stolen.data bunch of files

Licit · September 3, 2011

I had the stolen.data result on 186 entries but they were all just text files of boilsoft video splitter info when I checked them. They have all been removed by malwarebytes and I ran a full scan after restart and it was clean. I went ahead and changed my banking password anyway to be safe. Now I may change all my credit cards passes as well. I've seen threads like this before but I am pretty sure they had more important info stolen than I did? Just wondering what is up now?

Sorry here is the text for results:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7639

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

9/2/2011 8:15:43 PM

mbam-log-2011-09-02 (20-15-43).txt

Scan type: Quick scan

Objects scanned: 191931

Time elapsed: 8 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 186

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Tim2011\AppData\Roaming\1053b65 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\1065c70 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\107e932 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\11d4790 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\1238827 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\1273532 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\1346c01 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\13bef77 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\13cab05 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\13db558 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\1480212 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\1634420 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\164ae29 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\1777460 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\17f7a65 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\1808418 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\184f775 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\1888156 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\18fad35 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\191bb41 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\1986592 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\19fde30 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\2040e91 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\2054257 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\2240480 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\230ac10 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\239bf28 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\2409d73 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\245c324 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\2482100 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\2488d56 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\2581f25 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\260b153 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\280d444 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\2815002 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\2881c27 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\2899a15 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\28d0175 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\28dbf46 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\2947307 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\2966d09 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\29d1a15 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\3002813 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\300e024 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\3042f49 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\30b5967 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\30cd896 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\32aa521 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\32ac232 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\330b074 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\3359932 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\3398c30 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\33dae42 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\33f7392 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\3411382 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\3505f50 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\3579999 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\369e719 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\36c7050 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\36eb341 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\3709b82 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\3716519 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\372b591 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\378f542 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\379ba82 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\3826818 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\3895306 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\38f3874 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\3999a04 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\415c025 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\416e456 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\417da28 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\4217b28 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\4277370 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\431ab68 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\4346f30 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\43f0d80 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\4426573 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\4489b44 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\44d1d83 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\44dc903 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\4501e39 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\4535971 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\4670f30 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\4693316 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\46c9814 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\4727661 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\472ee75 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\47e7135 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\47f1172 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\4825f15 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\485a727 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\491a924 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\491cc44 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\498df34 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\49b0e11 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\5143f17 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\51ac732 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\51d1395 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\51d5779 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\521f536 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\5261816 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\5387938 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\53a3949 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\541cd76 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\5509839 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\55f5619 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\58fc338 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\592fe35 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\6000979 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\60cb938 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\618b617 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\6235a66 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\6255104 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\62f7509 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\62fcf28 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\637d798 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\63d0f38 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\640d863 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\640e447 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\645e021 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\647ac33 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\64def94 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\662db11 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\66a8b38 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\66dcb58 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\66e8685 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\6727086 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\6789e95 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\6820038 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\68e7970 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\69a3857 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\7007030 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\7037420 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\70d5222 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\71f4e01 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\720fe44 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\72c6a87 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\7417872 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\7480a54 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\7485847 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\749ac07 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\74d8840 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\74e3305 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\7518575 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\7576f91 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\75a3089 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\7631e86 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\7645b58 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\7742908 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\784b271 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\78acd50 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\7921016 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\79b8639 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\8027e35 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\8069d75 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\809d581 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\82ea182 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\8308757 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\845e065 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\85e9975 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\8640656 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\8665942 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\86aac83 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\87f3a77 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\886ad10 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\8870935 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\9000b41 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\918d576 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\91f5350 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\92bc801 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\9332a37 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\9348f44 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\934e886 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\9395a96 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\94f3671 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\9534e59 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\960c272 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\96b9a76 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\97f9497 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\9807e45 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\980e411 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\9812319 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\98a8b68 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\98f7017 (Stolen.Data) -> Quarantined and deleted successfully.

c:\Users\Tim2011\AppData\Roaming\9951748 (Stolen.Data) -> Quarantined and deleted successfully.

screen317 · September 5, 2011

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Licit · September 5, 2011

Well I had run a scan yesterday and it had 22 files. Then a full scan said clean and I just ran a quick scan for the log you wanted, then after it I will post the text file dds:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7654

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

9/5/2011 9:41:25 AM

mbam-log-2011-09-05 (09-41-25).txt

Scan type: Quick scan

Objects scanned: 193333

Time elapsed: 7 minute(s), 43 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

---------------------------------------------------------------------------------------------

DDS.txt

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26

Run by Tim2011 at 9:42:11 on 2011-09-05

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5941.4116 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = g.msn.com/USCON/1

