type: NTFS

Computer Name: ETERNITY | User Name: Elvis | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-04-03 01:36:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Elvis\Downloads\OTL.exe

PRC - [2013-03-29 16:51:51 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe

PRC - [2013-03-15 01:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2013-03-14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012-12-17 17:14:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

PRC - [2012-09-01 21:07:22 | 000,285,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2012-09-01 21:07:22 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2012-07-28 22:22:32 | 000,193,576 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exe

PRC - [2012-07-28 22:22:30 | 000,708,648 | ---- | M] (Intel) -- C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe

PRC - [2012-07-20 00:34:50 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2012-07-20 00:34:48 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2012-07-20 00:34:24 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

PRC - [2012-04-24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

PRC - [2011-09-05 22:02:20 | 000,140,456 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe

PRC - [2011-05-10 14:37:32 | 000,010,920 | ---- | M] (Absolute Software) -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe

PRC - [2011-05-10 14:37:30 | 000,085,672 | ---- | M] (Absolute Software) -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe

PRC - [2010-10-12 10:04:20 | 004,142,448 | ---- | M] (Stardock) -- C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe

========== Modules (No Company Name) ==========

MOD - [2013-02-21 17:13:03 | 000,366,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\1a2488b08400b3527fc0153fecbacf49\IAStorUtil.ni.dll

MOD - [2013-02-21 17:11:46 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\9c568999a0acf1b64d580553fe3b11f3\System.Web.Services.ni.dll

MOD - [2013-02-21 01:43:57 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65220f0f32ec84454f9a811fba883c2e\System.Windows.Forms.ni.dll

MOD - [2013-02-21 01:43:43 | 012,700,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9c95779cc3d65cda80695cabc367476b\System.Windows.Forms.ni.dll

MOD - [2013-02-01 16:11:08 | 002,959,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\500a5dd33bb40326f8ca43e385513ec2\System.IdentityModel.ni.dll

MOD - [2013-02-01 16:11:06 | 000,029,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\1d3541ab8cf202fb41bc2096ae745aa3\IAStorDataMgrSvcInterfaces.ni.dll

MOD - [2013-02-01 16:11:05 | 000,026,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\70055c8d4365c5b72194e19d03d3bec9\IAStorCommon.ni.dll

MOD - [2013-02-01 16:10:49 | 000,121,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\89cc9825811c2121acd4e2e12c0ef044\SMDiagnostics.ni.dll

MOD - [2013-02-01 16:10:48 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\9a4fc56833542881e7e451a099562655\System.ServiceModel.Internals.ni.dll

MOD - [2013-02-01 16:10:20 | 001,075,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\07e482b2b9035605233f2cb72408d6b1\System.ServiceModel.Web.ni.dll

MOD - [2013-02-01 16:07:34 | 007,561,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e1ec8b9a6d4f9af9d6065c4187fb1b5f\System.Xml.ni.dll

MOD - [2013-02-01 16:07:22 | 019,536,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\115fb9d1fa2cbda89742b1c2a0631396\System.ServiceModel.ni.dll

MOD - [2013-02-01 16:07:12 | 002,786,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\cf7db4fae047127374f220b4f59bea45\System.Runtime.Serialization.ni.dll

MOD - [2013-02-01 16:07:09 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\38638a559066bf7f2325a53ed53629bc\System.Drawing.ni.dll

MOD - [2013-02-01 16:07:04 | 000,958,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\05cc6faa6704d01e78700561b22937e3\System.Configuration.ni.dll

MOD - [2013-02-01 16:06:47 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\0247de206c1c48ac4f8b55df16468405\System.Core.ni.dll

MOD - [2013-02-01 16:06:43 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a7811936e59aaee26b1d9d467174d6d4\System.ni.dll

MOD - [2013-02-01 16:06:38 | 016,544,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\374a0cc6603f58864831897ef723bd4a\mscorlib.ni.dll

MOD - [2013-01-10 04:52:01 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\38b47b5452863bcadb6b731fe6c5198f\CustomMarshalers.ni.dll

MOD - [2013-01-10 04:51:56 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fb048f69c5b71baf063604bd1724b078\System.Core.ni.dll

MOD - [2013-01-10 04:51:46 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e2f7dbe3bf08df200a4cdcf2e0eb82fa\System.Runtime.Remoting.ni.dll

MOD - [2013-01-10 04:51:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cf561d65486360afb324d26c80b9aac2\System.Configuration.ni.dll

MOD - [2013-01-10 04:46:16 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ae31f7dc9817e359d05c9c8efdd5f359\System.Xml.ni.dll

MOD - [2013-01-10 04:46:07 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll

MOD - [2013-01-10 04:45:35 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll

MOD - [2013-01-10 04:45:31 | 011,494,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll

MOD - [2012-11-01 14:31:26 | 000,807,936 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockPlus2\CrashRpt.dll

MOD - [2012-10-08 14:42:56 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll

MOD - [2012-08-27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012-08-27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2012-07-05 22:01:07 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

MOD - [2010-09-30 21:50:23 | 000,675,840 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockPlus2\DockShellHook.dll

MOD - [2010-03-09 17:58:30 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockPlus2\zlib.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013-02-02 04:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)

SRV:64bit: - [2013-01-28 21:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV:64bit: - [2013-01-09 19:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)

SRV:64bit: - [2013-01-09 19:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)

SRV:64bit: - [2012-12-06 00:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)

SRV:64bit: - [2012-12-06 00:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)

SRV:64bit: - [2012-11-06 00:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)

SRV:64bit: - [2012-11-06 00:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)

SRV:64bit: - [2012-10-08 10:29:14 | 000,201,360 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)

SRV:64bit: - [2012-10-08 10:29:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)

SRV:64bit: - [2012-09-24 23:08:16 | 000,490,496 | ---- | M] () [Auto | Running] -- C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe -- (Qualcomm Atheros Killer Service)

SRV:64bit: - [2012-09-20 05:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)

SRV:64bit: - [2012-09-20 02:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)

SRV:64bit: - [2012-09-20 02:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)

SRV:64bit: - [2012-07-25 23:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)

SRV:64bit: - [2012-07-25 23:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)

SRV:64bit: - [2012-07-25 23:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)

SRV:64bit: - [2012-07-25 23:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)

SRV:64bit: - [2012-07-25 23:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)

SRV:64bit: - [2012-07-25 23:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)

SRV:64bit: - [2012-07-25 23:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)

SRV:64bit: - [2012-07-25 23:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)

SRV:64bit: - [2012-07-25 23:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)

SRV:64bit: - [2012-07-25 23:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)

SRV:64bit: - [2012-07-25 23:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)

SRV:64bit: - [2012-07-25 23:05:12 | 000,331,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)

SRV:64bit: - [2012-07-25 23:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)

SRV:64bit: - [2012-07-25 23:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2012-07-25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)

SRV:64bit: - [2012-07-25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)

SRV:64bit: - [2012-07-25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)

SRV:64bit: - [2012-07-25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)

SRV:64bit: - [2012-07-25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)

SRV:64bit: - [2012-07-25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)

SRV:64bit: - [2012-04-20 17:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®

SRV:64bit: - [2011-08-05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)

SRV:64bit: - [2011-08-05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)

SRV:64bit: - [2011-08-05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)

SRV - [2013-03-29 16:51:51 | 000,069,792 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet)

SRV - [2013-03-15 01:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2013-03-14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012-12-28 14:14:40 | 000,277,640 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2012-11-06 00:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)

SRV - [2012-09-23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012-09-01 21:07:22 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2012-08-10 18:28:14 | 000,211,584 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)

SRV - [2012-07-28 22:22:32 | 000,193,576 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv)

SRV - [2012-07-25 23:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)

SRV - [2012-07-20 00:34:50 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2012-07-20 00:34:48 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2012-07-20 00:34:24 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)

SRV - [2012-07-13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)

SRV - [2012-05-29 18:09:22 | 002,445,968 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)

SRV - [2012-04-24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)

SRV - [2011-09-05 22:02:20 | 000,140,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)

SRV - [2011-05-10 14:37:32 | 000,010,920 | ---- | M] (Absolute Software) [Auto | Running] -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe -- (AbsoluteNotifier)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013-03-24 20:52:12 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\gfibto.sys -- (gfibto)

DRV:64bit: - [2013-03-15 01:53:06 | 000,284,448 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\nvkflt.sys -- (nvkflt)

DRV:64bit: - [2013-03-15 01:53:06 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt)

DRV:64bit: - [2013-02-07 00:09:56 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)

DRV:64bit: - [2013-02-02 07:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)

DRV:64bit: - [2013-02-02 03:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)

DRV:64bit: - [2013-02-02 03:24:50 | 000,117,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthA2DP.sys -- (BthA2DP)

DRV:64bit: - [2013-02-02 03:24:42 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthHfAud.sys -- (BthHFAud)

DRV:64bit: - [2013-01-28 21:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)

DRV:64bit: - [2013-01-28 19:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)

DRV:64bit: - [2013-01-28 13:03:04 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020200}_0)

DRV:64bit: - [2013-01-09 21:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)

DRV:64bit: - [2013-01-09 21:39:29 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2012-12-12 17:42:28 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2012-11-26 23:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)

DRV:64bit: - [2012-11-20 00:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)

DRV:64bit: - [2012-11-09 21:47:36 | 000,462,136 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2012-11-09 21:47:36 | 000,031,032 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)

DRV:64bit: - [2012-11-08 16:01:18 | 003,203,440 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\akw8x64.sys -- (akw8x64)

DRV:64bit: - [2012-11-05 23:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)

DRV:64bit: - [2012-10-27 00:12:10 | 000,651,832 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)

DRV:64bit: - [2012-10-24 16:48:32 | 000,723,088 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)

DRV:64bit: - [2012-10-12 04:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012-10-11 03:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)

DRV:64bit: - [2012-10-11 03:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)

DRV:64bit: - [2012-10-11 01:19:44 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WSDScan.sys -- (WSDScan)

DRV:64bit: - [2012-10-10 11:18:16 | 004,309,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwew00.sys -- (NETwNe64)

DRV:64bit: - [2012-09-24 23:09:26 | 000,074,096 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\bwcW8x64.sys -- (BfLwf)

DRV:64bit: - [2012-09-20 03:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)

DRV:64bit: - [2012-09-20 03:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)

DRV:64bit: - [2012-09-20 03:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)

DRV:64bit: - [2012-09-20 03:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2012-09-20 03:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2012-09-20 03:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)

DRV:64bit: - [2012-09-19 11:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudbus.sys -- (dg_ssudbus)

DRV:64bit: - [2012-09-19 11:02:06 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudmdm.sys -- (ssudmdm)

DRV:64bit: - [2012-09-13 04:35:08 | 000,162,344 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPAL)

DRV:64bit: - [2012-08-10 18:09:46 | 000,567,808 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btfilter.sys -- (BtFilter)

DRV:64bit: - [2012-08-10 18:09:44 | 000,135,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_rcp.sys -- (BTATH_RCP)

DRV:64bit: - [2012-08-10 18:09:42 | 000,178,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_hcrp.sys -- (BTATH_HCRP)

DRV:64bit: - [2012-08-10 18:09:42 | 000,076,952 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_lwflt.sys -- (BTATH_LWFLT)

DRV:64bit: - [2012-08-10 18:09:40 | 000,344,216 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_a2dp.sys -- (BTATH_A2DP)

DRV:64bit: - [2012-08-10 18:09:40 | 000,114,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_avdt.sys -- (btath_avdt)

DRV:64bit: - [2012-08-10 18:09:40 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS)

DRV:64bit: - [2012-08-10 08:39:42 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_flt.sys -- (AthBTPort)

DRV:64bit: - [2012-07-28 22:22:28 | 000,043,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\irstrtdv.sys -- (irstrtdv)

DRV:64bit: - [2012-07-26 01:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012-07-26 01:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)

DRV:64bit: - [2012-07-26 01:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)

DRV:64bit: - [2012-07-26 01:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)

DRV:64bit: - [2012-07-26 01:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)

DRV:64bit: - [2012-07-26 01:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)

DRV:64bit: - [2012-07-26 01:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)

DRV:64bit: - [2012-07-26 01:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)

DRV:64bit: - [2012-07-26 01:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)

DRV:64bit: - [2012-07-26 01:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2012-07-26 01:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2012-07-26 01:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)

DRV:64bit: - [2012-07-26 01:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2012-07-26 01:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)

DRV:64bit: - [2012-07-26 01:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)

DRV:64bit: - [2012-07-26 01:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2012-07-26 01:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)

DRV:64bit: - [2012-07-26 01:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2012-07-26 01:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2012-07-26 00:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)

DRV:64bit: - [2012-07-26 00:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)

DRV:64bit: - [2012-07-26 00:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)

DRV:64bit: - [2012-07-25 23:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)

DRV:64bit: - [2012-07-25 22:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2012-07-25 22:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)

DRV:64bit: - [2012-07-25 22:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)

DRV:64bit: - [2012-07-25 22:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)

DRV:64bit: - [2012-07-25 22:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)

DRV:64bit: - [2012-07-25 22:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)

DRV:64bit: - [2012-07-25 22:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)

DRV:64bit: - [2012-07-25 22:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)

DRV:64bit: - [2012-07-25 22:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)

DRV:64bit: - [2012-07-25 22:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)

DRV:64bit: - [2012-07-25 22:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)

DRV:64bit: - [2012-07-25 22:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)

DRV:64bit: - [2012-07-25 22:26:57 | 000,089,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\xusb22.sys -- (xusb22)

DRV:64bit: - [2012-07-25 22:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)

DRV:64bit: - [2012-07-25 22:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)

DRV:64bit: - [2012-07-25 22:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012-07-25 22:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)

DRV:64bit: - [2012-07-25 22:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2012-07-25 22:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012-07-25 22:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)

DRV:64bit: - [2012-07-25 22:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)

DRV:64bit: - [2012-07-25 22:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)

DRV:64bit: - [2012-07-25 22:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)

DRV:64bit: - [2012-07-25 22:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)

DRV:64bit: - [2012-07-25 22:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)

DRV:64bit: - [2012-07-25 22:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)

DRV:64bit: - [2012-07-25 22:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)

DRV:64bit: - [2012-07-25 22:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)

DRV:64bit: - [2012-07-20 13:04:30 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2012-07-13 19:31:18 | 000,022,168 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\stdcfltn.sys -- (stdcfltn)

DRV:64bit: - [2012-07-13 19:31:00 | 000,071,832 | ---- | M] (STMicroelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ST_Accel.sys -- (ST_ACCEL)

DRV:64bit: - [2012-07-09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012-07-03 11:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2012-06-19 08:40:52 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2012-06-13 21:23:58 | 000,339,600 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsPStor.sys -- (RSPCIESTOR)

DRV:64bit: - [2012-03-12 14:06:46 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Netwsw00.sys -- (NETwNs64)

DRV:64bit: - [2011-09-22 17:39:44 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\SABI.sys -- (SABI)

DRV:64bit: - [2010-02-12 08:10:12 | 000,066,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\GenericMount.sys -- (GenericMount)

DRV:64bit: - [2009-05-18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008-09-24 19:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\facap.sys -- (FACAP)

DRV:64bit: - [2008-05-06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wdcsam64.sys -- (WDC_SAM)

DRV - [2012-07-12 08:27:50 | 000,058,464 | ---- | M] (Insyde Software) [Kernel | On_Demand | Stopped] -- C:\Users\Elvis\AppData\Local\Temp\7zS1F6A.tmp\iscflashx64.sys -- (iscFlash)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.ca.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA,en;q=0.5

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 22 77 FC 48 90 2E CE 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {418A4C5E-1277-4285-BC36-FEDA34FBDBE0}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKCU\..\SearchScopes\{418A4C5E-1277-4285-BC36-FEDA34FBDBE0}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\rogers.com/firehorn: C:\Program Files (x86)\Rogers\Rogers One Number\npRogersOneNumber.dll (Rogers)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 16.0.1\extensions\\Components: C:\Program Files (x86)\Waterfox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Waterfox\plugins

[2012-11-01 10:22:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elvis\AppData\Roaming\mozilla\Extensions

[2013-03-30 14:59:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elvis\AppData\Roaming\mozilla\Firefox\Profiles\tc84pkw5.default\extensions

[2012-12-04 19:37:07 | 000,001,879 | ---- | M] () (No name found) -- C:\Users\Elvis\AppData\Roaming\mozilla\firefox\profiles\tc84pkw5.default\extensions\iseekdeal@iseekdeal.com.xpi

O1 HOSTS File: ([2012-07-26 01:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts

O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4:64bit: - HKLM..\Run: [btTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros)

O4:64bit: - HKLM..\Run: [btvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Qualcomm Atheros Commnucations)

O4:64bit: - HKLM..\Run: [DellWPF] C:\Program Files\Synaptics\SynTP\DellTouchpad.exe ()

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Absolute Notifier] C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe (Absolute Software)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)

O4 - HKLM..\Run: [FAStartup] File not found

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)

O4 - HKLM..\Run: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)

O4 - HKCU..\Run: [Rogers One Number] C:\Program Files (x86)\Rogers\Rogers One Number\RogersOneNumber.exe (Rogers)

O4 - HKCU..\Run: [skyDrive] C:\Users\Elvis\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Elvis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe (Stardock)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1

O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab (SysInfo Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.7

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{138FBE68-E408-4D0A-912C-AAF02AFA367A}: DhcpNameServer = 192.168.1.7

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{799B4C83-AB4E-4794-9AD0-5CE7A5164CA2}: DhcpNameServer = 192.168.1.7

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL) - File not found

O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll) - File not found

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O22:64bit: - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll (Stardock)

O30 - LSA: Security Packages - (livessp) - File not found

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{a762a8de-225e-11e2-be70-c4850896303d}\Shell - "" = AutoRun

O33 - MountPoints2\{a762a8de-225e-11e2-be70-c4850896303d}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true

O33 - MountPoints2\{d712df9c-6da2-11e2-bebb-d4bed96d3d91}\Shell - "" = AutoRun

O33 - MountPoints2\{d712df9c-6da2-11e2-bebb-d4bed96d3d91}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013-04-02 16:32:07 | 000,000,000 | R--D | C] -- C:\Users\Elvis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

[2013-04-02 16:30:53 | 000,000,000 | ---D | C] -- C:\Users\Elvis\AppData\Roaming\50ab9388-c7e1-4b6c-aa2f-98d6a44c1d4aad

[2013-04-02 01:27:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros

[2013-04-02 01:27:47 | 000,000,000 | ---D | C] -- C:\Users\Elvis\AppData\Roaming\Atheros

[2013-04-02 01:24:35 | 000,000,000 | ---D | C] -- C:\Windows\LastGood

[2013-04-02 01:24:31 | 000,135,832 | ---- | C] (Qualcomm Atheros) -- C:\Windows\SysNative\drivers\btath_rcp.sys

[2013-04-02 01:24:31 | 000,076,952 | ---- | C] (Qualcomm Atheros) -- C:\Windows\SysNative\drivers\btath_lwflt.sys

[2013-04-02 01:24:30 | 000,178,840 | ---- | C] (Qualcomm Atheros) -- C:\Windows\SysNative\drivers\btath_hcrp.sys

[2013-04-02 01:24:29 | 000,567,808 | ---- | C] (Qualcomm Atheros) -- C:\Windows\SysNative\drivers\btfilter.sys

[2013-04-02 01:24:29 | 000,344,216 | ---- | C] (Qualcomm Atheros) -- C:\Windows\SysNative\drivers\btath_a2dp.sys

[2013-04-02 01:24:29 | 000,114,840 | ---- | C] (Qualcomm Atheros) -- C:\Windows\SysNative\drivers\btath_avdt.sys

[2013-04-02 01:24:28 | 000,033,944 | ---- | C] (Qualcomm Atheros) -- C:\Windows\SysNative\drivers\btath_bus.sys

[2013-04-02 01:23:31 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program

[2013-04-02 01:23:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\QCA_Bluetooth

[2013-04-02 01:23:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bluetooth Suite

[2013-04-02 01:22:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qualcomm Atheros

[2013-04-02 01:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Bigfoot Networks

[2013-04-02 01:22:30 | 000,000,000 | ---D | C] -- C:\Program Files\Qualcomm Atheros

[2013-04-02 00:58:05 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center

[2013-04-02 00:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr

[2013-04-02 00:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows

[2013-04-02 00:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center

[2013-04-02 00:54:49 | 000,000,000 | ---D | C] -- C:\Users\Elvis\AppData\Roaming\PCDr

[2013-04-02 00:43:29 | 000,000,000 | ---D | C] -- C:\Users\Elvis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell

[2013-04-02 00:43:23 | 000,000,000 | ---D | C] -- C:\Users\Elvis\AppData\Local\Deployment

[2013-04-02 00:43:23 | 000,000,000 | ---D | C] -- C:\Users\Elvis\AppData\Local\Apps

[2013-04-01 03:09:29 | 000,000,000 | ---D | C] -- C:\Users\Elvis\AppData\Local\MetaGeek,_LLC

[2013-04-01 03:09:29 | 000,000,000 | ---D | C] -- C:\Users\Elvis\AppData\Local\IsolatedStorage

[2013-04-01 03:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaGeek

[2013-04-01 03:09:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MetaGeek

[2013-03-30 22:44:23 | 000,723,088 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt630x64.sys

[2013-03-30 22:44:23 | 000,074,344 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll

[2013-03-30 22:37:40 | 000,000,000 | ---D | C] -- C:\Program Files\Dell

[2013-03-30 03:22:30 | 000,000,000 | ---D | C] -- C:\Users\Elvis\Desktop\unknown virus

[2013-03-30 03:16:44 | 000,000,000 | ---D | C] -- C:\Users\Elvis\Desktop\RK_Quarantine

[2013-03-26 14:20:52 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2013-03-26 14:20:10 | 026,956,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll

[2013-03-26 14:20:10 | 025,256,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll

[2013-03-26 14:20:10 | 020,542,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll

[2013-03-26 14:20:10 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll

[2013-03-26 14:20:10 | 015,508,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll

[2013-03-26 14:20:10 | 015,042,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll

[2013-03-26 14:20:10 | 013,088,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll

[2013-03-26 14:20:10 | 009,414,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll

[2013-03-26 14:20:10 | 007,959,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll

[2013-03-26 14:20:10 | 007,573,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll

[2013-03-26 14:20:10 | 006,271,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll

[2013-03-26 14:20:10 | 002,913,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll

[2013-03-26 14:20:10 | 002,728,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll

[2013-03-26 14:20:10 | 002,355,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll

[2013-03-26 14:20:10 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll

[2013-03-26 14:20:10 | 001,807,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6431422.dll

[2013-03-26 14:20:10 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6431422.dll

[2013-03-26 14:20:10 | 000,420,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll

[2013-03-26 14:20:10 | 000,364,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll

[2013-03-26 14:20:10 | 000,284,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvkflt.sys

[2013-03-26 14:20:10 | 000,030,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvpciflt.sys

[2013-03-26 01:40:29 | 000,230,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys

[2013-03-26 01:40:28 | 000,035,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys

[2013-03-24 23:36:21 | 000,000,000 | ---D | C] -- C:\Users\Elvis\AppData\Roaming\Malwarebytes

[2013-03-24 23:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013-03-24 23:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013-03-24 23:35:25 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013-03-24 23:35:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013-03-24 21:07:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache

[2013-03-24 21:07:14 | 069,796,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe

[2013-03-24 20:56:18 | 000,000,000 | ---D | C] -- C:\Users\Elvis\AppData\Roaming\LavasoftStatistics

[2013-03-24 20:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations

[2013-03-24 20:53:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb

[2013-03-24 20:53:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner

[2013-03-24 20:52:13 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys

[2013-03-21 23:44:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2013-03-21 23:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2013-03-21 23:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2013-03-21 23:43:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2013-03-21 23:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

[2013-03-21 23:39:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

[2013-03-21 14:26:58 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys

[2013-03-20 21:34:40 | 000,000,000 | ---D | C] -- C:\Users\Elvis\Desktop\Elvis files from time

[2013-03-19 19:32:43 | 000,088,728 | ---- | C] (Qualcomm Atheros) -- C:\Windows\SysNative\drivers\btath_flt.sys

[2013-03-19 17:38:42 | 001,122,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdfcoinstaller01009.dll

[2013-03-14 22:07:52 | 000,559,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe

[2013-03-13 21:33:41 | 010,115,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll

[2013-03-13 21:33:39 | 008,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll

[2013-03-13 21:33:32 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll

[2013-03-13 21:33:32 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll

[2013-03-13 21:33:31 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys

[2013-03-13 21:33:30 | 002,146,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll

[2013-03-13 21:33:03 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013-03-13 21:33:02 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013-03-13 21:33:01 | 003,966,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013-03-13 21:33:01 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll

[2013-03-13 21:33:01 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013-03-13 21:33:01 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013-03-13 21:32:59 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013-03-13 21:32:59 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013-03-13 21:32:59 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll

[2013-03-13 21:32:59 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013-03-13 21:32:59 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll

[2013-03-13 21:32:59 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013-03-13 21:32:36 | 013,643,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll

[2013-03-13 21:32:35 | 010,792,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll

[2013-03-13 21:32:34 | 005,977,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll

[2013-03-13 21:32:33 | 005,090,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll

[2013-03-13 21:32:32 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\duser.dll

[2013-03-13 21:32:32 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlroamextension.dll

[2013-03-13 21:32:32 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll

[2013-03-13 21:32:32 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll

[2013-03-13 21:32:31 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WWanAPI.dll

[2013-03-13 21:32:31 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll

[2013-03-13 21:32:31 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.Connectivity.dll

[2013-03-13 21:32:31 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hotspotauth.dll

[2013-03-13 21:32:31 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll

[2013-03-13 21:32:31 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys

[2013-03-13 21:32:26 | 000,446,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS

[2013-03-13 21:32:20 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll

[2013-03-13 21:32:19 | 000,731,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll

[2013-03-13 21:32:19 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlroamextension.dll

[2013-03-13 21:32:19 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WWanAPI.dll

[2013-03-13 21:32:19 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mbsmsapi.dll

[2013-03-13 21:32:19 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mbsmsapi.dll

[2013-03-13 21:32:19 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll

[2013-03-13 21:32:19 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskkill.exe

[2013-03-13 21:32:19 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tasklist.exe

[2013-03-13 21:32:18 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll

[2013-03-13 21:32:18 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll

[2013-03-13 21:32:18 | 000,329,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys

[2013-03-13 21:32:18 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys

[2013-03-13 21:32:18 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskkill.exe

[2013-03-13 21:32:18 | 000,061,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys

[2013-03-13 21:32:17 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tasklist.exe

[2013-03-13 21:32:16 | 000,117,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthA2DP.sys

[2013-03-13 21:32:16 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthHfAud.sys

[2013-03-13 21:32:16 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BtaMPM.sys

[2013-03-13 21:32:16 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmproxy.dll

[2013-03-13 21:32:16 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmsprep.dll

[2013-03-13 21:31:53 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll

[2013-03-13 21:31:53 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll

[2013-03-13 19:05:12 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll

[2013-03-13 19:05:11 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013-04-03 01:17:50 | 000,017,408 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe

[2013-04-02 16:36:58 | 000,850,046 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013-04-02 16:36:58 | 000,724,738 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013-04-02 16:36:58 | 000,137,374 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013-04-02 16:31:38 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll

[2013-04-02 16:31:38 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll

[2013-04-02 16:31:35 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys

[2013-04-02 16:31:34 | 2475,704,319 | -HS- | M] () -- C:\hiberfil.sys

[2013-04-02 16:31:34 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe

[2013-04-02 16:31:32 | 000,029,336 | ---- | M] () -- C:\Windows\SysNative\wpbbin.exe

[2013-04-02 01:22:38 | 000,002,268 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk

[2013-04-02 01:22:38 | 000,002,238 | ---- | M] () -- C:\Users\Public\Desktop\Qualcomm Atheros Killer Network Manager.lnk

[2013-04-01 03:09:24 | 000,002,483 | ---- | M] () -- C:\Users\Public\Desktop\inSSIDer 3.lnk

[2013-03-30 22:41:40 | 000,001,536 | ---- | M] () -- C:\Windows\SysWow64\RtkMsgs.dll

[2013-03-29 16:51:51 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.exe

[2013-03-26 14:24:09 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk

[2013-03-24 23:35:38 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013-03-24 22:31:43 | 000,035,709 | ---- | M] () -- C:\Users\Elvis\Desktop\KEYGEN.EXE

[2013-03-24 22:31:43 | 000,035,709 | ---- | M] () -- C:\Users\Elvis\Desktop\KEYGEN - Copy.EXE

[2013-03-24 20:52:12 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys

[2013-03-20 22:15:11 | 000,001,671 | ---- | M] () -- C:\Users\Elvis\AppData\Local\rogerscookie

[2013-03-19 17:32:20 | 000,320,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013-03-15 01:53:06 | 026,956,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll

[2013-03-15 01:53:06 | 025,256,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll

[2013-03-15 01:53:06 | 020,542,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll

[2013-03-15 01:53:06 | 017,990,800 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll

[2013-03-15 01:53:06 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll

[2013-03-15 01:53:06 | 015,508,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll

[2013-03-15 01:53:06 | 015,042,928 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll

[2013-03-15 01:53:06 | 013,088,000 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll

[2013-03-15 01:53:06 | 009,414,456 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll

[2013-03-15 01:53:06 | 007,959,000 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll

[2013-03-15 01:53:06 | 007,573,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll

[2013-03-15 01:53:06 | 006,271,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll

[2013-03-15 01:53:06 | 002,913,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll

[2013-03-15 01:53:06 | 002,864,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll

[2013-03-15 01:53:06 | 002,728,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll

[2013-03-15 01:53:06 | 002,539,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll

[2013-03-15 01:53:06 | 002,355,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll

[2013-03-15 01:53:06 | 001,995,552 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll

[2013-03-15 01:53:06 | 001,807,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6431422.dll

[2013-03-15 01:53:06 | 001,510,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6431422.dll

[2013-03-15 01:53:06 | 001,118,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll

[2013-03-15 01:53:06 | 000,968,408 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll

[2013-03-15 01:53:06 | 000,420,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll

[2013-03-15 01:53:06 | 000,364,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll

[2013-03-15 01:53:06 | 000,284,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvkflt.sys

[2013-03-15 01:53:06 | 000,250,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll

[2013-03-15 01:53:06 | 000,205,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll

[2013-03-15 01:53:06 | 000,030,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvpciflt.sys

[2013-03-15 01:53:06 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb

[2013-03-15 00:16:18 | 003,477,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll

[2013-03-15 00:16:17 | 006,398,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll

[2013-03-15 00:16:10 | 002,555,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll

[2013-03-15 00:16:10 | 001,016,096 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshext.dll

[2013-03-15 00:16:10 | 000,237,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll

[2013-03-15 00:16:10 | 000,076,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshextr.dll

[2013-03-15 00:16:10 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll

[2013-03-14 22:07:52 | 000,559,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe

[2013-03-13 12:24:01 | 003,065,455 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin

[2013-03-12 22:46:04 | 000,042,487 | ---- | M] () -- C:\Users\Elvis\Desktop\F.pdf

[2013-03-05 19:07:25 | 000,692,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013-03-05 19:07:25 | 000,078,168 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013-03-04 14:15:42 | 069,796,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013-04-02 01:22:38 | 000,002,268 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk

[2013-04-02 01:22:38 | 000,002,238 | ---- | C] () -- C:\Users\Public\Desktop\Qualcomm Atheros Killer Network Manager.lnk

[2013-04-01 03:09:24 | 000,002,483 | ---- | C] () -- C:\Users\Public\Desktop\inSSIDer 3.lnk

[2013-03-29 21:37:08 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll

[2013-03-26 14:24:09 | 000,002,133 | ---- | C] () -- C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk

[2013-03-24 23:35:38 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013-03-24 22:31:43 | 000,035,709 | ---- | C] () -- C:\Users\Elvis\Desktop\KEYGEN.EXE

[2013-03-24 22:31:43 | 000,035,709 | ---- | C] () -- C:\Users\Elvis\Desktop\KEYGEN - Copy.EXE

[2013-03-19 17:32:18 | 000,320,512 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013-03-12 22:46:04 | 000,042,487 | ---- | C] () -- C:\Users\Elvis\Desktop\F.pdf

[2013-01-18 19:49:35 | 001,603,530 | ---- | C] () -- C:\Users\Elvis\chap.jpeg

[2012-12-12 17:41:24 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2012-12-12 17:38:16 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin

[2012-12-12 17:38:16 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin

[2012-11-22 00:32:32 | 000,215,144 | R--- | C] () -- C:\Windows\patchw32.dll

[2012-11-22 00:31:31 | 000,215,144 | R--- | C] () -- C:\Windows\pw32a.dll

[2012-11-19 19:34:58 | 000,003,232 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.dat

[2012-11-19 19:34:47 | 000,002,655 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Midi Decoder.dat

[2012-11-19 19:34:11 | 000,003,473 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp OptimFROG Codec.dat

[2012-11-19 19:34:10 | 000,088,576 | ---- | C] () -- C:\Windows\SysWow64\OptimFROG.dll

[2012-11-19 19:33:49 | 000,003,190 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat

[2012-11-19 19:32:30 | 000,001,745 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBPowerAMP Mp2 and BwfMp2 codec.dat

[2012-11-19 19:32:28 | 000,001,230 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Wave64 Codec.dat

[2012-11-19 19:32:27 | 000,002,234 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat

[2012-11-19 19:32:26 | 000,011,412 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBPowerAMP Real Audio (Helix) Encoder.dat

[2012-11-19 19:32:16 | 000,001,212 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Dalet Codec.dat

[2012-11-19 19:32:15 | 000,003,014 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp WavPack Codec.dat

[2012-11-19 19:32:08 | 000,003,067 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat

[2012-11-19 19:32:01 | 000,003,159 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat

[2012-11-19 19:31:55 | 000,003,152 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat

[2012-11-19 19:31:48 | 000,002,993 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp FLAC Codec.dat

[2012-11-19 19:31:26 | 000,002,900 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat

[2012-11-19 19:31:21 | 000,002,879 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat

[2012-11-19 19:31:16 | 000,002,871 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat

[2012-11-19 19:31:11 | 000,002,849 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat

[2012-11-19 19:31:06 | 000,002,999 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Channel Split] Codec.dat

[2012-11-19 19:30:58 | 000,002,901 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [iD Tag Update] Codec.dat

[2012-11-19 19:30:35 | 000,002,862 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Length Split] Codec.dat

[2012-11-19 19:30:27 | 000,003,117 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat

[2012-11-19 19:21:28 | 000,008,581 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat

[2012-11-19 19:21:22 | 000,506,744 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe

[2012-11-19 19:21:22 | 000,013,166 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat

[2012-10-31 21:24:17 | 000,007,604 | ---- | C] () -- C:\Users\Elvis\AppData\Local\Resmon.ResmonCfg

[2012-10-30 21:19:10 | 000,001,671 | ---- | C] () -- C:\Users\Elvis\AppData\Local\rogerscookie

[2012-10-30 20:48:28 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll

[2012-10-30 02:28:36 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\RtkMsgs.dll

[2012-10-29 20:56:31 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe

[2012-10-29 18:45:32 | 000,812,284 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012-07-26 04:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2012-07-26 04:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2012-07-25 21:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2012-07-25 16:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2012-07-25 16:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2012-06-02 10:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2012-04-20 16:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

[2012-03-30 23:48:22 | 000,009,851 | ---- | C] () -- C:\Windows\SysWow64\mswrnioye.dll

[2012-01-04 15:24:51 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\msercioyd.dll

========== ZeroAccess Check ==========

[2012-11-01 14:29:57 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013-01-09 19:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013-01-09 19:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012-07-25 23:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2012-07-25 23:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012-07-25 23:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013-04-02 16:30:53 | 000,000,000 | ---D | M] -- C:\Users\Elvis\AppData\Roaming\50ab9388-c7e1-4b6c-aa2f-98d6a44c1d4aad

[2012-11-06 18:03:03 | 000,000,000 | ---D | M] -- C:\Users\Elvis\AppData\Roaming\Absolute Software

[2013-01-18 19:27:25 | 000,000,000 | ---D | M] -- C:\Users\Elvis\AppData\Roaming\Canon

[2012-11-18 01:41:43 | 000,000,000 | -HSD | M] -- C:\Users\Elvis\AppData\Roaming\Common

[2013-01-19 18:38:26 | 000,000,000 | ---D | M] -- C:\Users\Elvis\AppData\Roaming\Hobbyist Software

[2013-04-02 00:54:50 | 000,000,000 | ---D | M] -- C:\Users\Elvis\AppData\Roaming\PCDr

[2012-10-30 21:19:10 | 000,000,000 | ---D | M] -- C:\Users\Elvis\AppData\Roaming\Rogers

[2012-11-01 14:30:15 | 000,000,000 | ---D | M] -- C:\Users\Elvis\AppData\Roaming\Stardock

[2012-10-30 22:07:48 | 000,000,000 | ---D | M] -- C:\Users\Elvis\AppData\Roaming\Waterfox Limited

[2012-11-01 15:54:02 | 000,000,000 | ---D | M] -- C:\Users\Elvis\AppData\Roaming\WinAVI

[2012-10-30 23:15:39 | 000,000,000 | ---D | M] -- C:\Users\Elvis\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 503 bytes -> C:\ProgramData\TEMP:9A870F8B

@Alternate Data Stream - 202 bytes -> C:\ProgramData\TEMP:8927A071

@Alternate Data Stream - 192 bytes -> C:\Users\Elvis\chap.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >

Link to post
Share on other sites
ELVIS7

ELVIS7

Posted
  • Author
Posted

OTL Extras logfile created on: 2013-04-03 1:38:02 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Elvis\Downloads

64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16519)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd

7.88 Gb Total Physical Memory | 6.25 Gb Available Physical Memory | 79.29% Memory free

9.07 Gb Paging File | 7.23 Gb Available in Paging File | 79.71% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 698.12 Gb Total Space | 366.19 Gb Free Space | 52.45% Space Free | Partition Type: NTFS

Drive D: | 100.00 Mb Total Space | 68.09 Mb Free Space | 68.09% Space Free | Partition Type: NTFS

Computer Name: ETERNITY | User Name: Elvis | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{05600A3C-6853-4D63-8692-A75EF9FB6E65}" = rport=10243 | protocol=6 | dir=out | app=system |

"{0A450FF7-37C9-4938-A8F5-608ACEDBFC46}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{0FBCE4E9-DE26-482C-B540-5049E254FEBA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{107BA871-7BC6-44EB-A327-DEAC134A79F4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{186F97CE-A2F7-4F93-A6F1-1E295BEA7D57}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{19B9B5F6-3407-4BD0-8651-11BBAD407A1F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{1FC37297-EFB6-4E35-AD98-2A08B0BBD4A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{25E019AB-1787-4B6A-89DC-07B57F8DCF61}" = lport=10243 | protocol=6 | dir=in | app=system |

"{26FB9D29-BD4D-4CE2-B6AA-4DAF08240A89}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{2A25F659-104C-4050-AEB7-0371AED17B6A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{2B75EC91-7C10-41A3-AFC8-5F99F38FAEEE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{2FB049AB-17B7-44C6-A270-6D4692284522}" = lport=445 | protocol=6 | dir=in | app=system |

"{346A5510-0809-485F-8696-B89A1EEF3297}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{3BEBC20E-A5D2-480B-B2A5-03306A81FE59}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{42229C7F-B482-4067-BCB5-6731724627BB}" = rport=10243 | protocol=6 | dir=out | app=system |

"{4912FF64-281E-4014-A116-9119D64DD84F}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\dashost.exe |

"{4C55BC6F-0CE7-4528-835E-37E72D76294B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{4F10CB6E-0EE8-4A40-AB74-7A48BC54B961}" = lport=2869 | protocol=6 | dir=in | app=system |

"{52BC7B66-5743-47E6-9C1E-1A030C7722FD}" = lport=138 | protocol=17 | dir=in | app=system |

"{5E128B6E-03B2-4DA5-853B-259DD1C3B3D9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{61B9821A-51E5-49A3-AA92-583544DBD6B4}" = rport=137 | protocol=17 | dir=out | app=system |

"{63C4FD5E-4500-4B97-BC95-721C5BB17BE8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{69A7FDC6-0E7D-4AC8-8F62-11CC77768E15}" = lport=2869 | protocol=6 | dir=in | app=system |

"{6E24F08E-7065-406D-8B69-9D5657F014A8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{74EA001F-8C37-4222-B929-DD10320AAFAE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{79BFBD93-F134-4D08-A5F8-AFF03D2EEAFA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{7BEB8169-BFB3-416D-8FCD-D502CC5390C6}" = lport=1900 | protocol=17 | dir=in | app=%programfiles%\zune\zune.exe |

"{7DB38E32-CD53-4ED8-BC03-D0D86E006A75}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{7E24A6F5-6CE9-4350-96CC-73F71DD9E0B0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{81269C5F-CECF-44F4-96CE-B638A2DA4706}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{8836F416-985A-47D7-8E03-ACAACE95545C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{8C6C87EB-6966-4EB8-8476-C6B5269AFD32}" = lport=139 | protocol=6 | dir=in | app=system |

"{8EA17EA4-4CCE-4BF7-B06F-18514F996DD0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{921478DF-030B-4C2B-8B4F-782908C12BD4}" = lport=2869 | protocol=6 | dir=in | app=system |

"{93B25A00-02CD-4C7E-A825-954029A46550}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{9A26D59C-DB70-4DDB-B82E-B21E056E4DB0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{9F25D1D9-8B87-4282-BB27-ACFA9FA4F26A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{A12985FB-6885-4CE5-A907-CE532EB96216}" = lport=137 | protocol=17 | dir=in | app=system |

"{A1D31875-7DB5-48B9-9BB1-119591129179}" = rport=445 | protocol=6 | dir=out | app=system |

"{A9DF61D6-DCD7-471C-B867-BA775BE3C444}" = rport=138 | protocol=17 | dir=out | app=system |

"{AA50D54F-4181-45D5-8234-EF655A5B924A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{AD953971-924E-4824-A892-5668025ADC51}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{AE1E54FB-428F-40B6-8DF4-2446DCD421A0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{B1627822-C3F0-4DA3-974E-706A9D0366B7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{B2074597-B33F-49DB-9C50-2B0902D81B35}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{B3420318-02A0-46AC-86B8-872315119EB6}" = lport=10243 | protocol=6 | dir=in | app=system |

"{BBE1F0B0-30D0-4D26-A046-89FE531F2782}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{C55A41ED-2AF9-4198-BB99-2481BB7FCE23}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{C690063D-A6BE-4544-A720-29097DA4707B}" = rport=139 | protocol=6 | dir=out | app=system |

"{D1AAB1FA-BCAA-4D64-8F3E-70E8B8D399AB}" = lport=10243 | protocol=6 | dir=in | app=system |

"{D7A1824B-2EE9-4E63-8F1B-75A6596B2E28}" = rport=10243 | protocol=6 | dir=out | app=system |

"{DE5D2AF9-9C37-4840-A933-F9F28F52B9B4}" = rport=2869 | protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{E5047187-6A11-4795-8AEE-F0F4FB555C98}" = lport=2869 | protocol=6 | dir=in | app=system |

"{F9B5E98C-E400-4C22-B0A2-303BFAEDBF41}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00080B49-C0B4-4DF0-80D1-C409417896EE}" = dir=out | name=windows phone |

"{0589015D-E697-4161-A692-6BA80EFA4061}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{063C76FC-2681-4C01-AC95-66C766CE759D}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |

"{086EA4E3-CED8-49D1-B745-73022944311C}" = dir=out | name=@{microsoft.zunemusic_1.2.150.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |

"{0B59A735-11BB-483C-8744-6A3D4C3A4C1A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{0F41EA50-C6A4-4F0C-8678-089EB897B289}" = protocol=6 | dir=out | app=system |

"{1EAAF896-4338-43C4-B631-1E3FA423E376}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |

"{2004CA79-D596-4137-9CE6-92A761B224EA}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |

"{22F02F31-F793-40E6-9145-91B06A877200}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{235598B1-28F9-4852-AFB1-B7B9438AFCE6}" = dir=out | name=wd |

"{2370A3C1-8599-400B-B041-836B820C4FCD}" = dir=in | app=c:\program files\bonjour\mdnsresponder.exe\bonjour\mdnsresponder.exe |

"{2681943B-A908-45E9-8F29-1B58695D499B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{2A1C1BE2-FA06-49AA-BDF3-7B6ACF52F544}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{324EB093-09CA-46A9-8445-C11ADB675896}" = protocol=17 | dir=in | app=%programfiles%\zune\zunenss.exe |

"{37345D9B-B34D-40FC-B49C-0CE34BAFFDEB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{375D7CD6-297A-42C5-8082-6B4C145051DE}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{3ECCF758-EB43-44CA-9976-698C6D79DB9A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{3FCFB1D5-DF6B-4CEB-825D-5AEF9D82A1C7}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |

"{45F6F872-7FCA-4B98-A871-972D554AD299}" = dir=out | name=@{44352gadgetwe.unitconversion_1.0.1.4_neutral__wrnqd43hr7tc6?ms-resource://44352gadgetwe.unitconversion/resources/appstorename} |

"{47558F2B-EBFE-4CE7-8A60-50B324DC58AD}" = dir=out | name=@{microsoft.xboxlivegames_1.2.143.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |

"{4937B1D3-6E68-4A2B-BB54-ED82BF9F6E8C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{4A9DDCA0-D9D8-484C-A292-6CE684C6F3FA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{4C19D75C-37FC-461E-8EFA-47B298C5E9CC}" = dir=out | name=canon inkjet print utility |

"{4F381DBD-498D-4B23-867A-28CF5A746E8C}" = dir=in | app=c:\program files (x86)\hobbyist software\vlc streamer\mdnsresponder.exe |

"{500C55EB-B43B-4639-8365-4910ADFE81E3}" = dir=out | name=onenote |

"{52A44C99-D851-4BAF-9875-FFFC8CBD2FBA}" = dir=out | name=@{microsoft.xboxcompanion_1.2.160.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |

"{54813031-FC19-4C7F-8AC7-0B9A97ADC86F}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |

"{5AF86FA7-04D5-42FC-9B03-A086EB174978}" = protocol=6 | dir=out | app=system |

"{6087BD6F-42FB-4B26-9917-BE472844CD8E}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe |

"{60971958-298E-46DD-AE4E-CF8B1036D118}" = dir=in | name=@{microsoft.xboxcompanion_1.2.160.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |

"{613407F4-5452-413E-9934-B29E24413F03}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{6333C0B2-DF89-4E3F-8A05-E32F811D9220}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{694C1BC9-75D7-4819-BCE2-B298F8593795}" = protocol=6 | dir=out | app=system |

"{69A64278-1280-4A71-ACD5-6F03A94BD67B}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero blu-ray player\blu-rayplayer.exe |

"{6C02AF2A-1274-4D64-87EE-0F1B104C0024}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |

"{6F6FE97A-9C13-4E6B-964B-0492C8E8F96B}" = protocol=6 | dir=out | app=%programfiles%\zune\zunenss.exe |

"{728A821D-3235-4249-83B4-F5CDAA16ACAC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{740FA365-A4C0-4395-B3F6-478DE72F6E4A}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe |

"{762AE540-8AB9-45C1-9C52-1310127911EE}" = dir=out | name=ctv news |

"{7834CE65-605B-4EE6-90E5-6E615194E779}" = dir=out | name=netflix |

"{79AC6023-B919-4F42-874A-FD50B35F8B8E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{7B780BCF-554D-4E86-B753-BC3E32AA8579}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |

"{804600C5-4288-4D31-A3B5-563E74215883}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |

"{88B57AD1-8B1C-403E-8A92-6326DB4DFD63}" = dir=in | name=wd |

"{8B3A93B3-F99B-46DE-950B-817CA38EE91C}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe |

"{8BBCCD49-73F1-4122-8B27-648EB83E2E4E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{8EB56793-4915-443F-B984-6D7493AAF021}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{8FF1C23B-450F-4DBF-8D5F-7BF2AE34A919}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |

"{901FF22B-0749-4BC6-83AC-651B0C4F497D}" = dir=in | name=windows phone |

"{960468FB-DA10-49F7-B2B3-18F629BACF1A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{9B8745C3-1BD8-4A49-8A4D-EA7D284501C8}" = protocol=6 | dir=out | app=system |

"{9BE340EF-49ED-421A-9A1D-4841115E3996}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{9D48C10B-F1C7-48FE-82B2-B0D13ECE9203}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{A2811657-518E-4622-B3EE-DAA1E970DFDA}" = dir=in | app=c:\program files\intel\ccdashboard\bin\ccdash.exe |

"{A70CEE57-7438-479C-97F4-C1AD2FF3ABE0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{B157C00C-013A-4492-A168-5778795EBF62}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{B179C253-4DA4-4A6A-B964-5CFC270EC86A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{B19125CB-71F4-44F6-A519-50A7964EAD05}" = dir=in | name=onenote |

"{B236265D-0479-4422-B16D-4A3DC4ED6B9D}" = protocol=6 | dir=in | app=%programfiles%\zune\zunenss.exe |

"{BB82DC9E-D7DE-4C77-B8DE-3D85E6C82565}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{BF18CEC9-CE21-4F53-9774-3D6F15FE44B0}" = protocol=6 | dir=in | app=%programfiles%\zune\zunenss.exe |

"{C0D95770-59CE-46F7-B776-1976FD13086E}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |

"{C39BCB70-82BE-4900-B8D9-3326A8C936DB}" = dir=in | app=c:\users\elvis\appdata\local\microsoft\skydrive\skydrive.exe |

"{C6DF5BE0-1870-4510-9273-CF5CBD97343D}" = dir=out | name=@{microsoft.zunevideo_1.2.150.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |

"{C96929DB-724E-46B9-A2C2-9A9C63AA0B41}" = protocol=17 | dir=out | app=%programfiles%\zune\zunenss.exe |

"{CE8D85B9-89A5-4BEE-AA1E-F1D06C097B0A}" = protocol=17 | dir=out | app=%programfiles%\zune\zunenss.exe |

"{D14720B0-FA2D-4096-8087-43403B0B9EA2}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{D15B3735-6341-4A4E-89B0-002C873524EE}" = dir=out | app=c:\program files\intel\ccdashboard\bin\ccdash.exe |

"{D5AACD2D-1CA5-4F02-A734-B7710A261A7D}" = dir=out | name=rogers anyplace tv |

"{D68D9605-0F98-4E59-9245-F4BCC996C7F0}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |

"{D7EE4F8A-316F-4500-AF54-85AE2395FC0C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{D8A98869-3508-4F37-8722-6200E81689ED}" = protocol=6 | dir=out | app=system |

"{D939F6BD-2909-4BC3-9BB4-5357DCF2BF1A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{E237A0CC-AA1E-4866-949F-4D65A0141C08}" = protocol=6 | dir=out | app=%programfiles%\zune\zunenss.exe |

"{E44FBC8E-1C36-4127-8957-A6F2EEB95CF9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{E5A52ABC-E24E-46D5-8E6C-28DCE1ED0624}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{E68E5F23-48DE-41FA-A9EB-11F9BE3E5AC4}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |

"{E6D6FD4A-1643-4F89-92B0-8EBE90245A3E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |

"{E8748249-A286-48B5-BF6C-754FF1596BCB}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero blu-ray player\blu-rayplayer.exe |

"{EE0F9600-E769-4B68-B63F-9F365EAC12DA}" = protocol=17 | dir=in | app=%programfiles%\zune\zunenss.exe |

"{EECF67D0-22E1-4737-997A-1FD9AA3AD944}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe |

"{F7CAC63B-8EEC-4F4B-8AE2-CC25E44DF7DB}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |

"{FBB3A957-F02C-4B92-8CCD-D011D4C6C257}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{FC853080-8D0B-4365-90C1-3BF87D3B0340}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |

"{FE70F586-E5B4-4316-8017-602CF9683C5B}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe |

"{FE82093C-26ED-484E-95B8-E7A3B97FDDCE}" = dir=in | app=c:\program files (x86)\hobbyist software\vlc streamer\vlc streamer configuration.exe |

"{FEB28023-D62B-4074-973A-0C3694C6FDA8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"TCP Query User{3E9B73B3-948B-4622-8DA4-F3C0E7F5887C}C:\program files (x86)\rogers\rogers one number\rogersonenumber.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rogers\rogers one number\rogersonenumber.exe |

"TCP Query User{3FDAEA24-ADFB-4D0A-B7FB-45F030F6323F}C:\users\elvis\appdata\roaming\edul\iqewi.exe" = protocol=6 | dir=in | app=c:\users\elvis\appdata\roaming\edul\iqewi.exe |

"TCP Query User{72D98E11-9DE2-4DA3-B1F8-D79EC5D44AEF}C:\program files (x86)\rogers\rogers one number\rogersonenumber.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rogers\rogers one number\rogersonenumber.exe |

"UDP Query User{57A09FC0-9AD2-4F8E-92A3-18A9166DF23C}C:\users\elvis\appdata\roaming\edul\iqewi.exe" = protocol=17 | dir=in | app=c:\users\elvis\appdata\roaming\edul\iqewi.exe |

"UDP Query User{587E0270-B85C-4B19-9C0D-9E236FFB6A63}C:\program files (x86)\rogers\rogers one number\rogersonenumber.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rogers\rogers one number\rogersonenumber.exe |

"UDP Query User{D64CDF78-4FD3-448C-831E-DEC2CC6EC143}C:\program files (x86)\rogers\rogers one number\rogersonenumber.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rogers\rogers one number\rogersonenumber.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes

"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)

"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC4

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX430_series" = Canon MX430 series MP Drivers

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)

"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support

"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)

"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)

"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)

"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)

"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)

"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)

"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)

"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)

"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64

"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune

"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)

"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)

"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 314.22

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 314.22

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 314.22

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.12.12

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.23.1

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)

"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)

"{C55B5B3C-7F46-40E6-B943-EFB6765FB828}" = Waterfox

"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)

"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)

"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)

"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud

"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)

"{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager

"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64

"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component

"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client

"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter

"PC-Doctor for Windows" = Dell Support Center

"SynTPDeinstKey" = Dell Touchpad

"VLC media player" = VLC media player 2.0.4

"WinRAR archiver" = WinRAR 4.20 (64-bit)

"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform

"{052A1E34-A54B-458C-A4E3-24C3E054754A}" = Nero Kwik Media

"{05C6B128-1B40-4495-9CB9-090B368BFA0A}" = Nero Video Samples

"{0708FF30-78C0-47B0-81F0-C84604DC769C}" = Nero Express Help (CHM)

"{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM)

"{0E4630AF-0AB7-440E-A978-1A78FC4F43B9}" = Nero Launcher

"{150D88F1-40AF-4678-A39D-BCE2332F34E5}" = Nero Abstract Themes

"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack

"{1943C3BD-4462-4612-92C3-D36DD917C447}" = Nero Recode

"{1B6F5E51-575E-4693-BCA2-7543570D076D}" = Nero Kwik Themes Basic

"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger

"{1F16820E-D0E7-4636-939E-45CBFEFB06E1}" = Nero Kwik Media Help (CHM)

"{22856BC3-F893-4CBF-95F2-E1F63CD2B1AB}" = Nero Video Transitions 1

"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources

"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs

"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9

"{2890E324-6F3B-4975-8B95-E7D6D80E0226}" = Nero Burning ROM Help (CHM)

"{29E2C1C6-D76A-41D3-980F-6E346AA9A6A8}" = Nero Cliparts

"{29F67D84-3A70-456E-806A-52301B02070B}" = Nero Effects Basic

"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery

"{397AE3AC-AF5B-4072-9908-9C80006B9BCF}" = FineVu Player

"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update

"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform

"{4D25D881-7183-462F-95C8-990CA1944E0B}" = Nero PiP Effects 1

"{4E7AC009-5212-499F-942F-A5AA42AE359E}" = Nero 12 Content Pack

"{504D84ED-AE75-4F85-A68B-BB3D4CB3E169}" = Nero Holiday and Sports Themes

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5963F4B4-D138-47CD-ADEF-470E87E185BD}" = Nero Burning ROM

"{5B79E730-D897-4B8F-A1AD-7BB2D1F22B96}" = Nero Blu-ray Player Help (CHM)

"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker

"{5BB0D82A-4EED-477B-858E-1D5B01560BF5}" = inSSIDer 3

"{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}" = System Requirements Lab for Intel

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update

"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform

"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7BD7A4BF-EA64-4BFE-A9D3-3FDC9B6EFC23}" = Nero Football (Soccer) Themes

"{8193DCBC-0364-4BC4-BC5B-72CAD8405BD2}" = TouchCopy 09

"{828175FA-7307-4DBF-95AD-9CEE086B6F45}" = Welcome App (Start-up experience)

"{83A4E573-E2C2-46FB-9DA6-6A2BBBF5A588}" = Nero Retro Film Themes

"{83FCCFCD-46E3-43FB-A397-78BFD5A8980A}" = Nero Video

"{848A7C68-0ADC-4193-8A89-2CEA78E56A0C}" = Nero Express

"{86847081-B387-4F49-AED1-C9B0A090D66C}" = Nero Recode Help (CHM)

"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions

"{8B5AD338-7ABC-4ECB-9C2C-687F84AEDDB1}" = Nero Platinum Effects 12

"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{955BF340-C379-4375-AA2F-F3BCB2A498AB}" = Nero Family and Events Themes

"{95E152CF-0EB5-4BFA-B6EE-8FC7F9601BA5}" = Nero 12

"{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}" = ST Microelectronics 3 Axis Digital Accelerometer Solution

"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player

"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1

"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI

"{ACE49D50-19CD-44A6-B192-46F985283B26}" = Nero PiP Effects Basic

"{B128179D-A5E1-43AC-9422-12A109ECD2A0}" = Nero Video Help (CHM)

"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail

"{B953732D-B623-4E84-B369-CFFF7B1AE06F}" = Nero RescueAgent

"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components

"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials

"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader

"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer

"{C4C6DF25-0E59-46EE-B24B-DF8749D8FF3A}" = Nero Image Samples

"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)

"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common

"{CE675FBD-75C3-45F1-B6AF-8D250861D536}" = Nero Disc Menus 3

"{CF91A5A9-F10D-433D-A677-9505B84EAF1B}" = Stardock Software

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer

"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common

"{DA2D3078-A58C-45E8-8EE0-18B8BE6B34F7}" = Nero BackItUp

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E17BCB76-9924-4BD5-B6D6-50D3407B4E74}" = Nero Disc Menus Basic

"{EBE939ED-4612-45FD-A39E-77AC199C4273}" = Absolute Notifier

"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker

"{EEBF1676-AF87-4266-93D8-0C14A34C4217}" = Nero Disc Menus 1

"{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM)

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger

"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery

"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package

"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE

"{FE81E6B5-652B-40E7-B3B2-7171C6F297DA}" = Nero Disc Menus 2

"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel® Rapid Start Technology

"4C572483-1D92-45C5-9752-28352100B919_is1" = Rogers One Number 1.2.0

"AC3File_is1" = AC3File 0.6b

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX

"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool

"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program

"CanonSolutionMenuEX" = Canon Solution Menu EX

"dBpoweramp [Arrange Audio] Codec" = dBpoweramp [Arrange Audio] Codec

"dBpoweramp [Audio Info] Codec" = dBpoweramp [Audio Info] Codec

"dBpoweramp [Calculate Audio CRC] Codec" = dBpoweramp [Calculate Audio CRC] Codec

"dBpoweramp [Channel Split] Codec" = dBpoweramp [Channel Split] Codec

"dBpoweramp [iD Tag Update] Codec" = dBpoweramp [iD Tag Update] Codec

"dBpoweramp [Length Split] Codec" = dBpoweramp [Length Split] Codec

"dBpoweramp [Multi Encoder] Codec" = dBpoweramp [Multi Encoder] Codec

"dBpoweramp [ReplayGain] Codec" = dBpoweramp [ReplayGain] Codec

"dBpoweramp Dalet Codec" = dBpoweramp Dalet Codec

"dBpoweramp DSP Effects" = dBpoweramp DSP Effects

"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec

"dBpoweramp m4a Codec" = dBpoweramp m4a Codec

"dBpoweramp Midi Decoder" = dBpoweramp Midi Decoder

"dBpoweramp Monkeys Audio Codec" = dBpoweramp Monkeys Audio Codec

"dBPowerAMP Mp2 and BwfMp2 codec" = dBPowerAMP Mp2 and BwfMp2 codec

"dBpoweramp mp3 (Fraunhofer IIS) Codec" = dBpoweramp mp3 (Fraunhofer IIS) Codec

"dBpoweramp Music Converter" = dBpoweramp Music Converter

"dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec

"dBpoweramp OptimFROG Codec" = dBpoweramp OptimFROG Codec

"dBPowerAMP Real Audio (Helix) Encoder" = dBPowerAMP Real Audio (Helix) Encoder

"dBPoweramp tooLame MP2 codec" = dBPoweramp tooLame MP2 codec

"dBpoweramp Wave64 Codec" = dBpoweramp Wave64 Codec

"dBpoweramp WavPack Codec" = dBpoweramp WavPack Codec

"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"ObjectDock Plus 2" = ObjectDock Plus 2

"Smoke" = Smoke demo by NVIDIA (remove only)

"VLC Streamer_is1" = VLC Streamer 3.13

"WinAVI All-in-One Converter" = WinAVI All-in-One Converter

"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"9204f5692a8faf3b" = Dell System Detect

"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 2013-03-27 12:08:02 AM | Computer Name = Eternity | Source = Application Hang | ID = 1002

Description = The program SystemSettings.exe version 6.2.9200.16420 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: c4c Start

Time: 01ce2a4caa6c4019 Termination Time: 4294967295 Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

Report

Id: debd1cba-9693-11e2-bed0-08edb9037210 Faulting package full name: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy

Faulting

package-relative application ID: microsoft.windows.immersivecontrolpanel

Error - 2013-03-27 12:43:01 PM | Computer Name = Eternity | Source = Customer Experience Improvement Program | ID = 1008

Description =

Error - 2013-03-28 3:14:40 AM | Computer Name = Eternity | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\program files (x86)\Nero\Nero

12\nero recode\NeroBRServer.exe.Manifest". Dependent Assembly ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2013-03-29 1:41:13 AM | Computer Name = Eternity | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\program files (x86)\Nero\Nero

12\nero recode\NeroBRServer.exe.Manifest". Dependent Assembly ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2013-03-29 2:58:03 AM | Computer Name = Eternity | Source = Customer Experience Improvement Program | ID = 1008

Description =

Error - 2013-03-29 10:17:49 PM | Computer Name = Eternity | Source = Customer Experience Improvement Program | ID = 1008

Description =

Error - 2013-03-30 3:52:27 AM | Computer Name = Eternity | Source = Application Error | ID = 1000

Description = Faulting application name: WSHost.exe, version: 6.2.9200.16384, time

stamp: 0x50108842 Faulting module name: RPCRT4.dll, version: 6.2.9200.16384, time

stamp: 0x50108bb9 Exception code: 0xc0000005 Fault offset: 0x0000000000011eee Faulting

process id: 0x9c4 Faulting application start time: 0x01ce2d1b81e34574 Faulting application

path: C:\Windows\WinStore\WSHost.exe Faulting module path: C:\Windows\system32\RPCRT4.dll

Report

Id: c38bf2ea-990e-11e2-bed3-08edb9037210 Faulting package full name: Faulting package-relative

application ID:

Error - 2013-03-30 10:41:41 PM | Computer Name = Eternity | Source = Dell-System Update | ID = 3720

Description = Update Failure User: Elvis Package: setup.exe Description: Realtek HD

Audio - DELL MUP Package, V1.0.0.5 Previous version: 6.0.1.6743, New version: 6.0.1.6743

Log

file: C:\Dell\UpdatePackage\log\setup.log Exit code = 3 (Dependency software error)

Error - 2013-03-30 10:50:23 PM | Computer Name = Eternity | Source = Customer Experience Improvement Program | ID = 1008

Description =

Error - 2013-03-31 11:40:03 PM | Computer Name = Eternity | Source = Windows Backup | ID = 4103

Description =

Error - 2013-04-01 1:01:05 AM | Computer Name = Eternity | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\program files (x86)\Nero\Nero

12\nero recode\NeroBRServer.exe.Manifest". Dependent Assembly ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2013-04-01 1:03:12 AM | Computer Name = Eternity | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\program files (x86)\Nero\Nero

12\nero recode\NeroBRServer.exe.Manifest". Dependent Assembly ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2013-04-01 9:56:17 PM | Computer Name = Eternity | Source = Customer Experience Improvement Program | ID = 1008

Description =

Error - 2013-04-02 3:02:02 PM | Computer Name = Eternity | Source = .NET Runtime | ID = 1026

Description =

Error - 2013-04-02 4:12:22 PM | Computer Name = Eternity | Source = Application Error | ID = 1000

Description = Faulting application name: plugin-container.exe, version: 16.0.1.4682,

time stamp: 0x508a9c74 Faulting module name: mozalloc.dll, version: 16.0.1.4682,

time stamp: 0x508a7b09 Exception code: 0x80000003 Fault offset: 0x00000000000011c2

Faulting

process id: 0x220 Faulting application start time: 0x01ce2fddeafba981 Faulting application

path: C:\Program Files\Waterfox Limited\Waterfox\plugin-container.exe Faulting module

path: C:\Program Files\Waterfox Limited\Waterfox\mozalloc.dll Report Id: a04d43cc-9bd1-11e2-bed8-08edb9037210

Faulting

package full name: Faulting package-relative application ID:

[ Media Center Events ]

Error - 2013-02-19 1:23:28 AM | Computer Name = Eternity | Source = MCUpdate | ID = 0

Description = 12:18:20 AM - Failed to retrieve SportsV2 (Error: The request was

aborted: The request was canceled.)

[ System Events ]

Error - 2013-03-29 9:37:16 PM | Computer Name = Eternity | Source = Service Control Manager | ID = 7000

Description = The Qualcomm Atheros Killer Service service failed to start due to

the following error: %%2

Error - 2013-03-30 3:49:48 AM | Computer Name = Eternity | Source = Service Control Manager | ID = 7000

Description = The Qualcomm Atheros Killer Service service failed to start due to

the following error: %%2

Error - 2013-03-31 12:02:25 PM | Computer Name = Eternity | Source = Service Control Manager | ID = 7000

Description = The Qualcomm Atheros Killer Service service failed to start due to

the following error: %%2

Error - 2013-04-02 12:13:33 AM | Computer Name = Eternity | Source = Service Control Manager | ID = 7000

Description = The Qualcomm Atheros Killer Service service failed to start due to

the following error: %%2

Error - 2013-04-02 12:13:41 AM | Computer Name = Eternity | Source = Microsoft-Windows-Directory-Services-SAM | ID = 12291

Description = SAM failed to start the TCP/IP or SPX/IPX listening thread

Error - 2013-04-02 12:23:27 AM | Computer Name = Eternity | Source = Service Control Manager | ID = 7000

Description = The Qualcomm Atheros Killer Service service failed to start due to

the following error: %%2

Error - 2013-04-02 2:13:49 AM | Computer Name = Eternity | Source = Schannel | ID = 36888

Description = A fatal alert was generated and sent to the remote endpoint. This

may result in termination of the connection. The TLS protocol defined fatal error

code is 51. The Windows SChannel error state is 900.

Error - 2013-04-02 10:14:26 AM | Computer Name = Eternity | Source = Microsoft-Windows-FilterManager | ID = 3

Description = Filter Manager failed to attach to volume '\Device\HarddiskVolume12'.

This volume will be unavailable for filtering until a reboot. The final status

was 0xc03a001c.

Error - 2013-04-02 10:14:30 AM | Computer Name = Eternity | Source = Microsoft-Windows-FilterManager | ID = 3

Description = Filter Manager failed to attach to volume '\Device\HarddiskVolume14'.

This volume will be unavailable for filtering until a reboot. The final status

was 0xc03a001c.

Error - 2013-04-02 12:56:33 PM | Computer Name = Eternity | Source = Microsoft-Windows-FilterManager | ID = 3

Description = Filter Manager failed to attach to volume '\Device\HarddiskVolume18'.

This volume will be unavailable for filtering until a reboot. The final status

was 0xc03a001c.

< End of report >

Link to post
Share on other sites
ELVIS7

ELVIS7

Posted
  • Author
Posted

Results of screen317's Security Check version 0.99.61

x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Windows Defender

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

Java 7 Update 9

Java version out of Date!

Adobe Flash Player 11.6.602.180

Adobe Reader XI

````````Process Check: objlist.exe by Laurent````````

Windows Defender MSMpEng.exe

Windows Defender MsMpEng.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: %

````````````````````End of Log``````````````````````

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

  • Please disconnect any USB or external storage drives from the computer before you run this scan!
  • Disable your anti-virus program, Windows Defender.
    To start Win8's Windows Defender, press the Windows-key on keyboard
    Type in msas
    You will see a Windows Defender block on the right of the screen.
    Do a Right-click on the box and then move your mouse & click on Run as Administrator down at the bottom of the monitor view.
    Windows Defender will start.
    Click the Settings tab.
    Uncheck the line Turn on real-time protection so that it is clear.
    Press Save changes button.
    Close the Windows Defender.
    {remember how to do this. As at some later point, we would need to put back in place the real-time protection}
  • Right-Click RogueKiller and select Run as Administrator.
  • Wait until Prescan finishes.
  • On the RogueKiller console, click the Registry tab.
    Put a check next to all of these and uncheck the rest: (if found)
    [RUN][sUSP PATH] HKCU\[...]\Run : Adobe CSx Manager (C:\Users\Elvis\AppData\Roaming\50ab9388-c7e1-4b6c-aa2f-98d6a44c1d4aad\abcebcaafdacdaad.exe) [x] -> FOUND
    [RUN][sUSP PATH] HKCU\[...]\Run : Pumeqiweut (C:\Users\Elvis\AppData\Roaming\Edul\iqewi.exe) [x] -> FOUND
    [RUN][sUSP PATH] HKUS\S-1-5-21-2445134525-547576882-1556999920-1001[...]\Run : Adobe CSx Manager (C:\Users\Elvis\AppData\Roaming\50ab9388-c7e1-4b6c-aa2f-98d6a44c1d4aad\abcebcaafdacdaad.exe) [x] -> FOUND
    [RUN][sUSP PATH] HKUS\S-1-5-21-2445134525-547576882-1556999920-1001[...]\Run : Pumeqiweut (C:\Users\Elvis\AppData\Roaming\Edul\iqewi.exe) [x] -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

  • Then click on Delete on the right hand column under Options.
  • The log will be found as RKreport
    Copy & Paste the contents into next reply.

Task 2

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

If you have the PRO license, then do this too: Click the Protection tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Full Scan. i_arrow-l.gif

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Task 3

Remembering how to get to Windows Defender {like the 1st step above}

now start Windows Defender.

Turn back ON the real time protection.

Click the Save changes button.

Click on the Update tab and do an Update run.

Click on the Home tab.

Select Full scan

and then press the Scan now button

Tell me what the results are of this scan.

Do not go away, as we will likely do some other things later on.

Link to post
Share on other sites
ELVIS7

ELVIS7

Posted
  • Author
Posted

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version

Started in : Normal mode

User : Elvis [Admin rights]

Mode : Remove -- Date : 04/06/2013 22:50:10

| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] scrncap.exe -- C:\Windows\Temp\irstrtsv\scrncap.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 3 ¤¤¤

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)

[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)

[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9750420AS +++++

--- User ---

[MBR] d72ac6358a83a1809d69b0a85a10d888

[bSP] 825a45dab5bae1a50a8b1133826f576e : Empty MBR Code

Partition table:

0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive1: SAMSUNG SSD PM8 +++++

--- User ---

[MBR] f8658f2cec2f8e0c87b6121d33d5036b

[bSP] a332f4f151a5ad199d78973f4faf8e72 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] OS/2-HIBER (0x84) [HIDDEN!] Offset (sectors): 206848 | Size: 8192 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[5]_D_04062013_02d2250.txt >>

RKreport[1]_S_03302013_02d0320.txt ; RKreport[2]_D_03302013_02d0325.txt ; RKreport[3]_S_03302013_02d0329.txt ; RKreport[4]_S_04062013_02d2248.txt ; RKreport[5]_D_04062013_02d2250.txt

Link to post
Share on other sites
ELVIS7

ELVIS7

Posted
  • Author
Posted

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.04.06.07

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16519

Elvis :: ETERNITY [administrator]

2013-04-06 10:55:03 PM

mbam-log-2013-04-06 (22-55-03).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Objects scanned: 494250

Time elapsed: 1 hour(s), 4 minute(s), 48 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites
ELVIS7

ELVIS7

Posted
  • Author
Posted

defender log:

Category: Exploit

Description: This program is dangerous and exploits the computer on which it is run.

Recommended action: Remove this software immediately.

Items:

containerfile:C:\Users\Elvis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\4836fc5f-4027fb9a

file:C:\Users\Elvis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\4836fc5f-4027fb9a->T.class

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Items:

file:C:\Users\Elvis\AppData\Roaming\50ab9388-c7e1-4b6c-aa2f-98d6a44c1d4aad\abcebcaafdacdaad.exe

Get more information about this item online.

both were removed successfully but abceabce....... keeps coming back

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Do the following next, as much as possible.

We Need to Run a Batch Script

  1. Press the Windows-key on keyboard.
  2. In the 10-16-2011%204-33-46%20PM.png box, type notepad and press Enter.
  3. Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.
    del /f /q C:\Users\Elvis\AppData\Roaming\50ab9388-c7e1-4b6c-aa2f-98d6a44c1d4aad\abcebcaafdacdaad.exe
    rd /s /q C:\Users\Elvis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31
    rd /s /q C:\Users\Elvis\AppData\Roaming\50ab9388-c7e1-4b6c-aa2f-98d6a44c1d4aad
    del /f /q "%~f0"


  4. Select File -> Save AS.
  5. Press the Desktop button on the left side of the save dialog.
  6. In the 10-16-2011%204-37-58%20PM.png box, type in Fix.bat.
  7. Press 10-16-2011%204-36-39%20PM.png.
  8. Close Notepad.
  9. Right click 10-16-2011%204-34-34%20PM.png on your desktop, and choose 10-16-2011%204-40-48%20PM.png.
  10. Press Yes if prompted by User Account Control.

Task 2

1. Download Malwarebytes Anti-Rootkit from http://www.malwarebytes.org/products/mbar/

2. Unzip the contents to a folder in a convenient location.

3. Open the folder where the contents were unzipped and run mbar.exe

4. Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

5. Click on the Cleanup button to remove any threats and reboot if prompted to do so.

6. Wait while the system shuts down and the cleanup process is performed.

7. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

That's good. Let's have you follow up with the following.

Task 1

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 / 8 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

IF prompted to update Avast definitions, answer NO.

aswmbr-1_zps5bcff15d.gif

On the following screen:

aswmbr-2_zpse79f2c16.gif

uncheck trace disk IO calls at the bottom left :excl:

Now, Click the "Scan" button to start scan.

Have patience as it scans.

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me)

Now click save log, save it to your desktop and Copy & Paste in your next reply.

Do NOT click any Fix button.

EXIT the tool.

Task 2

Download Dr.Web CureIt to the desktop.

The download is nearly 104.6 MB in size

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Turn off any other add-on security app {if you have them} like MBAM File System Protection.
  • If this system is Windows 8/7 or VISTA, then Right-click on Drweb-cureit-9_zpsa6b7b265.gifdrweb-cureit.exe and select Run as Administrator.
  • You will see a screen similar to this:
    Drweb-cureit-1_zps34a2f747.gif
    Click the checkbox to participate, and then click on Continue button.
  • Next
    Drweb-cureit-2_zpsee7bdcb6.gif
    Click on Select onjects for scanning
  • Next
    Drweb-cureit-3_zps137b4332.gif
    Put a checkmark by clicking on the boxes as shown.
    Do not select Temporary files or System Restore points.
    Then click on Start scanning button
  • The scan in progress will be shown like this
    Drweb-cureit-4_zps211037d0.gif
  • IF something is detected, you will see a screen similar to this
    Drweb-cureit-5_zpsd7be6acf.gif
    For each item "detected", click on the Action column down arrow, like this
    Drweb-cureit-8_zpsb099f9d5.gif
    Your options will be Cure or Ignore
    IF you see an item that you are very sure is ok, then un-check the checkbox for that item.
    Typically, you will keep the Cure default.
    Then click on the Neutralize button.
  • When the actions are completed, you will see this
    Drweb-cureit-7_zpsd290a127.gif
  • Click on the green Open Report line. It will pop-up the report in NOTEPAD.
    Save the report to your desktop. The report will be called Cureit.log
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, attach the log Cureit.log you saved previously in your next reply.
    Do not copy the log, but Attach it in the reply. The log will be quite large.

Re-Enable your antivirus program when all done.

Link to post
Share on other sites
ELVIS7

ELVIS7

Posted
  • Author
Posted

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2013-04-11 17:49:30

-----------------------------

17:49:30.217 OS Version: Windows x64 6.2.9200

17:49:30.217 Number of processors: 8 586 0x3A09

17:49:30.217 ComputerName: ETERNITY UserName: Elvis

17:49:30.249 Initialze error 1

17:50:06.555 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000003b

17:50:06.555 Disk 0 Vendor: ED1M Size: 715404MB BusType: 8

17:50:06.555 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000003c

17:50:06.555 Disk 1 Vendor: D2Q1 Size: 8313MB BusType: 8

17:50:06.571 Disk 0 MBR read successfully

17:50:06.571 Disk 0 MBR scan

17:50:06.571 Disk 0 unknown MBR code

17:50:06.571 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1

17:50:06.571 Disk 0 scanning C:\Windows\system32\drivers

17:50:06.571 Service scanning

17:50:07.243 Modules scanning

17:50:07.243 Scan finished successfully

17:51:33.723 Disk 0 MBR has been saved successfully to "C:\Users\Elvis\Desktop\MBR.dat"

17:51:33.723 The log file has been saved successfully to "C:\Users\Elvis\Desktop\aswMBR.txt"

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

OK, then, that run removed 1 file and did not "tag" anything else.

C:\Users\Elvis\Documents\software\bluescreenview_setup.exe - deleted

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://go.eset.com/us/online-scanner/faq

    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    • Do not use the system while the scan is running. Once the full scan is underway, go take a long break popcorn.gifpepsi.gif

Re-enable the antivirus program.

Reply with copy of the Eset scan log

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.