Jump to content

Malware changed homepage to search.yahoo.com


Recommended Posts

Hello chitown2387 and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post the log files in your next reply.

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

Hi Maniac,

 

Thank you for the reply. I will post the logs below. 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16688
Run by Michael at 7:41:15 on 2013-09-15
Microsoft Windows 8 Pro  6.2.9200.0.1252.1.1033.18.8094.5875 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\WLANExt.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\taskhostex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Conexant\SA3\CxUtilSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Conexant\SA3\SmartAudio3.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Elantech\ETDGesture.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\PDF24\pdf24.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - 
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Power8] C:\Users\Michael\Downloads\Power8.exe
uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe
uRun: [Facebook Update] "C:\Users\Michael\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [searchProtection] "C:\Users\Michael\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Michael\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Michael\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NEXDEF~1.LNK - C:\Users\Michael\AppData\Local\Autobahn\nexdef.exe
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{4843B15B-B0B4-4E53-B197-7EAD11726588} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7DDC3FAB-8FC5-46CF-8562-5A3861F4EF19} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7DDC3FAB-8FC5-46CF-8562-5A3861F4EF19}\2496C6C6027596024786560235369656E63656026496D27657563747 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.33.1
TCP: Interfaces\{7DDC3FAB-8FC5-46CF-8562-5A3861F4EF19}\24F6F67623031313 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{7DDC3FAB-8FC5-46CF-8562-5A3861F4EF19}\348696361676F60234572637 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{7DDC3FAB-8FC5-46CF-8562-5A3861F4EF19}\348696361676F6023457263702548545 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{7DDC3FAB-8FC5-46CF-8562-5A3861F4EF19}\34F4E444F4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7DDC3FAB-8FC5-46CF-8562-5A3861F4EF19}\7427561647458696E6B637 : DHCPNameServer = 192.168.1.2
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - 
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe
x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [smartAudio] C:\Program Files\CONEXANT\SA3\SACpl.exe /sa3 /nv:3.0 /dne /s
x64-Run: [stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
x64-Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
x64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\k12s0ujh.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Michael\AppData\Local\Citrix\Plugins\94\npappdetector.dll
FF - plugin: C:\Users\Michael\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - ExtSQL: 2013-07-25 09:13; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-07-25 20:10; wecarereminder@bryan; C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\k12s0ujh.default\extensions\wecarereminder@bryan
FF - ExtSQL: 2013-09-11 20:06; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\k12s0ujh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\WINDOWS\System32\Drivers\aswRvrt.sys [2013-3-29 65336]
R0 aswVmm;aswVmm;C:\WINDOWS\System32\Drivers\aswVmm.sys [2013-3-29 204880]
R1 aswKbd;aswKbd;C:\WINDOWS\System32\Drivers\aswKbd.sys [2013-4-23 22600]
R1 aswSnx;aswSnx;C:\WINDOWS\System32\Drivers\aswSnx.sys [2013-3-29 1030952]
R1 aswSP;aswSP;C:\WINDOWS\System32\Drivers\aswSP.sys [2013-3-29 378944]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-1-9 659968]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\System32\Drivers\aswFsBlk.sys [2013-3-29 33400]
R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\Drivers\aswMonFlt.sys [2013-3-29 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-13 46808]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-1-17 135952]
R2 CxUtilSvc;CxUtilSvc;C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe [2012-7-6 109184]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-7-6 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-7-6 1695040]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-14 3291008]
R2 TurboB;Turbo Boost UI Monitor driver;C:\WINDOWS\System32\Drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-7-6 363800]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-3-29 2669840]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\WINDOWS\System32\Drivers\CtClsFlt.sys [2012-7-6 176096]
R3 ETD;Dell Touchpad;C:\WINDOWS\System32\Drivers\ETD.sys [2012-7-6 201008]
R3 IntcDAud;Intel® Display Audio;C:\WINDOWS\System32\Drivers\IntcDAud.sys [2012-7-6 331264]
R3 RTL8167;Realtek 8167 NT Driver;C:\WINDOWS\System32\Drivers\Rt64win7.sys [2012-7-6 646248]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-4-9 166912]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 btmhsf;btmhsf;C:\WINDOWS\System32\Drivers\btmhsf.sys [2012-2-13 747008]
S3 ibtfltcoex;ibtfltcoex;C:\WINDOWS\System32\Drivers\iBtFltCoex.sys [2012-3-21 60928]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\WINDOWS\System32\Drivers\iusb3hub.sys [2012-7-6 356120]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\WINDOWS\System32\Drivers\iusb3xhc.sys [2012-7-6 787736]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-3-29 273168]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\WINDOWS\System32\Drivers\RtsUVStor.sys [2012-7-6 313448]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\Drivers\vmbusr.sys [2012-7-25 117248]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-09-15 05:17:29 -------- d-----w- C:\Users\Michael\AppData\Roaming\Malwarebytes
2013-09-15 05:17:15 -------- d-----w- C:\ProgramData\Malwarebytes
2013-09-15 05:17:13 25928 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2013-09-15 05:17:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-15 04:59:20 -------- d-----w- C:\AdwCleaner
2013-09-15 04:49:55 -------- d--h--w- C:\$SysReset
2013-09-15 04:39:35 81920 ----a-w- C:\WINDOWS\eSellerateControl350.dll
2013-09-15 04:39:35 356352 ----a-w- C:\WINDOWS\eSellerateEngine.dll
2013-09-15 04:39:35 274432 ----a-w- C:\WINDOWS\SysWow64\ssleay32.dll
2013-09-15 04:39:35 1122304 ----a-w- C:\WINDOWS\SysWow64\libeay32.dll
2013-09-15 04:39:35 -------- d-----w- C:\Program Files (x86)\Spigot Removal Tool
2013-09-15 04:30:57 78296 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2013-09-15 04:30:56 694232 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2013-09-14 01:35:33 265392 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10216.bin
2013-09-12 22:35:34 -------- d-----w- C:\Users\Michael\AppData\Roaming\uTorrent
2013-09-12 17:51:13 144896 ----a-w- C:\WINDOWS\System32\tssdisai.dll
2013-09-12 03:10:29 -------- d-----w- C:\Users\Michael\dwhelper
2013-09-11 00:21:59 723968 ----a-w- C:\WINDOWS\System32\BFE.DLL
2013-08-17 15:58:12 850944 ----a-w- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
2013-08-17 11:50:57 997632 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
.
==================== Find3M  ====================
.
2013-08-30 07:48:10 72016 ----a-w- C:\WINDOWS\System32\drivers\aswRdr2.sys
2013-08-30 07:48:10 65336 ----a-w- C:\WINDOWS\System32\drivers\aswRvrt.sys
2013-08-30 07:48:10 204880 ----a-w- C:\WINDOWS\System32\drivers\aswVmm.sys
2013-08-30 07:48:10 1030952 ----a-w- C:\WINDOWS\System32\drivers\aswSnx.sys
2013-08-30 07:48:09 80816 ----a-w- C:\WINDOWS\System32\drivers\aswMonFlt.sys
2013-08-30 07:47:40 41664 ----a-w- C:\WINDOWS\avastSS.scr
2013-08-21 04:12:06 2241024 ----a-w- C:\WINDOWS\System32\wininet.dll
2013-08-21 04:11:59 915968 ----a-w- C:\WINDOWS\System32\uxtheme.dll
2013-08-21 04:11:59 53760 ----a-w- C:\WINDOWS\System32\UXInit.dll
2013-08-21 04:11:07 3959296 ----a-w- C:\WINDOWS\System32\jscript9.dll
2013-08-21 04:11:04 67072 ----a-w- C:\WINDOWS\System32\iesetup.dll
2013-08-21 04:11:04 136704 ----a-w- C:\WINDOWS\System32\iesysprep.dll
2013-08-21 02:34:51 2706432 ----a-w- C:\WINDOWS\System32\mshtml.tlb
2013-08-21 02:06:11 1767936 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
2013-08-21 02:06:06 44032 ----a-w- C:\WINDOWS\SysWow64\UXInit.dll
2013-08-21 02:05:28 2876928 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2013-08-21 02:05:25 61440 ----a-w- C:\WINDOWS\SysWow64\iesetup.dll
2013-08-21 02:05:25 109056 ----a-w- C:\WINDOWS\SysWow64\iesysprep.dll
2013-08-21 01:43:54 2706432 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb
2013-08-20 23:52:56 534528 ----a-w- C:\WINDOWS\SysWow64\uxtheme.dll
2013-08-16 05:41:13 58200 ----a-w- C:\WINDOWS\System32\drivers\dam.sys
2013-08-16 05:39:26 2371728 ----a-w- C:\WINDOWS\System32\WSService.dll
2013-08-16 05:32:48 209200 ----a-w- C:\WINDOWS\System32\NotificationUI.exe
2013-08-16 05:22:22 40448 ----a-w- C:\WINDOWS\System32\wuapp.exe
2013-08-16 05:22:11 4917760 ----a-w- C:\WINDOWS\System32\sppsvc.exe
2013-08-16 05:20:30 105984 ----a-w- C:\WINDOWS\System32\WinSetupUI.dll
2013-08-15 22:43:21 35328 ----a-w- C:\WINDOWS\SysWow64\wuapp.exe
2013-08-15 22:43:07 84992 ----a-w- C:\WINDOWS\SysWow64\wudriver.dll
2013-08-15 22:43:07 126976 ----a-w- C:\WINDOWS\SysWow64\wuwebv.dll
2013-08-15 22:43:03 562688 ----a-w- C:\WINDOWS\SysWow64\WSShared.dll
2013-08-15 22:43:03 159232 ----a-w- C:\WINDOWS\SysWow64\WSSync.dll
2013-08-15 22:43:02 83968 ----a-w- C:\WINDOWS\SysWow64\OEMLicense.dll
2013-08-15 22:43:02 167424 ----a-w- C:\WINDOWS\SysWow64\WSClient.dll
2013-08-15 22:43:02 143872 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
2013-08-15 22:43:02 124928 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-08-15 22:42:52 76800 ----a-w- C:\WINDOWS\SysWow64\setupcln.dll
2013-08-15 22:42:47 91648 ----a-w- C:\WINDOWS\SysWow64\sppc.dll
2013-08-03 04:30:14 4038144 ----a-w- C:\WINDOWS\System32\win32k.sys
2013-07-13 06:18:21 337408 ----a-w- C:\WINDOWS\System32\wintrust.dll
2013-07-13 06:16:06 68096 ----a-w- C:\WINDOWS\System32\cryptsvc.dll
2013-07-13 06:16:06 1889280 ----a-w- C:\WINDOWS\System32\crypt32.dll
2013-07-13 06:15:53 98304 ----a-w- C:\WINDOWS\System32\apprepsync.dll
2013-07-13 06:15:53 124416 ----a-w- C:\WINDOWS\System32\apprepapi.dll
2013-07-13 04:24:58 261120 ----a-w- C:\WINDOWS\SysWow64\wintrust.dll
2013-07-13 04:23:11 1568256 ----a-w- C:\WINDOWS\SysWow64\crypt32.dll
2013-07-13 04:23:03 87040 ----a-w- C:\WINDOWS\SysWow64\apprepapi.dll
2013-07-13 04:23:03 74240 ----a-w- C:\WINDOWS\SysWow64\apprepsync.dll
2013-07-09 08:04:07 120144 ----a-w- C:\WINDOWS\System32\drivers\msgpioclx.sys
2013-07-09 06:18:21 439488 ----a-w- C:\WINDOWS\System32\WerFault.exe
2013-07-09 06:07:17 2233168 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2013-07-09 04:25:45 385768 ----a-w- C:\WINDOWS\SysWow64\WerFault.exe
2013-07-09 03:57:19 245760 ----a-w- C:\WINDOWS\SysWow64\LocationApi.dll
2013-07-08 22:46:00 543744 ----a-w- C:\WINDOWS\System32\wwanmm.dll
2013-07-08 22:46:00 414208 ----a-w- C:\WINDOWS\System32\wwanconn.dll
2013-07-08 22:46:00 370688 ----a-w- C:\WINDOWS\System32\Wwanadvui.dll
2013-07-08 22:45:16 312832 ----a-w- C:\WINDOWS\System32\LocationApi.dll
2013-07-06 00:16:17 1025024 ----a-w- C:\WINDOWS\System32\localspl.dll
2013-07-03 00:23:43 391168 ----a-w- C:\WINDOWS\System32\Windows.Networking.BackgroundTransfer.dll
2013-07-03 00:23:12 778752 ----a-w- C:\WINDOWS\System32\oleaut32.dll
2013-07-03 00:22:26 1300480 ----a-w- C:\WINDOWS\System32\gdi32.dll
2013-07-03 00:11:23 268800 ----a-w- C:\WINDOWS\SysWow64\Windows.Networking.BackgroundTransfer.dll
2013-07-03 00:11:02 551424 ----a-w- C:\WINDOWS\SysWow64\oleaut32.dll
2013-07-02 00:44:14 36288 ----a-w- C:\WINDOWS\System32\drivers\WdBoot.sys
2013-07-01 22:08:49 247216 ----a-w- C:\WINDOWS\System32\drivers\WdFilter.sys
2013-06-30 22:30:14 67072 ----a-w- C:\WINDOWS\SysWow64\openfiles.exe
2013-06-30 22:29:22 77312 ----a-w- C:\WINDOWS\System32\openfiles.exe
2013-06-29 06:15:54 195416 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
2013-06-29 06:15:47 125784 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys
2013-06-29 05:43:16 327512 ----a-w- C:\WINDOWS\System32\drivers\Classpnp.sys
2013-06-29 01:12:01 1022464 ----a-w- C:\WINDOWS\SysWow64\gdi32.dll
2013-06-26 03:01:38 321536 ----a-w- C:\WINDOWS\System32\drivers\udfs.sys
2013-06-24 22:54:52 447488 ----a-w- C:\WINDOWS\System32\wwansvc.dll
2013-06-24 22:54:45 74240 ----a-w- C:\WINDOWS\System32\wcmcsp.dll
2013-06-24 22:54:45 263680 ----a-w- C:\WINDOWS\System32\wcmsvc.dll
2013-06-19 05:36:21 183808 ----a-w- C:\WINDOWS\System32\winmmbase.dll
2013-06-19 05:36:21 115712 ----a-w- C:\WINDOWS\System32\winmm.dll
2013-06-18 22:38:00 160256 ----a-w- C:\WINDOWS\SysWow64\winmmbase.dll
2013-06-18 22:38:00 125440 ----a-w- C:\WINDOWS\SysWow64\winmm.dll
2011-12-20 23:32:52 81608 --sha-w- C:\WINDOWS\Panther\Rollback\Boot\Info.exe
.
============= FINISH:  7:41:53.74 ===============
Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8 Pro

Boot Device: \Device\HarddiskVolume2

Install Date: 10/26/2012 11:36:05 AM

System Uptime: 9/14/2013 10:01:22 PM (9 hours ago)

.

Motherboard: Dell Inc. |  | 04G65K

Processor: Intel® Core i5-3210M CPU @ 2.50GHz | U3E1 | 2501/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 918 GiB total, 813.355 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: WAN Miniport (IP)

Device ID: ROOT\MS_NDISWANIP\0000

Manufacturer: Microsoft

Name: WAN Miniport (IP)

PNP Device ID: ROOT\MS_NDISWANIP\0000

Service: NdisWan

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: WAN Miniport (IPv6)

Device ID: ROOT\MS_NDISWANIPV6\0000

Manufacturer: Microsoft

Name: WAN Miniport (IPv6)

PNP Device ID: ROOT\MS_NDISWANIPV6\0000

Service: NdisWan

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: WAN Miniport (Network Monitor)

Device ID: ROOT\MS_NDISWANBH\0000

Manufacturer: Microsoft

Name: WAN Miniport (Network Monitor)

PNP Device ID: ROOT\MS_NDISWANBH\0000

Service: NdisWan

.

==== System Restore Points ===================

.

RP90: 8/28/2013 5:37:20 PM - Windows Update

RP91: 9/1/2013 6:45:06 PM - Windows Update

RP92: 9/4/2013 7:13:59 PM - Windows Update

RP93: 9/8/2013 7:36:32 AM - Windows Update

RP94: 9/11/2013 5:50:58 PM - Windows Update

.

==== Installed Programs ======================

.

Accidental Damage Services Agreement

Adobe AIR

Adobe Digital Editions 2.0

Adobe Download Assistant

Adobe Reader X (10.1.6) MUI

Advanced Audio FX Engine

Apple Application Support

Apple Mobile Device Support

Apple Software Update

avast! Free Antivirus

Banctec Service Agreement

BitZipper 2013

Blio

Bonjour

Cisco Connect

Complete Care Business Service Agreement

Conexant SmartAudio HD

Consumer In-Home Service Agreement

Cozi

D3DX10

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Digital Delivery

Dell Edoc Viewer

Dell Getting Started Guide

Dell Home Systems Service Agreement

Dell MusicStage

Dell PhotoStage

Dell Stage Remote

Dell Support Center

Dell Touchpad

Dell VideoStage 

Dell Webcam Central

DivX Web Player

Dropbox

eBay

Facebook Video Calling 1.2.0.287

GIMP 2.8.6

Google Chrome

Google Drive

GoToMeeting 5.4.0.1082

Intel PROSet Wireless

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® PROSet/Wireless for Bluetooth® + High Speed

Intel® Rapid Storage Technology

Intel® Turbo Boost Technology Monitor 2.0

Intel® PROSet/Wireless WiFi Software

Intel® Trusted Connect Service Client

iTunes

Jing

join.me

Junk Mail filter update

Malwarebytes Anti-Malware version 1.75.0.1300

Mesh Runtime

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Communicator 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319

Mozilla Firefox 20.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

PDF24 Creator 5.7.0

PlayReady PC Runtime x86

Premium Service Agreement

QualxServ Service Agreement

Quickset64

Realtek USB 2.0 Card Reader

Search Protection

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition 

Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition 

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 

Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition 

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 

Security Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition 

Shared C Run-time for x64

Skype Click to Call

Skype™ 6.6

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VC80CRTRedist - 8.0.50727.762

VLC media player 2.0.5

WebSlingPlayer ActiveX

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Zinio Reader 4

.

==== Event Viewer Messages From Past Week ========

.

9/14/2013 10:05:16 PM, Error: Service Control Manager [7034]  - The Dell Digital Delivery Service service terminated 

 

unexpectedly.  It has done this 1 time(s).

9/14/2013 10:01:38 PM, Error: BTHUSB [30]  - The local adapter does not support an important Low Energy controller state.  

 

The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff.  Low Energy functionality will be disabled.

9/14/2013 10:01:27 PM, Error: Microsoft-Windows-Kernel-General [6]  - An I/O operation initiated by the Registry failed 

 

unrecoverably.The Registry could not flush hive (file): ''.

9/13/2013 4:40:44 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do 

 

not grant Local Activation permission for the COM Server application with CLSID  {B77C4C36-0154-4C52-AB49-FAA03837E47F}  

 

and APPID  {EA022610-0748-4C24-B229-6C507EBDFDBB}  to the user Michael-PC\Michael SID (S-1-5-21-3488405890-2194972499-

 

3896282513-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). 

 

This security permission can be modified using the Component Services administrative tool.

9/13/2013 1:02:20 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install 

 

the following update with error 0x80070103: Intel Corporation - Storage Controller - Intel® 7 Series Chipset Family SATA 

 

AHCI Controller.

9/11/2013 5:51:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install 

 

the following update with error 0x80246007: Security Update for Microsoft Office 2007 suites (KB2760588).

9/11/2013 5:51:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install 

 

the following update with error 0x80246007: Security Update for Microsoft Office Excel 2007 (KB2760583).

9/11/2013 5:51:38 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install 

 

the following update with error 0x80246007: Security Update for Microsoft Office 2007 suites (KB2760411).

.

==== End Of File ===========================
Link to post
Share on other sites

Step 1

Please uninstall this application: Search Protection

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • OTL log with Extras.txt
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.1 (09.15.2013:1)

OS: Windows 8 Pro x64

Ran by Michael on Sun 09/15/2013 at  8:15:06.26

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotection

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\we-care reminder"

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 09/15/2013 at  8:20:56.71

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

 

 

 

 


OTL logfile created on: 9/15/2013 8:24:05 AM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michael\Downloads

64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16688)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

7.90 Gb Total Physical Memory | 5.75 Gb Available Physical Memory | 72.79% Memory free

15.90 Gb Paging File | 13.66 Gb Available in Paging File | 85.89% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 917.66 Gb Total Space | 813.13 Gb Free Space | 88.61% Space Free | Partition Type: NTFS

 

Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013/09/15 08:23:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Downloads\OTL.exe

PRC - [2013/09/02 13:35:59 | 000,829,392 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2013/08/30 00:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2013/08/30 00:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2013/08/14 11:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2013/07/22 11:09:08 | 000,162,856 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe

PRC - [2013/07/11 20:40:46 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe

PRC - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/02/16 10:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

PRC - [2012/02/01 14:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2012/02/01 14:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2012/01/26 19:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

PRC - [2012/01/26 19:47:36 | 004,293,952 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

PRC - [2012/01/21 09:35:24 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2012/01/21 09:35:22 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2011/10/11 16:43:16 | 000,109,184 | ---- | M] (Conexant Systems, Inc.) -- C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe

PRC - [2011/06/29 06:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe

PRC - [2011/06/27 17:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/09/02 13:35:56 | 000,410,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppgooglenaclpluginchrome.dll

MOD - [2013/09/02 13:35:54 | 004,053,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll

MOD - [2013/09/02 13:35:04 | 000,709,584 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libglesv2.dll

MOD - [2013/09/02 13:35:03 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libegl.dll

MOD - [2013/09/02 13:35:01 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll

MOD - [2013/08/17 19:34:23 | 002,297,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\2d6e4ef61450818b934cfda112164249\System.Core.ni.dll

MOD - [2013/08/17 19:33:58 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\cf49a998b717bce1bce9a417376fd6ab\System.Transactions.ni.dll

MOD - [2013/08/17 19:33:52 | 000,488,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorUtil\64bd427803478d46019a9bed67ae33fd\IAStorUtil.ni.dll

MOD - [2013/08/17 19:33:48 | 000,978,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\67ca465023d310bef5d3285a39444f14\System.Configuration.ni.dll

MOD - [2013/08/16 09:24:06 | 005,464,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fc5d4ada42ed8e9a30b64912f5dc9767\System.Xml.ni.dll

MOD - [2013/08/16 09:24:03 | 012,436,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6b49661877ca78101ebc697b9a6a95fd\System.Windows.Forms.ni.dll

MOD - [2013/08/16 09:23:59 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e4447d26cd9083018bd28ddd60a0248\System.Drawing.ni.dll

MOD - [2013/08/16 09:23:54 | 014,344,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5ee445d76a53f7f0ece31685fb193b90\PresentationFramework.ni.dll

MOD - [2013/08/16 09:23:44 | 012,240,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\e160ec0c386568c802eff15bf297996b\PresentationCore.ni.dll

MOD - [2013/08/16 09:23:36 | 003,350,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\56543ab218fc1a48a39941558fe7d736\WindowsBase.ni.dll

MOD - [2013/08/16 09:23:33 | 007,988,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\1b46657236c1f942f9dbaf6aac73bb49\System.ni.dll

MOD - [2013/07/17 07:36:58 | 000,014,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorCommon\5078577e7bdd9a157766265d2170be2b\IAStorCommon.ni.dll

MOD - [2013/07/14 12:45:30 | 000,368,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\abb10610a31396b63a3cd6c4715b3780\PresentationFramework.Aero.ni.dll

MOD - [2013/07/14 12:45:07 | 011,500,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\d1ce70bf6cbab6ab838cbd8b50e902c1\mscorlib.ni.dll

MOD - [2013/07/01 15:08:23 | 005,283,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

MOD - [2013/04/21 21:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2013/04/21 21:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2012/10/09 18:35:25 | 005,992,448 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll

MOD - [2012/10/09 18:35:25 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

MOD - [2012/10/09 18:35:25 | 000,446,464 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll

MOD - [2012/10/09 18:35:25 | 000,110,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll

MOD - [2012/07/05 19:01:14 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

MOD - [2012/07/05 19:01:14 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

MOD - [2012/07/05 19:01:02 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll

MOD - [2012/07/05 19:01:00 | 000,569,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll

MOD - [2012/07/05 19:01:00 | 000,507,904 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll

MOD - [2012/01/26 19:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

MOD - [2011/06/29 06:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe

MOD - [2011/06/27 17:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe

MOD - [2011/06/27 17:25:30 | 000,058,944 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\DataService.dll

MOD - [2011/06/24 21:21:46 | 000,322,624 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll

MOD - [2011/06/24 21:20:26 | 000,565,968 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll

MOD - [2010/03/22 13:52:42 | 006,776,832 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll

MOD - [2010/03/16 18:28:28 | 000,326,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll

MOD - [2010/03/16 18:28:16 | 000,635,904 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll

MOD - [2010/03/16 18:28:04 | 001,926,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll

MOD - [2010/03/11 17:52:34 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll

MOD - [2010/03/11 17:52:34 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll

MOD - [2010/03/05 13:07:58 | 000,125,952 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll

MOD - [2010/03/05 13:07:58 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2013/08/30 00:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2013/08/15 22:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)

SRV:64bit: - [2013/07/01 17:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV:64bit: - [2013/06/24 15:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)

SRV:64bit: - [2013/06/01 02:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)

SRV:64bit: - [2013/05/03 23:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)

SRV:64bit: - [2013/05/03 23:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)

SRV:64bit: - [2013/04/08 21:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)

SRV:64bit: - [2013/03/01 19:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)

SRV:64bit: - [2013/03/01 19:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)

SRV:64bit: - [2013/01/09 16:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)

SRV:64bit: - [2013/01/09 16:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)

SRV:64bit: - [2012/11/05 21:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)

SRV:64bit: - [2012/09/19 23:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)

SRV:64bit: - [2012/07/25 20:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)

SRV:64bit: - [2012/07/25 20:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)

SRV:64bit: - [2012/07/25 20:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)

SRV:64bit: - [2012/07/25 20:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)

SRV:64bit: - [2012/07/25 20:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)

SRV:64bit: - [2012/07/25 20:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)

SRV:64bit: - [2012/07/25 20:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)

SRV:64bit: - [2012/07/25 20:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)

SRV:64bit: - [2012/07/25 20:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)

SRV:64bit: - [2012/07/25 20:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)

SRV:64bit: - [2012/07/25 20:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)

SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)

SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)

SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)

SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)

SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)

SRV:64bit: - [2012/03/29 05:57:36 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)

SRV:64bit: - [2012/03/29 05:57:24 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV:64bit: - [2012/03/29 05:57:14 | 000,626,960 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV:64bit: - [2012/03/29 05:57:10 | 000,148,752 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV:64bit: - [2012/01/17 14:12:28 | 000,135,952 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)

SRV:64bit: - [2012/01/10 19:01:52 | 000,627,936 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®

SRV:64bit: - [2012/01/09 10:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)

SRV:64bit: - [2011/10/11 16:43:16 | 000,109,184 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe -- (CxUtilSvc)

SRV:64bit: - [2010/11/29 13:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)

SRV:64bit: - [2010/09/22 16:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2013/08/14 11:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2013/04/11 20:13:02 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/11/05 21:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)

SRV - [2012/10/06 00:12:10 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2012/07/25 20:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)

SRV - [2012/07/06 18:04:09 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/04/09 22:33:28 | 000,166,912 | ---- | M] (Dell Products, LP.) [Auto | Stopped] -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)

SRV - [2012/02/16 10:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)

SRV - [2012/02/01 14:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2012/01/21 09:35:24 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2012/01/21 09:35:22 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/08/25 18:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2013/08/30 00:48:10 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2013/08/30 00:48:10 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2013/08/30 00:48:10 | 000,204,880 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswVmm.sys -- (aswVmm)

DRV:64bit: - [2013/08/30 00:48:10 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2013/08/30 00:48:10 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys -- (aswRvrt)

DRV:64bit: - [2013/08/30 00:48:10 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2013/08/30 00:48:09 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2013/08/30 00:48:09 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2013/08/15 22:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)

DRV:64bit: - [2013/07/09 01:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)

DRV:64bit: - [2013/07/01 17:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)

DRV:64bit: - [2013/07/01 15:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)

DRV:64bit: - [2013/06/28 23:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2013/06/10 14:17:46 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)

DRV:64bit: - [2013/06/01 04:29:35 | 000,337,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)

DRV:64bit: - [2013/06/01 04:29:35 | 000,213,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)

DRV:64bit: - [2013/05/31 20:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)

DRV:64bit: - [2013/05/04 00:34:17 | 000,446,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)

DRV:64bit: - [2013/05/04 00:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)

DRV:64bit: - [2013/03/06 15:33:20 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\aswKbd.sys -- (aswKbd)

DRV:64bit: - [2013/03/02 03:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)

DRV:64bit: - [2013/03/02 03:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)

DRV:64bit: - [2013/03/02 03:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)

DRV:64bit: - [2013/01/09 18:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)

DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/11/26 20:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)

DRV:64bit: - [2012/11/19 21:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)

DRV:64bit: - [2012/11/05 20:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)

DRV:64bit: - [2012/10/12 01:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/10/11 00:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)

DRV:64bit: - [2012/10/06 00:12:34 | 009,004,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2012/09/20 00:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2012/09/20 00:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/07/25 22:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/07/25 22:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)

DRV:64bit: - [2012/07/25 22:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)

DRV:64bit: - [2012/07/25 22:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)

DRV:64bit: - [2012/07/25 22:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)

DRV:64bit: - [2012/07/25 22:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)

DRV:64bit: - [2012/07/25 22:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)

DRV:64bit: - [2012/07/25 22:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2012/07/25 22:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2012/07/25 22:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)

DRV:64bit: - [2012/07/25 22:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2012/07/25 22:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)

DRV:64bit: - [2012/07/25 22:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)

DRV:64bit: - [2012/07/25 22:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2012/07/25 22:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)

DRV:64bit: - [2012/07/25 22:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2012/07/25 22:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2012/07/25 21:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)

DRV:64bit: - [2012/07/25 21:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)

DRV:64bit: - [2012/07/25 20:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)

DRV:64bit: - [2012/07/25 19:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)

DRV:64bit: - [2012/07/25 19:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)

DRV:64bit: - [2012/07/25 19:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)

DRV:64bit: - [2012/07/25 19:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)

DRV:64bit: - [2012/07/25 19:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)

DRV:64bit: - [2012/07/25 19:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)

DRV:64bit: - [2012/07/25 19:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)

DRV:64bit: - [2012/07/25 19:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)

DRV:64bit: - [2012/07/25 19:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)

DRV:64bit: - [2012/07/25 19:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)

DRV:64bit: - [2012/07/25 19:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)

DRV:64bit: - [2012/07/25 19:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)

DRV:64bit: - [2012/07/25 19:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)

DRV:64bit: - [2012/07/25 19:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012/07/25 19:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)

DRV:64bit: - [2012/07/25 19:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2012/07/25 19:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/07/25 19:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)

DRV:64bit: - [2012/07/25 19:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)

DRV:64bit: - [2012/07/25 19:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)

DRV:64bit: - [2012/07/25 19:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)

DRV:64bit: - [2012/07/25 19:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)

DRV:64bit: - [2012/07/25 19:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)

DRV:64bit: - [2012/07/25 19:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)

DRV:64bit: - [2012/07/25 19:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)

DRV:64bit: - [2012/03/21 09:13:14 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\iBtFltCoex.sys -- (ibtfltcoex)

DRV:64bit: - [2012/03/14 03:42:50 | 000,201,008 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ETD.sys -- (ETD)

DRV:64bit: - [2012/03/13 06:06:46 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Netwsw00.sys -- (NETwNs64)

DRV:64bit: - [2012/02/13 07:10:40 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btmhsf.sys -- (btmhsf)

DRV:64bit: - [2012/02/01 16:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2012/02/01 10:59:38 | 000,313,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUVStor.sys -- (RSUSBVSTOR)

DRV:64bit: - [2012/01/27 18:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\iusb3xhc.sys -- (iusb3xhc)

DRV:64bit: - [2012/01/27 18:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\iusb3hub.sys -- (iusb3hub)

DRV:64bit: - [2011/12/14 16:20:08 | 001,601,152 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\CHDRT64.sys -- (CnxtHdAudService)

DRV:64bit: - [2011/12/06 04:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2011/11/29 10:36:22 | 000,646,248 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/11/10 18:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2011/01/20 09:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\CtClsFlt.sys -- (CtClsFlt)

DRV:64bit: - [2010/11/29 13:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\TurboB.sys -- (TurboB)

DRV:64bit: - [2006/11/01 02:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WimFltr.sys -- (WimFltr)

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {860D5A1A-05F1-4B8E-B494-F0C1BF36282F}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{860D5A1A-05F1-4B8E-B494-F0C1BF36282F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{860D5A1A-05F1-4B8E-B494-F0C1BF36282F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-3488405890-2194972499-3896282513-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1

IE - HKU\S-1-5-21-3488405890-2194972499-3896282513-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=293224&fr=spigot-yhp-ie

IE - HKU\S-1-5-21-3488405890-2194972499-3896282513-1000\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-3488405890-2194972499-3896282513-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKU\S-1-5-21-3488405890-2194972499-3896282513-1000\..\SearchScopes\{B343875D-0793-4821-A515-B4ECCBE053B4}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}

IE - HKU\S-1-5-21-3488405890-2194972499-3896282513-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3488405890-2194972499-3896282513-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledAddons: wecarereminder%40bryan:4.1.20.1

FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.selectedEngine: "Yahoo"


FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=293224"

FF - prefs.js..browser.startup.homepage: "http://search.yahoo.com?type=293224&fr=spigot-yhp-ff"

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Michael\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Michael\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/09/13 09:53:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/11 20:13:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/11 20:13:03 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2013/01/18 09:46:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions

[2013/09/11 20:06:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\k12s0ujh.default\extensions

[2013/09/11 20:06:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\k12s0ujh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2013/09/12 15:36:20 | 000,000,915 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\k12s0ujh.default\searchplugins\yahoo.xml

[2013/07/01 12:06:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2013/08/21 18:49:33 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2013/07/01 12:06:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

[2013/08/21 18:49:33 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2013/09/11 20:36:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions

[2013/09/11 20:36:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2013/09/11 20:36:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions

[2013/09/11 20:36:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2013/09/11 20:36:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

File not found (No name found) -- C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K12S0UJH.DEFAULT\EXTENSIONS\WECAREREMINDER@BRYAN

[2013/04/11 20:13:03 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2013/01/04 20:45:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2013/02/20 17:35:52 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}


CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll

CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll

CHR - Extension: YouTube = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Tampermonkey = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.4.3568.10_0\

CHR - Extension: AdBlock = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.7_0\

CHR - Extension: SlingPlayer for Web = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lidgnhlbmoakdjkfhanbhfngcadpaiac\1.5.15.770_0\

CHR - Extension: Skype Click to Call = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0\

CHR - Extension: Chrome In-App Payments service = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

CHR - Extension: Gmail = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

 

O1 HOSTS File: ([2012/07/25 22:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts

O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121016195421.dll File not found

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121016195421.dll File not found

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)

O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SA3\SACpl.exe (Conexant Systems, Inc.)

O4:64bit: - HKLM..\Run: [stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)

O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)

O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)

O4 - HKU\S-1-5-21-3488405890-2194972499-3896282513-1000..\Run: [Facebook Update] C:\Users\Michael\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKU\S-1-5-21-3488405890-2194972499-3896282513-1000..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe (TechSmith Corporation)

O4 - HKU\S-1-5-21-3488405890-2194972499-3896282513-1000..\Run: [Power8] C:\Users\Michael\Downloads\Power8.exe File not found

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk = C:\Users\Michael\AppData\Local\Autobahn\nexdef.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4843B15B-B0B4-4E53-B197-7EAD11726588}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DDC3FAB-8FC5-46CF-8562-5A3861F4EF19}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\cozi - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O30 - LSA: Security Packages - (livessp) -  File not found

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{8996f659-81f4-11e2-be7d-685d437e7619}\Shell - "" = AutoRun

O33 - MountPoints2\{8996f659-81f4-11e2-be7d-685d437e7619}\Shell\AutoRun\command - "" = "E:\LaunchU3.exe" -a

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = "E:\LaunchU3.exe" -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013/09/15 08:15:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT

[2013/09/14 22:17:29 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Malwarebytes

[2013/09/14 22:17:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/09/14 22:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/09/14 22:17:13 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys

[2013/09/14 22:17:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013/09/14 21:59:20 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2013/09/14 21:49:55 | 000,000,000 | -H-D | C] -- C:\$SysReset

[2013/09/14 21:39:35 | 001,122,304 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\SysWow64\libeay32.dll

[2013/09/14 21:39:35 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll

[2013/09/14 21:39:35 | 000,274,432 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\SysWow64\ssleay32.dll

[2013/09/14 21:39:35 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateControl350.dll

[2013/09/14 21:39:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spigot Removal Tool

[2013/09/12 15:35:34 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\uTorrent

[2013/09/11 20:10:29 | 000,000,000 | ---D | C] -- C:\Users\Michael\dwhelper

 

========== Files - Modified Within 30 Days ==========

 

[2013/09/15 08:05:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/09/15 07:45:01 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/09/15 07:37:31 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/09/14 22:17:16 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/09/14 22:03:15 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/09/14 22:01:48 | 000,426,752 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT

[2013/09/14 22:01:37 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys

[2013/09/14 22:01:33 | 2070,687,743 | -HS- | M] () -- C:\hiberfil.sys

[2013/09/14 09:16:01 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3488405890-2194972499-3896282513-1000UA.job

[2013/09/14 09:16:00 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3488405890-2194972499-3896282513-1000Core.job

[2013/09/13 09:53:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysWow64\config.nt

[2013/09/11 20:21:53 | 2923,949,595 | ---- | M] () -- C:\Users\Michael\Desktop\Chicago Bears at Cincinnati Bengals [08 09 13] Full Match.mp4

[2013/09/07 20:07:04 | 000,915,518 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI

[2013/09/07 20:07:04 | 000,766,114 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat

[2013/09/07 20:07:04 | 000,151,182 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat

[2013/08/30 00:48:10 | 001,030,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswSnx.sys

[2013/08/30 00:48:10 | 000,378,944 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswSP.sys

[2013/08/30 00:48:10 | 000,204,880 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswVmm.sys

[2013/08/30 00:48:10 | 000,072,016 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswRdr2.sys

[2013/08/30 00:48:10 | 000,065,336 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys

[2013/08/30 00:48:10 | 000,064,288 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswTdi.sys

[2013/08/30 00:48:09 | 000,080,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys

[2013/08/30 00:48:09 | 000,033,400 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswFsBlk.sys

[2013/08/30 00:47:40 | 000,041,664 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2013/08/30 00:47:14 | 000,287,840 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\aswBoot.exe

[2013/08/29 15:15:20 | 000,001,057 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2013/08/29 15:15:13 | 000,001,029 | ---- | M] () -- C:\Users\Michael\Desktop\Dropbox.lnk

 

========== Files Created - No Company Name ==========

 

[2013/09/14 22:17:16 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/09/14 22:01:38 | 000,426,752 | ---- | C] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT

[2013/09/11 20:10:34 | 2923,949,595 | ---- | C] () -- C:\Users\Michael\Desktop\Chicago Bears at Cincinnati Bengals [08 09 13] Full Match.mp4

[2013/09/10 17:22:39 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll

[2013/09/10 17:21:42 | 000,387,583 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml

[2012/11/29 13:51:22 | 000,060,304 | ---- | C] () -- C:\Users\Michael\g2mdlhlpx.exe

[2012/10/06 00:12:28 | 000,598,780 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng700.bin

[2012/10/06 00:12:22 | 000,755,048 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng700.bin

[2012/10/06 00:12:10 | 000,064,512 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll

[2012/07/26 01:13:10 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat

[2012/07/26 01:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT

[2012/07/26 00:21:26 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2012/07/25 18:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll

[2012/07/25 13:37:29 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin

[2012/07/25 13:28:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll

[2012/06/02 07:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat

[2012/01/10 18:39:16 | 000,001,536 | ---- | C] () -- C:\WINDOWS\SysWow64\IusEventLog.dll

 

========== ZeroAccess Check ==========

 

[2012/10/28 10:51:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/03/05 23:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/03/05 22:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 20:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 20:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 20:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

[2013/01/17 10:26:43 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2013/09/14 21:23:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Dropbox

[2012/10/26 10:42:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Fingertapps

[2012/10/15 18:07:39 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Leadertech

[2013/02/15 13:57:18 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PDAppFlex

[2012/10/15 18:14:41 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Sling Media

[2013/09/14 22:08:35 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\uTorrent

 

========== Purity Check ==========

 

 

 

< End of report >

 

Link to post
Share on other sites

Run OTL

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles
Link to post
Share on other sites

All processes killed

========== OTL ==========

HKU\S-1-5-21-3488405890-2194972499-3896282513-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-3488405890-2194972499-3896282513-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B343875D-0793-4821-A515-B4ECCBE053B4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B343875D-0793-4821-A515-B4ECCBE053B4}\ not found.

Prefs.js: wecarereminder%40bryan:4.1.20.1 removed from extensions.enabledAddons

Prefs.js: "Yahoo" removed from browser.search.defaultenginename

Prefs.js: "Yahoo" removed from browser.search.selectedEngine

Prefs.js: "http://search.yahoo....&type=293224&p=" removed from keyword.URL

Prefs.js: "chr-greentree_ff&ilc=12&type=293224" removed from browser.search.param.yahoo-fr

Prefs.js: "http://search.yahoo....r=spigot-yhp-ff" removed from browser.startup.homepage

C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\k12s0ujh.default\searchplugins\yahoo.xml moved successfully.

Use Chrome's Settings page to change the HomePage.

C:\Users\Michael\AppData\Roaming\uTorrent folder moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Michael\Downloads\cmd.bat deleted successfully.

C:\Users\Michael\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 57616 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default.migrated

 

User: Michael

->Temp folder emptied: 74968578 bytes

->Temporary Internet Files folder emptied: 248997937 bytes

->FireFox cache emptied: 88589436 bytes

->Google Chrome cache emptied: 411750754 bytes

->Flash cache emptied: 58752 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 212147930 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes

RecycleBin emptied: 13003895944 bytes

 

Total Files Cleaned = 13,390.00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 09152013_090039

 

Files\Folders moved on Reboot...

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

C:\WINDOWS\temp\_avast_\Webshlock.txt moved successfully.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.