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

StartupFolder: C:\Users\Tim2011\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: Interfaces\{30268699-7812-4AB4-9212-4F902675A6CB} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{30268699-7812-4AB4-9212-4F902675A6CB}\361627C616370227F657475627 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{30268699-7812-4AB4-9212-4F902675A6CB}\478656B6C6F647A7E6562737 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{30268699-7812-4AB4-9212-4F902675A6CB}\7796C6569737 : DhcpNameServer = 68.87.72.134 68.87.77.134

TCP: Interfaces\{30268699-7812-4AB4-9212-4F902675A6CB}\B696C6C656270353 : DhcpNameServer = 192.168.1.1

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO-X64: Search Helper - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Tim2011\AppData\Roaming\Mozilla\Firefox\Profiles\ms1ac464.default\

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/11/03 21:32:23];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2010-11-3 146928]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-4 98208]

R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-11-3 705856]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-3 2320920]

R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]

R3 appliandMP;appliandMP;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?]

R3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]

R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]

R3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

R3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;C:\Windows\system32\DRIVERS\stdriver64.sys --> C:\Windows\system32\DRIVERS\stdriver64.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]

S3 appliand;Applian Network Service;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

.

=============== Created Last 30 ================

.

2011-08-28 05:18:27 -------- d-----w- C:\Users\Tim2011\08282011vortex.cgi_files

2011-08-24 13:53:55 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-08-24 13:53:55 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-08-18 21:13:54 -------- d-----w- C:\Users\Tim2011\drcolorchip-thankyou.cgi_files

2011-08-18 05:26:38 86016 ----a-w- C:\Windows\System32\ff_vfw.dll

2011-08-18 05:26:38 203264 ----a-w- C:\Windows\System32\unrar.dll

2011-08-18 05:26:37 -------- d-----w- C:\Program Files\K-Lite Codec Pack x64

2011-08-18 03:39:35 -------- d-----w- C:\Users\Tim2011\KC_CUSTOM_MENU_01.KC_ZC_HMPG_CMPT.GBL-2_files

2011-08-12 04:50:28 -------- d-----w- C:\Users\Tim2011\DownloadsCurrent-300M or bigger

2011-08-12 03:57:19 175616 ----a-w- C:\Windows\SysWow64\unrar.dll

2011-08-12 03:57:18 839680 ----a-w- C:\Windows\SysWow64\lameACM.acm

2011-08-12 03:57:18 74752 ----a-w- C:\Windows\SysWow64\ff_vfw.dll

2011-08-12 03:57:18 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll

2011-08-12 03:57:18 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll

2011-08-12 03:57:18 237568 ----a-w- C:\Windows\SysWow64\yv12vfw.dll

2011-08-12 03:57:18 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm

2011-08-12 03:57:16 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack

.

==================== Find3M ====================

.

2011-08-15 12:21:33 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-07-22 05:35:08 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-07-22 04:56:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-07-21 05:20:19 103784 ----a-w- C:\Users\Tim2011\GoToAssistDownloadHelper.exe

2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll

2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe

2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-07-06 23:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-06 23:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-06-23 05:31:31 5474688 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-06-23 04:32:02 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-06-23 04:32:02 3911552 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-06-21 06:27:14 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-06-21 06:20:48 1197056 ----a-w- C:\Windows\System32\wininet.dll

2011-06-21 06:20:06 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2011-06-21 05:36:36 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-06-21 05:35:05 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-06-21 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec

2011-06-21 04:26:02 386048 ----a-w- C:\Windows\SysWow64\html.iec

2011-06-15 09:58:31 212992 ----a-w- C:\Windows\System32\odbctrac.dll

2011-06-15 09:58:31 163840 ----a-w- C:\Windows\System32\odbccp32.dll

2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccu32.dll

2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccr32.dll

2011-06-15 09:04:46 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll

2011-06-15 09:04:46 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll

2011-06-15 09:04:46 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll

2011-06-15 09:04:46 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll

2011-06-15 09:04:46 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll

2011-06-12 11:13:58 56408 ----a-w- C:\Windows\System32\drivers\stdriver64.sys

2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 9:42:36.71 ===============

Licit · September 7, 2011

Any help from the above posted text? I've run a couple scans again and I got 3 and then 2 stolen.data files. It will always scan clean the first time scanning after it comes back with a couple stolen.data files.

screen317 · September 8, 2011

Hi,

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Licit · September 9, 2011

OK here is combofix text and dds text. One note Combofix told me that two mcafee processes were running but mcafee was uninstalled right after I got this laptop.

ComboFix 11-09-02.04 - Tim2011 09/09/2011 7:17.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5941.4753 [GMT -4:00]

Running from: c:\users\Tim2011\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

- REDUCED FUNCTIONALITY MODE -

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\PCDr\5830\Downloads\0d85b53c-d766-4bf0-8940-17b534910268.dll

c:\programdata\PCDr\5830\Downloads\2e066da0-02f5-4227-80e6-d506c5c8890d.dll

c:\programdata\PCDr\5830\Downloads\6fd9c210-a946-4464-b5b4-66b9f96ead1b.dll

c:\programdata\PCDr\5830\Downloads\a30a02da-a4ca-4f1c-af5c-d8dd738b134a.dll

c:\programdata\PCDr\5830\Downloads\c63422ee-d520-4a37-943a-c51b83c90a81.dll

c:\programdata\PCDr\5830\Downloads\ed901639-e445-40c0-9422-74d70d0b1449.dll

.

((((((((((((((((((((((((( Files Created from 2011-08-09 to 2011-09-09 )))))))))))))))))))))))))))))))

.

2011-09-09 11:18 . 2011-09-09 11:18 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-28 05:18 . 2011-08-28 05:18 -------- d-----w- c:\users\Tim2011\08282011vortex.cgi_files

2011-08-24 13:53 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-24 13:53 . 2011-07-09 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-08-18 21:13 . 2011-08-18 21:13 -------- d-----w- c:\users\Tim2011\drcolorchip-thankyou.cgi_files

2011-08-18 05:26 . 2011-08-08 18:00 86016 ----a-w- c:\windows\system32\ff_vfw.dll

2011-08-18 05:26 . 2011-03-02 10:43 203264 ----a-w- c:\windows\system32\unrar.dll

2011-08-18 05:26 . 2011-08-18 05:26 -------- d-----w- c:\program files\K-Lite Codec Pack x64

2011-08-18 03:39 . 2011-08-18 03:39 -------- d-----w- c:\users\Tim2011\KC_CUSTOM_MENU_01.KC_ZC_HMPG_CMPT.GBL-2_files

2011-08-12 04:50 . 2011-09-09 07:12 -------- d-----w- c:\users\Tim2011\DownloadsCurrent-300M or bigger

2011-08-12 03:57 . 2011-03-02 10:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll

2011-08-12 03:57 . 2011-08-08 08:00 74752 ----a-w- c:\windows\SysWow64\ff_vfw.dll

2011-08-12 03:57 . 2011-07-16 14:17 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm

2011-08-12 03:57 . 2011-06-24 14:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll

2011-08-12 03:57 . 2011-06-24 14:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll

2011-08-12 03:57 . 2010-11-03 18:08 237568 ----a-w- c:\windows\SysWow64\yv12vfw.dll

2011-08-12 03:57 . 2008-09-24 18:41 839680 ----a-w- c:\windows\SysWow64\lameACM.acm

2011-08-12 03:57 . 2011-08-12 03:57 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-15 12:21 . 2011-06-11 09:11 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-07-21 05:20 . 2011-07-21 05:20 103784 ----a-w- c:\users\Tim2011\GoToAssistDownloadHelper.exe

2011-07-16 04:32 . 2011-08-10 11:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-07-06 23:52 . 2011-06-18 05:37 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-06 23:52 . 2011-06-18 05:37 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-12 11:13 . 2011-06-12 11:13 56408 ----a-w- c:\windows\system32\drivers\stdriver64.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-06-11 560128]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]

.

c:\users\Tim2011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/11/03 21:32];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-12-29 21:35 146928]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-06-07 408576]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]

S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-06-07 911872]

S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]

S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]

S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]

S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8208ce73-b13c-11e0-aec6-d0c52e595c52}]

\shell\AutoRun\command - "E:\WD SmartWare.exe" autoplay=true

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

2011-09-09 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-08 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-08 391192]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-08 413720]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-04-06 3203440]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]

"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-06-08 1441792]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

FF - ProfilePath - c:\users\Tim2011\AppData\Roaming\Mozilla\Firefox\Profiles\ms1ac464.default\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]

"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe

.

**************************************************************************

.

Completion time: 2011-09-09 07:23:52 - machine was rebooted

ComboFix-quarantined-files.txt 2011-09-09 11:23

.

Pre-Run: 8,350,715,904 bytes free

Post-Run: 13,740,335,104 bytes free

.

- - End Of File - - C8CD81CBCCA62A2E58D2774EE1703387

And dds

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26

Run by Tim2011 at 7:26:30 on 2011-09-09

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5941.4620 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Windows\System32\vds.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe