PDA

View Full Version : Infection detection and redirection.


deshojo
2012-08-24, 14:27
Dear Sirs,

I have suspected an infection for a week or so now, although McAfee (via BT NetProtect Plus) has flagged nothing up, so I downloaded Malwarebytes which found several problems.
However, since then, and a windows update, things seem to have degenerated somewhat.
I ran HJT and removed a couple of BHOs which appeared to be redirects, but on surveying the rest of the report it became clear that the problem is well beyond my competence.
The required logs are herewith. Your help would be much appreciated.

Best regards,
Deshojo.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Admin at 11:46:28 on 2012-08-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4010.2547 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
uDefault_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: {074C1DC5-9320-4A9A-947D-C042949C6216} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120703161817.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: BT Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mRunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{0FDF03F5-6EB2-42B5-9F35-1222AEA219DE} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{AB04E561-D8EF-4A2E-A532-58E1E8A42B97} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{AB04E561-D8EF-4A2E-A532-58E1E8A42B97}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{AB04E561-D8EF-4A2E-A532-58E1E8A42B97}\2456C6B696E6E283642443E2765756374737 : DhcpNameServer = 192.168.169.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: {074C1DC5-9320-4A9A-947D-C042949C6216} - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120703161817.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB-X64: BT Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB-X64: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - No File
EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun-x64: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
mRun-x64: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce-x64: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mRunOnce-x64: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys --> C:\Windows\system32\DRIVERS\tdrpm273.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-5-31 98208]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-9-27 3246040]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-1-24 901184]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-1-24 991296]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-20 655944]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-8 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-8 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-8 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-8 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-9-6 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-9-6 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-26 2823000]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-5-31 2009704]
R2 OS Selector;Acronis OS Selector activator;C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-5-25 2139400]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-5-31 689472]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-2-18 378472]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-5-31 2656280]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-1-24 1298496]
R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-8 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 250056]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-8 136176]
S3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\system32\drivers\nvstusb.sys --> C:\Windows\system32\drivers\nvstusb.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-08-23 15:06:04 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-08-23 11:26:48 -------- d-----w- C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2012-08-20 15:38:08 -------- d-----w- C:\Users\Admin\AppData\Roaming\Malwarebytes
2012-08-20 15:38:01 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-20 15:38:00 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-20 15:38:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-20 11:05:56 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-08-20 00:44:28 -------- d-----w- C:\Windows\pss
2012-08-19 15:37:45 -------- d-----w- C:\Users\Admin\AppData\Local\Microsoft Games
2012-08-18 23:30:35 -------- d-----w- C:\Users\Admin\AppData\Roaming\iolo
2012-08-16 13:04:16 -------- d-----w- C:\Users\Admin\AppData\Local\Diagnostics
2012-08-09 13:16:00 -------- d-----w- C:\Users\Admin\AppData\Local\Freecorder 6 Video
2012-08-09 13:15:12 -------- d-----w- C:\Users\Admin\AppData\Roaming\Freecorder 6 Video
.
==================== Find3M ====================
.
2012-08-20 11:16:38 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-20 11:16:38 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-19 02:31:20 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-07-19 02:31:15 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-06 07:49:52 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 14:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 14:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 11:46:50.28 ===============


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-24 11:49:47
-----------------------------
11:49:47.655 OS Version: Windows x64 6.1.7601 Service Pack 1
11:49:47.655 Number of processors: 4 586 0x2A07
11:49:47.655 ComputerName: MATT-XPS UserName: Admin
11:49:48.950 Initialize success
11:55:42.188 AVAST engine defs: 12082400
11:55:55.962 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:55:55.978 Disk 0 Vendor: TOSHIBA_ MC00 Size: 610480MB BusType: 3
11:55:55.994 Disk 0 MBR read successfully
11:55:55.994 Disk 0 MBR scan
11:55:56.009 Disk 0 Windows VISTA default MBR code
11:55:56.009 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
11:55:56.040 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 208896
11:55:56.040 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 595377 MB offset 30928896
11:55:56.056 Disk 0 scanning C:\Windows\system32\drivers
11:56:05.993 Service scanning
11:56:35.727 Modules scanning
11:56:35.743 Disk 0 trace - called modules:
11:56:35.789 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
11:56:35.789 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006647060]
11:56:35.805 3 CLASSPNP.SYS[fffff88001c3b43f] -> nt!IofCallDriver -> [0xfffffa80064e6cb0]
11:56:35.821 5 stdcfltn.sys[fffff88001debc52] -> nt!IofCallDriver -> [0xfffffa8004afeb20]
11:56:35.821 7 ACPI.sys[fffff88000f467a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b04050]
11:56:36.959 AVAST engine scan C:\Windows
11:56:39.643 AVAST engine scan C:\Windows\system32
11:59:10.994 AVAST engine scan C:\Windows\system32\drivers
11:59:29.449 AVAST engine scan C:\Users\Admin
12:00:38.058 AVAST engine scan C:\ProgramData
12:05:34.474 Scan finished successfully
12:06:07.874 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
12:06:07.874 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"
torreattack
2012-09-02, 17:02
Please note that all instructions given are customised for this computer only.
Tthe tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Safer-Networking (http://forums.spybot.info/forumdisplay.php?f=22) forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.


Hi deshojo and welcome to Safer-Networking :)

My name is torreattack, and I will be helping you with your malware problems. Please be patient and I'm sure we'll be able to resolve your problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read:
How to back up or transfer your data on a Windows-based computer (http://support.microsoft.com/kb/971759)
Backup your data - Vista (http://www.vista4beginners.com/How-to-backup-your-data)
Backup your data - windows 7 (http://windows.microsoft.com/en-us/windows7/Back-up-your-files)

Please observe these rules while we work:
Perform all actions in the order given.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Stick with it till you're given the all clear.
Remember, absence of symptoms does not mean the infection is all gone.
Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.

If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given.
As sometimes it is necessary to go offline and you will lose access to them.

If you haven't done so already, please read this topic "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) where the conditions for receiving help here are explained.

I am currently reviewing your log and will return, as soon as possible, with additional instructions.

By the way, while waiting,
Have you back up your registry with Erunt ?
If you have Spybot-S&D installed, TeaTimer needs to be disabled so that its protection does not interfere with fixes. Could you disabled it?
note:You can find the instruction to perform these two tasks here (http://forums.spybot.info/showpost.php?p=1150&postcount=2).
Could you post the second log that was created by DDS. If You can't find it you may have to run the program again.

=================================================================================
Since the logs are quite "old" now, I need latest logs. Please run the following tools and post back the latest logs.
If you had downloaded these tools before, please delete them and download again because they are updated quite frequent.


1. TDSSKiller
Please download TDSSKiller.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.
Right click on TDSSKiller.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
When the TDSSKiller finish loading, click on Change parameters.
Tick the Detect TDLFS file system and click ok.
Click on Start Scan, the scan will run.
When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
Now click on Report to open the log file created by TDSSKiller in your root directory C:\
To find the log go to Start > Computer > C:
Post the contents of that log in your next reply please.
DO NOT TRY TO FIX ANYTHING AT THIS POINT


2. OTL
Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) ... by Old Timer . Save it to your Desktop.
Right click on OTL.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
Under Output, ensure that Minimal Output is selected.
Click the Scan All Users checkbox.
Leave the remaining selections to the default settings.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
OTL.txt <-- Will be opened, maximized
Extras.txt <-- Will be minimized on task bar.
Please post the contents of both OTL.txt and Extras.txt files in your next reply.


Thank you for your patience.
torreattack
deshojo
2012-09-04, 00:29
Good morning Torreattack,

Thank you for your response and your time in helping me.
Interesting that you are from Malaysia, as although I'm English, I was actually born in Singapore.:)

Please find below the DDS logs, and those from TDSSKiller and OTL.
Having glanced through them I must say I really appreciate you plowing through such a mass of information on my behalf.

My concern is that my computer activity is being monitored by someone (possibly someone I know), not necessarily for overtly malicious purposes, but nonetheless it would be most unwelcome if this were the case.

Best regards,
Deshojo

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Admin at 22:29:34 on 2012-09-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4010.2416 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\iolo\System Mechanic\SystemGuardAlerter.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120903201613.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{0FDF03F5-6EB2-42B5-9F35-1222AEA219DE} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{AB04E561-D8EF-4A2E-A532-58E1E8A42B97} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{AB04E561-D8EF-4A2E-A532-58E1E8A42B97}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{AB04E561-D8EF-4A2E-A532-58E1E8A42B97}\2456C6B696E6E283642443E2765756374737 : DhcpNameServer = 192.168.169.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120903201613.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys --> C:\Windows\system32\DRIVERS\tdrpm273.sys [?]
R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\ElRawDsk.sys --> C:\Windows\system32\drivers\ElRawDsk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-8-31 1027792]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-20 655944]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-8 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-8 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-8 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-8 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-9-6 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-9-6 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 PDFsFilter;PDFsFilter;C:\Windows\system32\DRIVERS\PDFsFilter.sys --> C:\Windows\system32\DRIVERS\PDFsFilter.sys [?]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-5-31 689472]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-4-25 202296]
S3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-1-24 1298496]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
S3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
S3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\system32\drivers\nvstusb.sys --> C:\Windows\system32\drivers\nvstusb.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-5-31 98208]
S4 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-9-27 3246040]
S4 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-1-24 901184]
S4 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-1-24 991296]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-8 136176]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-8 136176]
S4 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-26 2823000]
S4 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-5-31 2009704]
S4 OS Selector;Acronis OS Selector activator;C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-5-25 2139400]
S4 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S4 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-2-18 378472]
S4 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S4 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-5-31 2656280]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-08-31 22:19:36 511328 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL
2012-08-31 22:19:33 2154576 ----a-w- C:\Windows\System32\Incinerator64.dll
2012-08-31 22:19:32 2096360 ----a-w- C:\Windows\SysWow64\Incinerator32.dll
2012-08-31 22:19:23 82160 ----a-w- C:\Windows\System32\drivers\PDFsFilter.sys
2012-08-31 22:19:23 56472 ----a-w- C:\Windows\System32\iolobtdfg.exe
2012-08-31 22:19:23 25072 ----a-w- C:\Windows\System32\smrgdf.exe
2012-08-31 22:19:21 69000 ----a-w- C:\Windows\System32\offreg.dll
2012-08-31 22:19:21 56200 ----a-w- C:\Windows\SysWow64\offreg.dll
2012-08-31 22:12:21 30752 ----a-w- C:\Windows\System32\drivers\ElRawDsk.sys
2012-08-31 22:12:12 74703 ----a-w- C:\Windows\SysWow64\mfc45.dat
2012-08-31 22:12:12 -------- d-----w- C:\Users\Admin\AppData\Roaming\iolo
2012-08-31 22:11:11 -------- d-----w- C:\iolo
2012-08-31 20:51:19 74703 ----a-w- C:\Windows\SysWow64\mfc45.dll
2012-08-31 20:51:11 -------- d-----w- C:\Program Files (x86)\iolo
2012-08-30 20:07:46 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2012-08-30 20:07:45 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-08-27 23:02:43 -------- d-----w- C:\Windows\SysWow64\BestPractices
2012-08-27 23:02:42 -------- d-----w- C:\Windows\System32\BestPractices
2012-08-27 23:02:42 -------- d-----w- C:\inetpub
2012-08-23 15:06:04 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-08-20 15:38:08 -------- d-----w- C:\Users\Admin\AppData\Roaming\Malwarebytes
2012-08-20 15:38:01 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-20 15:38:00 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-20 15:38:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-20 11:05:56 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-08-20 00:44:28 -------- d-----w- C:\Windows\pss
2012-08-19 15:37:45 -------- d-----w- C:\Users\Admin\AppData\Local\Microsoft Games
2012-08-16 13:04:16 -------- d-----w- C:\Users\Admin\AppData\Local\Diagnostics
2012-08-09 13:16:00 -------- d-----w- C:\Users\Admin\AppData\Local\Freecorder 6 Video
2012-08-09 13:15:12 -------- d-----w- C:\Users\Admin\AppData\Roaming\Freecorder 6 Video
.
==================== Find3M ====================
.
2012-07-19 02:31:20 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-07-19 02:31:15 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-06 07:49:52 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
.
============= FINISH: 22:29:54.49 ===============


OTL logfile created on: 9/3/2012 10:44:03 PM - Run 1
OTL by OldTimer - Version 3.2.60.0 Folder = C:\Users\Admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.92 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 57.63% Memory free
7.83 Gb Paging File | 5.75 Gb Available in Paging File | 73.37% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.42 Gb Total Space | 443.09 Gb Free Space | 76.21% Space Free | Partition Type: NTFS

Computer Name: MATT-XPS | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\iolo\System Mechanic\SystemGuardAlerter.exe (iolo technologies, LLC)
PRC - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll ()
MOD - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ioloSystemService) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (KSS) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (OS Selector) -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (PDFsFilter) -- C:\Windows\SysNative\drivers\PDFsFilter.sys (Raxco Software, Inc.)
DRV:64bit: - (ElRawDisk) -- C:\Windows\SysNative\drivers\ElRawDsk.sys (EldoS Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman273) -- C:\Windows\SysNative\drivers\tdrpm273.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics)
DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys ()
DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GT680x) -- C:\Windows\SysNative\drivers\gt680X.sys ( )
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {AFFA78BA-9C84-49BF-9C03-2468878B9825}
IE:64bit: - HKLM\..\SearchScopes\{AFFA78BA-9C84-49BF-9C03-2468878B9825}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {AFFA78BA-9C84-49BF-9C03-2468878B9825}
IE - HKLM\..\SearchScopes\{AFFA78BA-9C84-49BF-9C03-2468878B9825}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2470502964-3144720250-81723080-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
IE - HKU\S-1-5-21-2470502964-3144720250-81723080-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?.intl=uk&.partner=bt-1&.done=http%3a//bt.yahoo.com/%3f
IE - HKU\S-1-5-21-2470502964-3144720250-81723080-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2470502964-3144720250-81723080-1001\..\SearchScopes,DefaultScope = {C59470C1-B844-4FB4-A01D-714C38884664}
IE - HKU\S-1-5-21-2470502964-3144720250-81723080-1001\..\SearchScopes\{C59470C1-B844-4FB4-A01D-714C38884664}: "URL" = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-2470502964-3144720250-81723080-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2470502964-3144720250-81723080-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
IE - HKU\S-1-5-21-2470502964-3144720250-81723080-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2470502964-3144720250-81723080-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2470502964-3144720250-81723080-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-2470502964-3144720250-81723080-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A7 67 A0 49 20 88 CD 01 [binary data]
IE - HKU\S-1-5-21-2470502964-3144720250-81723080-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2470502964-3144720250-81723080-1003\..\SearchScopes,DefaultScope = {AFFA78BA-9C84-49BF-9C03-2468878B9825}
IE - HKU\S-1-5-21-2470502964-3144720250-81723080-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/08/23 12:04:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/09/03 20:58:53 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120703161817.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120903201613.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2470502964-3144720250-81723080-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2470502964-3144720250-81723080-1001..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FDF03F5-6EB2-42B5-9F35-1222AEA219DE}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB04E561-D8EF-4A2E-A532-58E1E8A42B97}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/03 22:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/09/03 22:26:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\First Logs
[2012/09/03 21:27:55 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/09/03 21:26:13 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\tdsskiller.exe
[2012/08/31 23:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
[2012/08/31 23:19:33 | 002,154,576 | ---- | C] (iolo technologies, LLC) -- C:\Windows\SysNative\Incinerator64.dll
[2012/08/31 23:19:32 | 002,096,360 | ---- | C] (iolo technologies, LLC) -- C:\Windows\SysWow64\Incinerator32.dll
[2012/08/31 23:19:23 | 000,082,160 | ---- | C] (Raxco Software, Inc.) -- C:\Windows\SysNative\drivers\PDFsFilter.sys
[2012/08/31 23:19:23 | 000,056,472 | ---- | C] (iolo technologies, LLC) -- C:\Windows\SysNative\iolobtdfg.exe
[2012/08/31 23:19:23 | 000,025,072 | ---- | C] (iolo technologies, LLC) -- C:\Windows\SysNative\smrgdf.exe
[2012/08/31 23:19:21 | 000,069,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\offreg.dll
[2012/08/31 23:19:21 | 000,056,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\offreg.dll
[2012/08/31 23:12:21 | 000,030,752 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\drivers\ElRawDsk.sys
[2012/08/31 23:12:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\iolo
[2012/08/31 23:11:11 | 000,000,000 | ---D | C] -- C:\iolo
[2012/08/31 21:51:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iolo
[2012/08/30 21:07:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/08/30 21:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/08/28 00:02:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BestPractices
[2012/08/28 00:02:42 | 000,000,000 | ---D | C] -- C:\inetpub
[2012/08/28 00:02:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\BestPractices
[2012/08/24 11:41:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/08/24 11:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/08/24 11:40:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/08/24 11:29:55 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2012/08/24 11:27:20 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Admin\Desktop\dds.com
[2012/08/24 11:25:24 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Admin\Desktop\erunt-setup.exe
[2012/08/23 16:06:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/08/23 16:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2012/08/20 16:38:08 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2012/08/20 16:38:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/20 16:38:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/20 16:38:00 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/20 16:38:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/20 16:17:26 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/08/20 16:17:26 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/08/20 16:17:26 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/08/20 12:04:20 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/20 12:04:20 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/20 12:04:19 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/20 12:04:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/20 12:04:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/20 12:04:18 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/20 12:04:18 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/20 12:04:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/20 12:04:18 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/20 12:04:18 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/20 12:04:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/20 12:04:17 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/20 12:04:17 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/20 01:44:28 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/08/20 01:38:52 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/20 01:38:47 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/20 01:38:47 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/20 01:38:47 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/20 01:38:30 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/20 01:38:30 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/20 01:38:30 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/20 01:38:18 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/19 16:37:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Microsoft Games
[2012/08/18 23:20:28 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\My Received Files
[2012/08/16 14:04:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Diagnostics
[2012/08/09 14:16:00 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Freecorder 6 Video
[2012/08/09 14:15:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Freecorder 6 Video
[2012/08/09 14:15:11 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Freecorder

========== Files - Modified Within 30 Days ==========

[2012/09/03 22:35:31 | 000,002,652 | ---- | M] () -- C:\Users\Admin\Desktop\Attach.zip
[2012/09/03 21:27:59 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/09/03 21:26:18 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\tdsskiller.exe
[2012/09/03 21:06:32 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/03 21:06:32 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/03 21:05:18 | 000,836,116 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/03 21:05:18 | 000,702,946 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/03 21:05:18 | 000,143,832 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/03 20:59:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/03 20:58:53 | 3153,727,488 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/01 00:18:15 | 000,003,408 | ---- | M] () -- C:\bootsqm.dat
[2012/08/31 23:38:25 | 000,000,406 | ---- | M] () -- C:\Windows\SysNative\ioloBootDefrag.cfg
[2012/08/31 23:19:37 | 000,002,221 | ---- | M] () -- C:\Users\Admin\Desktop\System Mechanic.lnk
[2012/08/31 23:12:12 | 000,074,703 | ---- | M] () -- C:\Windows\SysWow64\mfc45.dat
[2012/08/31 23:05:11 | 002,384,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/31 21:51:19 | 000,074,703 | ---- | M] () -- C:\Windows\SysWow64\mfc45.dll
[2012/08/31 21:51:15 | 000,001,177 | ---- | M] () -- C:\Users\Admin\Desktop\System Checkup.lnk
[2012/08/28 00:03:17 | 000,780,040 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/27 20:39:09 | 000,000,000 | -H-- | M] () -- C:\Users\Admin\Documents\Default.rdp
[2012/08/26 01:27:53 | 000,000,057 | ---- | M] () -- C:\Windows\SysWow64\mapisvc.inf
[2012/08/24 12:06:07 | 000,000,512 | ---- | M] () -- C:\Users\Admin\Desktop\MBR.dat
[2012/08/24 11:40:03 | 000,000,907 | ---- | M] () -- C:\Users\Admin\Desktop\ERUNT.lnk
[2012/08/24 11:30:07 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2012/08/24 11:27:22 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Admin\Desktop\dds.com
[2012/08/24 11:25:25 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Admin\Desktop\erunt-setup.exe
[2012/08/23 16:06:04 | 000,002,095 | ---- | M] () -- C:\Users\Admin\Desktop\HijackThis.lnk
[2012/08/23 01:09:22 | 000,010,788 | ---- | M] () -- C:\Users\Public\Documents\cc_20120823_010913.reg
[2012/08/23 00:08:42 | 000,007,675 | ---- | M] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2012/08/20 16:22:15 | 000,000,920 | ---- | M] () -- C:\Users\Public\Documents\cc_20120820_162155.reg
[2012/08/20 01:47:57 | 000,026,288 | ---- | M] () -- C:\Users\Public\Documents\cc_20120820_014748.reg
[2012/08/09 14:11:51 | 000,384,844 | ---- | M] () -- C:\Users\Admin\AppData\Local\funmoods-speeddial.crx

========== Files Created - No Company Name ==========

[2012/09/03 22:35:31 | 000,002,652 | ---- | C] () -- C:\Users\Admin\Desktop\Attach.zip
[2012/09/01 00:18:15 | 000,003,408 | ---- | C] () -- C:\bootsqm.dat
[2012/08/31 23:38:25 | 000,000,406 | ---- | C] () -- C:\Windows\SysNative\ioloBootDefrag.cfg
[2012/08/31 23:19:37 | 000,002,221 | ---- | C] () -- C:\Users\Admin\Desktop\System Mechanic.lnk
[2012/08/31 23:12:12 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2012/08/31 23:04:59 | 002,384,672 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/31 21:51:19 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012/08/31 21:51:15 | 000,001,177 | ---- | C] () -- C:\Users\Admin\Desktop\System Checkup.lnk
[2012/08/27 20:39:09 | 000,000,000 | -H-- | C] () -- C:\Users\Admin\Documents\Default.rdp
[2012/08/24 12:06:07 | 000,000,512 | ---- | C] () -- C:\Users\Admin\Desktop\MBR.dat
[2012/08/24 11:40:03 | 000,000,907 | ---- | C] () -- C:\Users\Admin\Desktop\ERUNT.lnk
[2012/08/23 16:06:04 | 000,002,095 | ---- | C] () -- C:\Users\Admin\Desktop\HijackThis.lnk
[2012/08/23 01:09:20 | 000,010,788 | ---- | C] () -- C:\Users\Public\Documents\cc_20120823_010913.reg
[2012/08/20 16:22:04 | 000,000,920 | ---- | C] () -- C:\Users\Public\Documents\cc_20120820_162155.reg
[2012/08/20 01:47:54 | 000,026,288 | ---- | C] () -- C:\Users\Public\Documents\cc_20120820_014748.reg
[2012/08/09 14:11:53 | 000,384,844 | ---- | C] () -- C:\Users\Admin\AppData\Local\funmoods-speeddial.crx
[2012/06/22 15:47:54 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\ForgiveMe.exe
[2012/06/22 15:47:54 | 000,000,059 | R--- | C] () -- C:\Windows\SysWow64\MKScannerSetting.ini
[2012/02/01 15:58:33 | 000,007,675 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2011/09/09 22:19:05 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2011/05/31 20:38:50 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/05/31 20:38:02 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/05/31 20:37:59 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/05/31 20:37:58 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/02/10 17:10:51 | 000,780,040 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

< End of report >
deshojo
2012-09-04, 00:38
Hi Torreattack,

I should perhaps point out that since my first post I have installed and run System Mechanic from the Dell website. This was after finding numerous fake and out of date security certificates installed, and a wireless certificate in the Trusted publishers list, which is apparently not good.
I sincerely hope this has not caused any headaches for you.:red:

Cheers,
Deshojo

OTL Extras logfile created on: 9/3/2012 10:44:03 PM - Run 1
OTL by OldTimer - Version 3.2.60.0 Folder = C:\Users\Admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.92 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 57.63% Memory free
7.83 Gb Paging File | 5.75 Gb Available in Paging File | 73.37% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.42 Gb Total Space | 443.09 Gb Free Space | 76.21% Space Free | Partition Type: NTFS

Computer Name: MATT-XPS | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E04E62-FDF6-4EF9-A36A-751ABF773C0A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0DBCA6ED-0869-47B9-A4F5-8F2905584BC7}" = rport=445 | protocol=6 | dir=out | app=system |
"{15D10C64-688F-49B5-9FD0-6006B46510E0}" = rport=137 | protocol=17 | dir=out | app=system |
"{1845A333-8414-4E3A-ADC9-EEE81ED4D34E}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{1A065091-82C6-456C-A233-A5B1EEE8E728}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1AB90C9F-6C4A-4540-9419-B4E158F0D1AB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1D853FFA-2949-4C13-9492-048FD036F23E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{297BAA0D-DADF-4C81-9C36-CAE9293E463B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{34B17553-DAF3-4140-BE26-6356ADF887A0}" = lport=445 | protocol=6 | dir=in | app=system |
"{4A0DD2C3-CB0E-4B17-908C-791536F796A7}" = lport=137 | protocol=17 | dir=in | app=system |
"{4DE73651-BCDC-404D-9E74-74716671DBA9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5A2D1896-0B0D-4068-B074-79F34CAF30DC}" = lport=138 | protocol=17 | dir=in | app=system |
"{60161F74-0C80-4054-BD5C-FFF20CB0045D}" = rport=138 | protocol=17 | dir=out | app=system |
"{658D4C41-2646-414D-9602-7B9806D279C2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6823BBD0-BDED-48B6-9580-24467644DBD6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6B975796-2B5E-4660-8F06-223CB33FE979}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6C2CC718-AD5F-4659-B3F1-78CCE9AC80B6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{6EBFA08A-C18A-4F84-98B8-28C3B1FAA5A8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{740F1E74-FC29-4E12-9784-B494C1EFBA19}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{757BBB77-3EBF-4B83-8721-9A35B7FBADAE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{763C5FDE-99BC-49F5-82BE-7956577FFC82}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{7B374729-115B-46C9-B693-95404A652669}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{829480BD-078A-4ADE-8B11-3D259511FB94}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{86FB6E42-DEFB-469F-888B-C80E142FE724}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{8D1E66EC-B6C9-4378-B44E-BA372B3AF045}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A625F1C4-D59E-4E11-A312-90D895844E90}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{ADA4391E-3D03-4984-BE6C-E9C0BAB3068A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AFFB279A-25C5-4623-8D0C-E6A33AF2C243}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CFB49441-8F56-46FA-BE05-552BC94CF573}" = lport=139 | protocol=6 | dir=in | app=system |
"{D990A088-D9B4-41E6-BD15-776DFE2BB632}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{DC1CA069-E9BE-4C26-ADDC-74E1DE0DCF5F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DDA13556-4C02-4C17-83B9-DBFFC2534C95}" = rport=139 | protocol=6 | dir=out | app=system |
"{DE1B85E9-3C91-40E8-8A65-6453D56F5417}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{DE291FD6-713A-43AD-88B3-0E59204BFB6B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E7C56C4F-B774-40E9-A052-3B3392DAA4F1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F14748F0-73B0-4AB5-9FD3-1B3B2F914DDF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F6998ABA-5E1F-400F-A55C-21AE6BA99CFD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F731F303-EE1E-402E-A8D5-5584485AF1BD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00081919-8AEB-4164-B828-AFEC61F2EE49}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{028BC5E5-69EE-4056-BF49-D2C76A160F3F}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{05461043-534D-4A4C-BB3B-CBFDC8403920}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1FACA30A-72FF-4591-B4E4-63F420207EC7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2C3466F3-F6F4-4ABF-A91C-60BEF0886889}" = protocol=6 | dir=out | app=system |
"{306AD641-E192-4833-96E1-EE66389400EF}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{325BF743-3392-413E-873A-BDAEC4EC0A30}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{353D2C5D-7209-4D55-8466-9E2BB82C8095}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4913E274-F479-475E-8AB5-024D134ADEB0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4AA8018B-BE0D-4C32-B0F7-8C1EC9658971}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4AF17131-1254-4FCC-8BCB-9FB9C23E8207}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{53B9490D-3C9F-411A-95C2-A248726B7730}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5C22E8D7-3522-4C83-A135-0A25ECDD9708}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{62D97A95-3CAA-44BA-AC6F-816D0B2BD52C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{85061743-1D87-44DD-BA6A-C40C53FCB072}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{85B7C68E-899A-42A3-92F7-33C2102455F9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{88A003C1-AD20-44D3-B144-7839376EAFC5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{932C3097-5116-4F76-81BD-8AD20019D7E5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{977217F9-36E7-456D-909E-CB1609CEFBAC}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{9DA5706A-75CC-4F31-BFF0-B7AB35FC1FF2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A264CE68-8293-460B-B532-188D694FB62A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{A3D4ED94-40FA-4523-9CBB-573526688106}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A8B4E9EC-0ABD-4240-B115-05AC325287D7}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{B8B918C6-4A2A-4115-963B-1BEA7C16BBF1}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{BC6FA654-E8F4-443E-B8E5-28ED99DA2474}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C42E175D-EB0F-40A3-A390-5AD89A684ACE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CF34AE5F-F090-4EF1-ACEA-A287776A4A90}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D4491B6D-685F-497D-ABF3-544D9D483A45}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D886DF57-441D-4118-BAF4-252FE755A768}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{E29299AD-D925-4D79-A8C7-CBF0EA86ECBB}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{EF71344C-7F14-4752-9976-5ACC83EB5EBC}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{FFF96E53-FE1D-4430-B05D-30DF53F6D30F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel(R) PROSet/Wireless WiFi Software
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{601B8608-C901-428C-8125-53585CA54124}" = Microsoft Camera Codec Pack
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 267.21
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 267.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{C7B40C35-85AE-4303-9EEA-1A1EA779664D}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CaptureOne6_is1" = Capture One 6.2
"CCleaner" = CCleaner
"Dell Support Center" = Dell Support Center
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis True Image Home 2011
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{243AA596-2B64-4DBF-B765-374B8328F504}" = BearPaw 1200CU Plus v1.2
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 34
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39901B4C-E954-4471-ADAB-E786AEE326D1}" = Dell Stage
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1" = System Checkup 3.3
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CCC78EF-027E-40E0-9B61-39932C65E3FE}" = Acronis Disk Director Home
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CC085605-79A6-3D50-6AE8-42D213ECBAFC}" = BBC iPlayer Desktop
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F336F89D-8C5A-432C-8EA9-DA19377AD591}" = Dell MusicStage
"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel(R) Wireless Display
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe AIR" = Adobe AIR
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"BTHomeHub" = BTHomeHub
"CoreFTP" = Core FTP LE
"Dell Webcam Central" = Dell Webcam Central
"DPP" = Canon Utilities Digital Photo Professional 3.4
"DVD Shrink_is1" = DVD Shrink 3.2
"ERUNT_is1" = ERUNT 1.1j
"Exploit Submission Wizard" = Exploit Submission Wizard
"Free Videos To DVD_is1" = Free Videos To DVD V 4.0.0
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"InstallShield_{243AA596-2B64-4DBF-B765-374B8328F504}" = BearPaw 1200CU Plus v1.2
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"MSC" = BT NetProtect Plus
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"WinAVI Video Converter 10.0_is1" = WinAVI Video Converter
"WinLiveSuite" = Windows Live Essentials
"WinRAR 4.01" = WinRAR 4.01
"Yahoo! Companion" = BT Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2470502964-3144720250-81723080-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bd4d3a0508d364f5" = Dell Driver Download Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2470502964-3144720250-81723080-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bd4d3a0508d364f5" = Dell Driver Download Manager

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/27/2012 6:24:36 PM | Computer Name = Matt-XPS | Source = WinMgmt | ID = 10
Description =

Error - 6/28/2012 4:40:03 AM | Computer Name = Matt-XPS | Source = WinMgmt | ID = 10
Description =

Error - 6/28/2012 9:06:02 AM | Computer Name = Matt-XPS | Source = WinMgmt | ID = 10
Description =

Error - 6/28/2012 3:08:37 PM | Computer Name = Matt-XPS | Source = WinMgmt | ID = 10
Description =

Error - 6/28/2012 3:58:49 PM | Computer Name = Matt-XPS | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Acronis\DiskDirector\WinPE\Files\systeminfo.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/28/2012 3:59:24 PM | Computer Name = Matt-XPS | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Acronis\DiskDirector\WinPE\Files\RecoveryExpert.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/28/2012 3:59:35 PM | Computer Name = Matt-XPS | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Acronis\DiskDirector\WinPE\Files\ManagementConsole.exe". Dependent Assembly
Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/28/2012 3:59:45 PM | Computer Name = Matt-XPS | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Acronis\DiskDirector\WinPE\Files\mmsBundle.dll". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/29/2012 7:05:50 AM | Computer Name = Matt-XPS | Source = WinMgmt | ID = 10
Description =

Error - 6/29/2012 2:30:12 PM | Computer Name = Matt-XPS | Source = WinMgmt | ID = 10
Description =

Error - 7/1/2012 12:52:39 PM | Computer Name = Matt-XPS | Source = WinMgmt | ID = 10
Description =

[ Dell Events ]
Error - 9/2/2011 8:29:49 AM | Computer Name = Matt-XPS | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/2/2011 8:29:49 AM | Computer Name = Matt-XPS | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/2/2011 10:17:45 AM | Computer Name = Matt-XPS | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/13/2011 5:24:00 PM | Computer Name = Matt-XPS | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/13/2011 5:24:00 PM | Computer Name = Matt-XPS | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 10/11/2011 7:37:56 PM | Computer Name = Matt-XPS | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 10/11/2011 7:37:56 PM | Computer Name = Matt-XPS | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/25/2012 4:05:28 PM | Computer Name = Matt-XPS | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/25/2012 4:05:28 PM | Computer Name = Matt-XPS | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/3/2012 3:36:07 PM | Computer Name = Matt-XPS | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ System Events ]
Error - 9/3/2012 5:37:57 PM | Computer Name = Matt-XPS | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 9/3/2012 5:37:57 PM | Computer Name = Matt-XPS | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 9/3/2012 5:37:57 PM | Computer Name = Matt-XPS | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 9/3/2012 5:37:57 PM | Computer Name = Matt-XPS | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 9/3/2012 5:37:57 PM | Computer Name = Matt-XPS | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 9/3/2012 5:37:57 PM | Computer Name = Matt-XPS | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 9/3/2012 5:37:57 PM | Computer Name = Matt-XPS | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 9/3/2012 5:37:58 PM | Computer Name = Matt-XPS | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 9/3/2012 5:37:58 PM | Computer Name = Matt-XPS | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058

Error - 9/3/2012 5:37:58 PM | Computer Name = Matt-XPS | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1058


< End of report >
torreattack
2012-09-04, 12:36
Hi Deshojo:


Interesting that you are from Malaysia, as although I'm English, I was actually born in Singapore.I worked in Singapore at year 1996.


My concern is that my computer activity is being monitored by someone (possibly someone I know), not necessarily for overtly malicious purposes, but nonetheless it would be most unwelcome if this were the case.Thanks for the info, will keep an eye on it.


I should perhaps point out that since my first post I have installed and run System Mechanic from the Dell website.
This is just my personal opinion, I do not trust any registry cleaner at all (include this one). Here is an excerpt from a discussion on regcleaners

Most reg cleaners aren't bad as such, but they aren't perfect and even the best have been known to cause problems. The point we are trying to make is that the risk of using one far outweighs any benefit. If it does work perfectly you will not see any difference. If it doesn't work properly you may end up with an expensive doorstop.

This post by Bill Castner is very informative: WhatTheTech Forum (http://forums.whatthetech.com/Regcleaner_t42862.html&st=30&p=418272#entry418272)


By the way, you did not post the TDSSKiller log, please post it.
You may find it at c:\TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt

thanks,
torreattack
deshojo
2012-09-04, 22:41
Hi Torreattack,

Apologies for ommitting this log.

I imagine Singapore has changed somewhat from when I was there, as I left aged 18 months in 1969.:laugh: Hopefully I'll return for a visit one day...

With reference to system mechanic, what convinced me was that it was the only software that pointed out the dangers of having a wifi certificate in the trusted publishers category, and even when logged in as administrator I could not move or delete any security certificates myself.
I will uncheck the registry altering elements within the program on your advice.

Best regards,
Matt

22:38:26.0952 7288 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
22:38:27.0327 7288 ============================================================
22:38:27.0327 7288 Current date / time: 2012/09/03 22:38:27.0327
22:38:27.0327 7288 SystemInfo:
22:38:27.0327 7288
22:38:27.0327 7288 OS Version: 6.1.7601 ServicePack: 1.0
22:38:27.0327 7288 Product type: Workstation
22:38:27.0327 7288 ComputerName: MATT-XPS
22:38:27.0327 7288 UserName: Admin
22:38:27.0327 7288 Windows directory: C:\Windows
22:38:27.0327 7288 System windows directory: C:\Windows
22:38:27.0327 7288 Running under WOW64
22:38:27.0327 7288 Processor architecture: Intel x64
22:38:27.0327 7288 Number of processors: 4
22:38:27.0327 7288 Page size: 0x1000
22:38:27.0327 7288 Boot type: Normal boot
22:38:27.0327 7288 ============================================================
22:38:28.0403 7288 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:38:28.0419 7288 ============================================================
22:38:28.0419 7288 \Device\Harddisk0\DR0:
22:38:28.0419 7288 MBR partitions:
22:38:28.0419 7288 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x33000, BlocksNum 0x1D4C000
22:38:28.0419 7288 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7F000, BlocksNum 0x48AD8AB0
22:38:28.0419 7288 ============================================================
22:38:28.0434 7288 C: <-> \Device\Harddisk0\DR0\Partition2
22:38:28.0434 7288 ============================================================
22:38:28.0434 7288 Initialize success
22:38:28.0434 7288 ============================================================
22:38:54.0627 6048 ============================================================
22:38:54.0627 6048 Scan started
22:38:54.0627 6048 Mode: Manual; TDLFS;
22:38:54.0627 6048 ============================================================
22:38:55.0095 6048 ================ Scan system memory ========================
22:38:55.0095 6048 System memory - ok
22:38:55.0095 6048 ================ Scan services =============================
22:38:55.0267 6048 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:38:55.0345 6048 1394ohci - ok
22:38:55.0376 6048 [ E0065CBF1A25C015C218457D2CD522B9 ] Acceler C:\Windows\system32\DRIVERS\Accelern.sys
22:38:55.0454 6048 Acceler - ok
22:38:55.0485 6048 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:38:55.0485 6048 ACPI - ok
22:38:55.0501 6048 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:38:55.0594 6048 AcpiPmi - ok
22:38:55.0703 6048 [ B07B9F3B2B94E4FC5B0F496DDD65ADF2 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
22:38:55.0719 6048 AcrSch2Svc - ok
22:38:55.0766 6048 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:38:55.0797 6048 adp94xx - ok
22:38:55.0828 6048 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:38:55.0828 6048 adpahci - ok
22:38:55.0844 6048 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:38:55.0859 6048 adpu320 - ok
22:38:55.0891 6048 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:38:55.0891 6048 AeLookupSvc - ok
22:38:55.0937 6048 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
22:38:56.0031 6048 AERTFilters - ok
22:38:56.0062 6048 [ AE1FCE2CD1E99BEA89183BA8CD320872 ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
22:38:56.0109 6048 afcdp - ok
22:38:56.0203 6048 [ AF44F7E027037628F1FAC3C13CDE73E6 ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
22:38:56.0218 6048 afcdpsrv - ok
22:38:56.0265 6048 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:38:56.0281 6048 AFD - ok
22:38:56.0296 6048 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:38:56.0296 6048 agp440 - ok
22:38:56.0327 6048 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:38:56.0343 6048 ALG - ok
22:38:56.0359 6048 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:38:56.0359 6048 aliide - ok
22:38:56.0374 6048 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:38:56.0374 6048 amdide - ok
22:38:56.0390 6048 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:38:56.0390 6048 AmdK8 - ok
22:38:56.0405 6048 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
22:38:56.0405 6048 AmdPPM - ok
22:38:56.0437 6048 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:38:56.0515 6048 amdsata - ok
22:38:56.0546 6048 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
22:38:56.0561 6048 amdsbs - ok
22:38:56.0577 6048 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:38:56.0639 6048 amdxata - ok
22:38:56.0686 6048 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
22:38:56.0764 6048 AppHostSvc - ok
22:38:56.0795 6048 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:38:56.0873 6048 AppID - ok
22:38:56.0905 6048 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:38:56.0905 6048 AppIDSvc - ok
22:38:56.0920 6048 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:38:56.0920 6048 Appinfo - ok
22:38:56.0936 6048 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
22:38:56.0936 6048 arc - ok
22:38:56.0967 6048 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:38:56.0983 6048 arcsas - ok
22:38:57.0092 6048 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:38:57.0185 6048 aspnet_state - ok
22:38:57.0201 6048 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:38:57.0201 6048 AsyncMac - ok
22:38:57.0217 6048 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:38:57.0232 6048 atapi - ok
22:38:57.0263 6048 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:38:57.0341 6048 AudioEndpointBuilder - ok
22:38:57.0357 6048 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:38:57.0388 6048 AudioSrv - ok
22:38:57.0404 6048 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:38:57.0435 6048 AxInstSV - ok
22:38:57.0466 6048 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
22:38:57.0482 6048 b06bdrv - ok
22:38:57.0497 6048 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:38:57.0497 6048 b57nd60a - ok
22:38:57.0513 6048 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:38:57.0513 6048 BDESVC - ok
22:38:57.0529 6048 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:38:57.0529 6048 Beep - ok
22:38:57.0591 6048 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:38:57.0607 6048 BFE - ok
22:38:57.0669 6048 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
22:38:57.0685 6048 BITS - ok
22:38:57.0700 6048 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:38:57.0716 6048 blbdrive - ok
22:38:57.0794 6048 [ C440483A5CE0E0AB03A79A33ACE35D91 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
22:38:58.0808 6048 Bluetooth Device Monitor - ok
22:38:58.0870 6048 [ C8AB8CA3557CCE041AC4C88E76AFBAD0 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
22:38:59.0837 6048 Bluetooth Media Service - ok
22:38:59.0884 6048 [ DF83FB0EB35C91339F1C84C6CF426100 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
22:39:00.0883 6048 Bluetooth OBEX Service - ok
22:39:00.0945 6048 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
22:39:00.0961 6048 Bonjour Service - ok
22:39:00.0976 6048 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:39:01.0023 6048 bowser - ok
22:39:01.0039 6048 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
22:39:01.0039 6048 BrFiltLo - ok
22:39:01.0054 6048 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
22:39:01.0054 6048 BrFiltUp - ok
22:39:01.0101 6048 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:39:01.0117 6048 Browser - ok
22:39:01.0132 6048 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:39:01.0148 6048 Brserid - ok
22:39:01.0163 6048 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:39:01.0163 6048 BrSerWdm - ok
22:39:01.0179 6048 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:39:01.0179 6048 BrUsbMdm - ok
22:39:01.0179 6048 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:39:01.0179 6048 BrUsbSer - ok
22:39:01.0226 6048 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
22:39:01.0226 6048 BthEnum - ok
22:39:01.0241 6048 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:39:01.0241 6048 BTHMODEM - ok
22:39:01.0273 6048 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
22:39:01.0273 6048 BthPan - ok
22:39:01.0319 6048 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
22:39:01.0351 6048 BTHPORT - ok
22:39:01.0397 6048 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:39:01.0397 6048 bthserv - ok
22:39:01.0444 6048 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
22:39:01.0444 6048 BTHUSB - ok
22:39:01.0475 6048 [ BA554BFCBF21201D310738A42C9C19E1 ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
22:39:01.0475 6048 btmaux - ok
22:39:01.0491 6048 [ 0010A54571F525A97EED8C091E96EAA9 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
22:39:01.0507 6048 btmhsf - ok
22:39:01.0522 6048 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:39:01.0538 6048 cdfs - ok
22:39:01.0585 6048 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:39:01.0631 6048 cdrom - ok
22:39:01.0663 6048 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:39:01.0678 6048 CertPropSvc - ok
22:39:01.0709 6048 [ 274CE03459896006F7A5069266E0469E ] cfwids C:\Windows\system32\drivers\cfwids.sys
22:39:01.0725 6048 cfwids - ok
22:39:01.0756 6048 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
22:39:01.0756 6048 circlass - ok
22:39:01.0803 6048 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:39:01.0803 6048 CLFS - ok
22:39:01.0865 6048 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:39:01.0881 6048 clr_optimization_v2.0.50727_32 - ok
22:39:01.0928 6048 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:39:01.0943 6048 clr_optimization_v2.0.50727_64 - ok
22:39:01.0990 6048 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:39:01.0990 6048 clr_optimization_v4.0.30319_32 - ok
22:39:02.0006 6048 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:39:02.0021 6048 clr_optimization_v4.0.30319_64 - ok
22:39:02.0053 6048 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:39:02.0053 6048 CmBatt - ok
22:39:02.0068 6048 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:39:02.0084 6048 cmdide - ok
22:39:02.0115 6048 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:39:02.0131 6048 CNG - ok
22:39:02.0146 6048 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:39:02.0146 6048 Compbatt - ok
22:39:02.0162 6048 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:39:02.0209 6048 CompositeBus - ok
22:39:02.0209 6048 COMSysApp - ok
22:39:02.0224 6048 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:39:02.0224 6048 crcdisk - ok
22:39:02.0255 6048 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:39:02.0333 6048 CryptSvc - ok
22:39:02.0365 6048 [ FBE228ABEAB2BE13B9C3A3A112D4D8DC ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
22:39:02.0427 6048 CtClsFlt - ok
22:39:02.0458 6048 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:39:02.0458 6048 DcomLaunch - ok
22:39:02.0489 6048 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:39:02.0505 6048 defragsvc - ok
22:39:02.0552 6048 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:39:02.0614 6048 DfsC - ok
22:39:02.0630 6048 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:39:02.0692 6048 Dhcp - ok
22:39:02.0723 6048 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:39:02.0723 6048 discache - ok
22:39:02.0755 6048 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
22:39:02.0755 6048 Disk - ok
22:39:02.0786 6048 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:39:02.0786 6048 Dnscache - ok
22:39:02.0801 6048 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:39:02.0895 6048 dot3svc - ok
22:39:02.0926 6048 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:39:02.0926 6048 DPS - ok
22:39:02.0957 6048 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:39:02.0973 6048 drmkaud - ok
22:39:03.0004 6048 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:39:03.0020 6048 DXGKrnl - ok
22:39:03.0051 6048 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:39:03.0051 6048 EapHost - ok
22:39:03.0113 6048 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
22:39:03.0129 6048 ebdrv - ok
22:39:03.0145 6048 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:39:03.0160 6048 EFS - ok
22:39:03.0223 6048 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:39:03.0269 6048 ehRecvr - ok
22:39:03.0301 6048 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:39:03.0301 6048 ehSched - ok
22:39:03.0332 6048 [ 627350A11295D82BF78D155B12FFD0EF ] ElRawDisk C:\Windows\system32\drivers\ElRawDsk.sys
22:39:03.0394 6048 ElRawDisk - ok
22:39:03.0410 6048 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:39:03.0425 6048 elxstor - ok
22:39:03.0441 6048 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:39:03.0441 6048 ErrDev - ok
22:39:03.0488 6048 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:39:03.0488 6048 EventSystem - ok
22:39:03.0581 6048 [ 8B6C9924B0D333DBF76086B8258A0891 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
22:39:03.0597 6048 EvtEng - ok
22:39:03.0628 6048 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:39:03.0628 6048 exfat - ok
22:39:03.0659 6048 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:39:03.0659 6048 fastfat - ok
22:39:03.0675 6048 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
22:39:03.0691 6048 fdc - ok
22:39:03.0706 6048 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:39:03.0706 6048 fdPHost - ok
22:39:03.0722 6048 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:39:03.0722 6048 FDResPub - ok
22:39:03.0753 6048 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:39:03.0753 6048 FileInfo - ok
22:39:03.0784 6048 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:39:03.0784 6048 Filetrace - ok
22:39:03.0847 6048 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:39:03.0847 6048 FLEXnet Licensing Service - ok
22:39:03.0862 6048 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
22:39:03.0862 6048 flpydisk - ok
22:39:03.0893 6048 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:39:03.0909 6048 FltMgr - ok
22:39:03.0956 6048 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
22:39:03.0971 6048 FontCache - ok
22:39:03.0987 6048 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:39:03.0987 6048 FsDepends - ok
22:39:04.0034 6048 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:39:04.0081 6048 Fs_Rec - ok
22:39:04.0096 6048 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:39:04.0096 6048 fvevol - ok
22:39:04.0112 6048 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:39:04.0127 6048 gagp30kx - ok
22:39:04.0174 6048 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:39:04.0174 6048 gpsvc - ok
22:39:04.0205 6048 [ 780FA047EA0C3C57709E3358F435E52A ] GT680x C:\Windows\system32\Drivers\gt680x.sys
22:39:04.0283 6048 GT680x - ok
22:39:04.0330 6048 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:39:04.0330 6048 gupdate - ok
22:39:04.0346 6048 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:39:04.0346 6048 gupdatem - ok
22:39:04.0377 6048 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:39:04.0377 6048 hcw85cir - ok
22:39:04.0393 6048 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:39:04.0393 6048 HDAudBus - ok
22:39:04.0393 6048 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
22:39:04.0393 6048 HidBatt - ok
22:39:04.0408 6048 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:39:04.0408 6048 HidBth - ok
22:39:04.0408 6048 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
22:39:04.0408 6048 HidIr - ok
22:39:04.0424 6048 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
22:39:04.0439 6048 hidserv - ok
22:39:04.0455 6048 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:39:04.0455 6048 HidUsb - ok
22:39:04.0486 6048 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:39:04.0486 6048 hkmsvc - ok
22:39:04.0517 6048 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:39:04.0533 6048 HomeGroupListener - ok
22:39:04.0580 6048 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:39:04.0595 6048 HomeGroupProvider - ok
22:39:04.0611 6048 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:39:04.0611 6048 HpSAMD - ok
22:39:04.0658 6048 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:39:04.0736 6048 HTTP - ok
22:39:04.0751 6048 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:39:04.0751 6048 hwpolicy - ok
22:39:04.0783 6048 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:39:04.0798 6048 i8042prt - ok
22:39:04.0829 6048 [ D469B77687E12FE43E344806740B624D ] iaStor C:\Windows\system32\drivers\iaStor.sys
22:39:04.0892 6048 iaStor - ok
22:39:04.0907 6048 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:39:04.0985 6048 iaStorV - ok
22:39:05.0017 6048 [ 50B8AB6013EF9970AC85FDBA0F622300 ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
22:39:05.0017 6048 iBtFltCoex - ok
22:39:05.0235 6048 [ EFE5A0AF39A8E179624117C521F1E012 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
22:39:05.0453 6048 igfx - ok
22:39:05.0516 6048 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:39:05.0531 6048 iirsp - ok
22:39:05.0594 6048 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:39:05.0609 6048 IKEEXT - ok
22:39:05.0641 6048 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\drivers\Impcd.sys
22:39:05.0687 6048 Impcd - ok
22:39:05.0797 6048 [ 8FED6428FDE53D7F4C105095F22524BE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:39:05.0859 6048 IntcAzAudAddService - ok
22:39:05.0890 6048 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
22:39:05.0906 6048 IntcDAud - ok
22:39:05.0921 6048 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:39:05.0921 6048 intelide - ok
22:39:05.0953 6048 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:39:05.0953 6048 intelppm - ok
22:39:06.0046 6048 [ B5A662956977407C6B9B88A846FEF9BD ] ioloSystemService C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
22:39:06.0077 6048 ioloSystemService - ok
22:39:06.0093 6048 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:39:06.0093 6048 IPBusEnum - ok
22:39:06.0155 6048 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:39:06.0155 6048 IpFilterDriver - ok
22:39:06.0187 6048 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:39:06.0202 6048 iphlpsvc - ok
22:39:06.0218 6048 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:39:06.0296 6048 IPMIDRV - ok
22:39:06.0296 6048 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:39:06.0296 6048 IPNAT - ok
22:39:06.0311 6048 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:39:06.0311 6048 IRENUM - ok
22:39:06.0311 6048 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:39:06.0327 6048 isapnp - ok
22:39:06.0343 6048 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:39:06.0389 6048 iScsiPrt - ok
22:39:06.0421 6048 [ E56417C56B6A7316B6F527C890A1860D ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
22:39:06.0483 6048 JMCR - ok
22:39:06.0530 6048 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:39:06.0545 6048 kbdclass - ok
22:39:06.0577 6048 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:39:06.0655 6048 kbdhid - ok
22:39:06.0670 6048 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:39:06.0670 6048 KeyIso - ok
22:39:06.0717 6048 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:39:06.0764 6048 KSecDD - ok
22:39:06.0779 6048 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:39:06.0811 6048 KSecPkg - ok
22:39:06.0935 6048 [ E47FFCA0909871AC1BFF0D446FF63CA9 ] KSS C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
22:39:06.0951 6048 KSS - ok
22:39:06.0967 6048 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:39:06.0967 6048 ksthunk - ok
22:39:06.0998 6048 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:39:07.0029 6048 KtmRm - ok
22:39:07.0091 6048 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:39:07.0091 6048 LanmanServer - ok
22:39:07.0123 6048 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:39:07.0123 6048 LanmanWorkstation - ok
22:39:07.0138 6048 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:39:07.0138 6048 lltdio - ok
22:39:07.0169 6048 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:39:07.0169 6048 lltdsvc - ok
22:39:07.0185 6048 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:39:07.0201 6048 lmhosts - ok
22:39:07.0232 6048 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:39:07.0247 6048 LMS - ok
22:39:07.0279 6048 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:39:07.0294 6048 LSI_FC - ok
22:39:07.0294 6048 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:39:07.0294 6048 LSI_SAS - ok
22:39:07.0294 6048 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
22:39:07.0294 6048 LSI_SAS2 - ok
22:39:07.0310 6048 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:39:07.0310 6048 LSI_SCSI - ok
22:39:07.0325 6048 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:39:07.0325 6048 luafv - ok
22:39:07.0357 6048 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
22:39:07.0357 6048 MBAMProtector - ok
22:39:07.0388 6048 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:39:07.0403 6048 MBAMService - ok
22:39:07.0497 6048 [ ACB01BF1A905356AB7F978C7FE852209 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:39:07.0497 6048 McAfee SiteAdvisor Service - ok
22:39:07.0513 6048 [ ACB01BF1A905356AB7F978C7FE852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:39:07.0513 6048 McMPFSvc - ok
22:39:07.0528 6048 [ ACB01BF1A905356AB7F978C7FE852209 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:39:07.0544 6048 mcmscsvc - ok
22:39:07.0544 6048 [ ACB01BF1A905356AB7F978C7FE852209 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:39:07.0544 6048 McNaiAnn - ok
22:39:07.0544 6048 [ ACB01BF1A905356AB7F978C7FE852209 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:39:07.0544 6048 McNASvc - ok
22:39:07.0653 6048 [ 44D0DA102FA7A1BE22FD7499E80DCF9B ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
22:39:07.0669 6048 McODS - ok
22:39:07.0684 6048 [ ACB01BF1A905356AB7F978C7FE852209 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:39:07.0684 6048 McProxy - ok
22:39:07.0715 6048 [ E998E3B12101288D716558466CBF6AE1 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
22:39:07.0715 6048 McShield - ok
22:39:07.0747 6048 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:39:07.0793 6048 Mcx2Svc - ok
22:39:07.0840 6048 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
22:39:07.0856 6048 megasas - ok
22:39:07.0871 6048 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
22:39:07.0887 6048 MegaSR - ok
22:39:07.0918 6048 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
22:39:07.0934 6048 MEIx64 - ok
22:39:07.0981 6048 [ 01884CB7655C8908B43FF5E364FE6FD2 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
22:39:07.0981 6048 mfeapfk - ok
22:39:08.0059 6048 [ DAB9A9CDFB04E4D68924492AA043019D ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
22:39:08.0121 6048 mfeavfk - ok
22:39:08.0168 6048 mfeavfk01 - ok
22:39:08.0215 6048 [ B26782C3D6045B4464017D7926877560 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
22:39:08.0215 6048 mfefire - ok
22:39:08.0246 6048 [ CE9A3680675C0907ADE16404CA967B49 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
22:39:08.0246 6048 mfefirek - ok
22:39:08.0293 6048 [ 60CF67458DD29CD17E77F2327B1A9A54 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
22:39:08.0371 6048 mfehidk - ok
22:39:08.0386 6048 [ A8129CFB919347F8533C934B365E9202 ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
22:39:08.0386 6048 mfenlfk - ok
22:39:08.0449 6048 [ 5041FA2BD2B3A2693B015771BFBF6DCA ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
22:39:08.0449 6048 mferkdet - ok
22:39:08.0495 6048 [ 723A5EB6CEF7F408C3D0F15A82A6BFF8 ] mfevtp C:\Windows\system32\mfevtps.exe
22:39:08.0495 6048 mfevtp - ok
22:39:08.0511 6048 [ 919C56DB14A0E1E2AB6DA5D2821DC26E ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
22:39:08.0573 6048 mfewfpk - ok
22:39:08.0620 6048 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:39:08.0620 6048 MMCSS - ok
22:39:08.0651 6048 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:39:08.0651 6048 Modem - ok
22:39:08.0667 6048 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:39:08.0683 6048 monitor - ok
22:39:08.0745 6048 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:39:08.0761 6048 mouclass - ok
22:39:08.0776 6048 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:39:08.0792 6048 mouhid - ok
22:39:08.0823 6048 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:39:08.0917 6048 mountmgr - ok
22:39:08.0932 6048 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:39:08.0963 6048 mpio - ok
22:39:08.0979 6048 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:39:08.0979 6048 mpsdrv - ok
22:39:09.0057 6048 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:39:09.0073 6048 MpsSvc - ok
22:39:09.0073 6048 MREMP50 - ok
22:39:09.0088 6048 MREMP50a64 - ok
22:39:09.0088 6048 MREMPR5 - ok
22:39:09.0104 6048 MRENDIS5 - ok
22:39:09.0104 6048 MRESP50 - ok
22:39:09.0104 6048 MRESP50a64 - ok
22:39:09.0119 6048 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:39:09.0119 6048 MRxDAV - ok
22:39:09.0135 6048 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:39:09.0151 6048 mrxsmb - ok
22:39:09.0151 6048 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:39:09.0166 6048 mrxsmb10 - ok
22:39:09.0197 6048 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:39:09.0197 6048 mrxsmb20 - ok
22:39:09.0213 6048 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:39:09.0213 6048 msahci - ok
22:39:09.0244 6048 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:39:09.0338 6048 msdsm - ok
22:39:09.0353 6048 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:39:09.0369 6048 MSDTC - ok
22:39:09.0416 6048 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:39:09.0416 6048 Msfs - ok
22:39:09.0447 6048 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:39:09.0447 6048 mshidkmdf - ok
22:39:09.0463 6048 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:39:09.0478 6048 msisadrv - ok
22:39:09.0509 6048 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:39:09.0509 6048 MSiSCSI - ok
22:39:09.0509 6048 msiserver - ok
22:39:09.0556 6048 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:39:09.0572 6048 MSKSSRV - ok
22:39:09.0603 6048 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:39:09.0603 6048 MSPCLOCK - ok
22:39:09.0603 6048 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:39:09.0603 6048 MSPQM - ok
22:39:09.0634 6048 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:39:09.0712 6048 MsRPC - ok
22:39:09.0728 6048 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:39:09.0728 6048 mssmbios - ok
22:39:09.0775 6048 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:39:09.0775 6048 MSTEE - ok
22:39:09.0790 6048 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
22:39:09.0806 6048 MTConfig - ok
22:39:09.0821 6048 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:39:09.0821 6048 Mup - ok
22:39:09.0884 6048 [ 6ED8935257672F4CD04A88A0F3DE093D ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
22:39:09.0946 6048 MyWiFiDHCPDNS - ok
22:39:09.0993 6048 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:39:09.0993 6048 napagent - ok
22:39:10.0024 6048 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:39:10.0040 6048 NativeWifiP - ok
22:39:10.0055 6048 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:39:10.0087 6048 NDIS - ok
22:39:10.0102 6048 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:39:10.0102 6048 NdisCap - ok
22:39:10.0118 6048 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:39:10.0118 6048 NdisTapi - ok
22:39:10.0133 6048 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:39:10.0227 6048 Ndisuio - ok
22:39:10.0243 6048 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:39:10.0243 6048 NdisWan - ok
22:39:10.0243 6048 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:39:10.0289 6048 NDProxy - ok
22:39:10.0321 6048 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:39:10.0321 6048 NetBIOS - ok
22:39:10.0352 6048 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:39:10.0352 6048 NetBT - ok
22:39:10.0367 6048 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:39:10.0367 6048 Netlogon - ok
22:39:10.0399 6048 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:39:10.0414 6048 Netman - ok
22:39:10.0445 6048 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:39:10.0508 6048 NetMsmqActivator - ok
22:39:10.0508 6048 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:39:10.0508 6048 NetPipeActivator - ok
22:39:10.0523 6048 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:39:10.0539 6048 netprofm - ok
22:39:10.0539 6048 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:39:10.0539 6048 NetTcpActivator - ok
22:39:10.0711 6048 [ 5D262402B0634C998F8CBCEAD7DD8676 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
22:39:10.0804 6048 NETwNs64 - ok
22:39:10.0820 6048 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:39:10.0820 6048 nfrd960 - ok
22:39:10.0851 6048 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:39:10.0867 6048 NlaSvc - ok
22:39:10.0991 6048 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
22:39:11.0007 6048 NOBU - ok
22:39:11.0023 6048 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:39:11.0023 6048 Npfs - ok
22:39:11.0038 6048 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:39:11.0038 6048 nsi - ok
22:39:11.0085 6048 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:39:11.0085 6048 nsiproxy - ok
22:39:11.0132 6048 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:39:11.0194 6048 Ntfs - ok
22:39:11.0225 6048 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:39:11.0225 6048 Null - ok
22:39:11.0257 6048 [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
22:39:11.0303 6048 nusb3hub - ok
22:39:11.0335 6048 [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
22:39:11.0381 6048 nusb3xhc - ok

Continued...
deshojo
2012-09-04, 22:41
22:39:11.0413 6048 [ 857FB74754EBFF94EE3AD40788740916 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
22:39:11.0506 6048 NVHDA - ok
22:39:11.0756 6048 [ D5DEA2C1865CAB9EE6AA29CF9E79A2CE ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:39:11.0959 6048 nvlddmkm - ok
22:39:12.0005 6048 [ 5EF70F7714C664BCF50EDFC141DEA9B8 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
22:39:12.0083 6048 nvpciflt - ok
22:39:12.0099 6048 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:39:12.0177 6048 nvraid - ok
22:39:12.0208 6048 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:39:12.0208 6048 nvstor - ok
22:39:12.0239 6048 [ 9E01B716C8085F7ADB1CDC10103CEEF8 ] NvStUSB C:\Windows\system32\drivers\nvstusb.sys
22:39:12.0239 6048 NvStUSB - ok
22:39:12.0286 6048 [ 5A4AF8EA634B4FEEAF6F16BB1845715A ] NVSvc C:\Windows\system32\nvvsvc.exe
22:39:12.0317 6048 NVSvc - ok
22:39:12.0427 6048 [ 4B7636C52A359AB0783B350A5FBDBB49 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
22:39:12.0442 6048 nvUpdatusService - ok
22:39:12.0458 6048 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:39:12.0458 6048 nv_agp - ok
22:39:12.0489 6048 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:39:12.0489 6048 ohci1394 - ok
22:39:12.0614 6048 [ 9BFD0A072459782E3638362A4473E283 ] OS Selector C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
22:39:12.0645 6048 OS Selector - ok
22:39:12.0707 6048 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:39:12.0707 6048 p2pimsvc - ok
22:39:12.0739 6048 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:39:12.0754 6048 p2psvc - ok
22:39:12.0770 6048 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
22:39:12.0770 6048 Parport - ok
22:39:12.0801 6048 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:39:12.0848 6048 partmgr - ok
22:39:12.0863 6048 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:39:12.0863 6048 PcaSvc - ok
22:39:12.0895 6048 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:39:12.0895 6048 pci - ok
22:39:12.0910 6048 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:39:12.0910 6048 pciide - ok
22:39:12.0941 6048 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:39:12.0941 6048 pcmcia - ok
22:39:12.0988 6048 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:39:13.0004 6048 pcw - ok
22:39:13.0035 6048 [ 8570C04D9DBFDDD2CCF655DEB4D84715 ] PDFsFilter C:\Windows\system32\DRIVERS\PDFsFilter.sys
22:39:13.0035 6048 PDFsFilter - ok
22:39:13.0066 6048 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:39:13.0066 6048 PEAUTH - ok
22:39:13.0144 6048 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:39:13.0160 6048 PerfHost - ok
22:39:13.0238 6048 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:39:13.0269 6048 pla - ok
22:39:13.0347 6048 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:39:13.0363 6048 PlugPlay - ok
22:39:13.0378 6048 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:39:13.0394 6048 PNRPAutoReg - ok
22:39:13.0409 6048 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:39:13.0409 6048 PNRPsvc - ok
22:39:13.0441 6048 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:39:13.0519 6048 PolicyAgent - ok
22:39:13.0550 6048 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:39:13.0565 6048 Power - ok
22:39:13.0581 6048 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:39:13.0675 6048 PptpMiniport - ok
22:39:13.0690 6048 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
22:39:13.0690 6048 Processor - ok
22:39:13.0737 6048 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:39:13.0737 6048 ProfSvc - ok
22:39:13.0784 6048 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:39:13.0784 6048 ProtectedStorage - ok
22:39:13.0799 6048 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:39:13.0799 6048 Psched - ok
22:39:13.0831 6048 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
22:39:13.0909 6048 PxHlpa64 - ok
22:39:13.0955 6048 [ 0928BD20273625622722FE1DE5BBDE57 ] qicflt C:\Windows\system32\DRIVERS\qicflt.sys
22:39:13.0955 6048 qicflt - ok
22:39:14.0018 6048 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:39:14.0049 6048 ql2300 - ok
22:39:14.0065 6048 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:39:14.0065 6048 ql40xx - ok
22:39:14.0111 6048 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:39:14.0127 6048 QWAVE - ok
22:39:14.0143 6048 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:39:14.0143 6048 QWAVEdrv - ok
22:39:14.0158 6048 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:39:14.0158 6048 RasAcd - ok
22:39:14.0174 6048 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:39:14.0174 6048 RasAgileVpn - ok
22:39:14.0205 6048 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:39:14.0221 6048 RasAuto - ok
22:39:14.0252 6048 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:39:14.0252 6048 Rasl2tp - ok
22:39:14.0283 6048 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:39:14.0392 6048 RasMan - ok
22:39:14.0408 6048 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:39:14.0408 6048 RasPppoe - ok
22:39:14.0423 6048 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:39:14.0423 6048 RasSstp - ok
22:39:14.0439 6048 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:39:14.0470 6048 rdbss - ok
22:39:14.0486 6048 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
22:39:14.0486 6048 rdpbus - ok
22:39:14.0501 6048 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:39:14.0501 6048 RDPCDD - ok
22:39:14.0501 6048 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:39:14.0501 6048 RDPENCDD - ok
22:39:14.0517 6048 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:39:14.0517 6048 RDPREFMP - ok
22:39:14.0564 6048 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:39:14.0626 6048 RDPWD - ok
22:39:14.0657 6048 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:39:14.0657 6048 rdyboost - ok
22:39:14.0720 6048 [ 189C5A8D2098E0AA14FD157A954B34FC ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
22:39:14.0735 6048 RegSrvc - ok
22:39:14.0798 6048 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:39:14.0813 6048 RemoteAccess - ok
22:39:14.0845 6048 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:39:14.0845 6048 RemoteRegistry - ok
22:39:14.0876 6048 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
22:39:14.0891 6048 RFCOMM - ok
22:39:14.0985 6048 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
22:39:15.0063 6048 RoxMediaDB12OEM - ok
22:39:15.0079 6048 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
22:39:15.0079 6048 RoxWatch12 - ok
22:39:15.0110 6048 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:39:15.0125 6048 RpcEptMapper - ok
22:39:15.0157 6048 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:39:15.0157 6048 RpcLocator - ok
22:39:15.0172 6048 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:39:15.0188 6048 RpcSs - ok
22:39:15.0219 6048 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:39:15.0219 6048 rspndr - ok
22:39:15.0250 6048 [ A73ED14670220307874AD6BC2F279349 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:39:15.0313 6048 RTL8167 - ok
22:39:15.0328 6048 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:39:15.0344 6048 SamSs - ok
22:39:15.0344 6048 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:39:15.0422 6048 sbp2port - ok
22:39:15.0453 6048 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:39:15.0453 6048 SCardSvr - ok
22:39:15.0469 6048 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:39:15.0547 6048 scfilter - ok
22:39:15.0578 6048 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:39:15.0578 6048 Schedule - ok
22:39:15.0609 6048 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:39:15.0609 6048 SCPolicySvc - ok
22:39:15.0640 6048 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
22:39:15.0703 6048 sdbus - ok
22:39:15.0734 6048 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:39:15.0827 6048 SDRSVC - ok
22:39:15.0859 6048 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:39:15.0859 6048 secdrv - ok
22:39:15.0874 6048 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:39:15.0952 6048 seclogon - ok
22:39:15.0983 6048 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
22:39:15.0983 6048 SENS - ok
22:39:15.0983 6048 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:39:15.0983 6048 SensrSvc - ok
22:39:15.0999 6048 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
22:39:15.0999 6048 Serenum - ok
22:39:16.0015 6048 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
22:39:16.0015 6048 Serial - ok
22:39:16.0030 6048 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:39:16.0030 6048 sermouse - ok
22:39:16.0077 6048 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:39:16.0124 6048 SessionEnv - ok
22:39:16.0139 6048 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
22:39:16.0155 6048 sffdisk - ok
22:39:16.0155 6048 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:39:16.0155 6048 sffp_mmc - ok
22:39:16.0171 6048 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
22:39:16.0202 6048 sffp_sd - ok
22:39:16.0217 6048 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:39:16.0217 6048 sfloppy - ok
22:39:16.0264 6048 [ E1974A92AC0914A3859359A0A8C82C68 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
22:39:16.0280 6048 SftService - ok
22:39:16.0358 6048 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:39:16.0389 6048 SharedAccess - ok
22:39:16.0436 6048 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:39:16.0483 6048 ShellHWDetection - ok
22:39:16.0514 6048 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
22:39:16.0514 6048 SiSRaid2 - ok
22:39:16.0529 6048 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:39:16.0529 6048 SiSRaid4 - ok
22:39:16.0576 6048 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:39:16.0592 6048 Smb - ok
22:39:16.0639 6048 [ 10450F432811D7FDA60A97FCC674D7B2 ] snapman C:\Windows\system32\DRIVERS\snapman.sys
22:39:16.0701 6048 snapman - ok
22:39:16.0732 6048 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:39:16.0732 6048 SNMPTRAP - ok
22:39:16.0779 6048 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:39:16.0779 6048 spldr - ok
22:39:16.0841 6048 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:39:16.0857 6048 Spooler - ok
22:39:16.0951 6048 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:39:16.0982 6048 sppsvc - ok
22:39:17.0029 6048 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:39:17.0044 6048 sppuinotify - ok
22:39:17.0091 6048 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:39:17.0153 6048 srv - ok
22:39:17.0185 6048 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:39:17.0247 6048 srv2 - ok
22:39:17.0263 6048 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:39:17.0341 6048 srvnet - ok
22:39:17.0372 6048 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:39:17.0372 6048 SSDPSRV - ok
22:39:17.0387 6048 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:39:17.0387 6048 SstpSvc - ok
22:39:17.0419 6048 [ 92E7F6666633D2DD91D527503DAA7BE0 ] stdcfltn C:\Windows\system32\DRIVERS\stdcfltn.sys
22:39:17.0465 6048 stdcfltn - ok
22:39:17.0512 6048 [ 79969ACAEEBEDA7DC3673656AB9918FD ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:39:17.0512 6048 Stereo Service - ok
22:39:17.0575 6048 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
22:39:17.0590 6048 stexstor - ok
22:39:17.0621 6048 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:39:17.0653 6048 stisvc - ok
22:39:17.0684 6048 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
22:39:17.0699 6048 stllssvr - ok
22:39:17.0715 6048 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:39:17.0731 6048 swenum - ok
22:39:17.0777 6048 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:39:17.0809 6048 swprv - ok
22:39:17.0855 6048 [ B0C7D4DCF4800DF2F2145B500D0161E8 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
22:39:17.0918 6048 SynTP - ok
22:39:17.0949 6048 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:39:17.0980 6048 SysMain - ok
22:39:17.0996 6048 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:39:18.0027 6048 TabletInputService - ok
22:39:18.0043 6048 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:39:18.0136 6048 TapiSrv - ok
22:39:18.0152 6048 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:39:18.0167 6048 TBS - ok
22:39:18.0230 6048 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:39:18.0261 6048 Tcpip - ok
22:39:18.0277 6048 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:39:18.0292 6048 TCPIP6 - ok
22:39:18.0323 6048 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:39:18.0323 6048 tcpipreg - ok
22:39:18.0339 6048 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:39:18.0339 6048 TDPIPE - ok
22:39:18.0386 6048 [ 99527D49EE0A96FC25537C61B270A372 ] tdrpman273 C:\Windows\system32\DRIVERS\tdrpm273.sys
22:39:18.0448 6048 tdrpman273 - ok
22:39:18.0464 6048 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:39:18.0464 6048 TDTCP - ok
22:39:18.0495 6048 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:39:18.0495 6048 tdx - ok
22:39:18.0511 6048 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:39:18.0511 6048 TermDD - ok
22:39:18.0589 6048 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:39:18.0589 6048 TermService - ok
22:39:18.0604 6048 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:39:18.0604 6048 Themes - ok
22:39:18.0635 6048 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:39:18.0635 6048 THREADORDER - ok
22:39:18.0698 6048 [ EBBAEA02F0095A798000C7E06B16D41B ] timounter C:\Windows\system32\DRIVERS\timntr.sys
22:39:18.0823 6048 timounter - ok
22:39:18.0838 6048 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:39:18.0838 6048 TrkWks - ok
22:39:18.0885 6048 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:39:18.0901 6048 TrustedInstaller - ok
22:39:18.0932 6048 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:39:18.0932 6048 tssecsrv - ok
22:39:18.0947 6048 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:39:19.0010 6048 TsUsbFlt - ok
22:39:19.0041 6048 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
22:39:19.0088 6048 TsUsbGD - ok
22:39:19.0103 6048 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:39:19.0103 6048 tunnel - ok
22:39:19.0119 6048 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
22:39:19.0213 6048 TurboB - ok
22:39:19.0259 6048 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
22:39:19.0353 6048 TurboBoost - ok
22:39:19.0384 6048 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:39:19.0384 6048 uagp35 - ok
22:39:19.0415 6048 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:39:19.0431 6048 udfs - ok
22:39:19.0462 6048 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:39:19.0462 6048 UI0Detect - ok
22:39:19.0493 6048 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:39:19.0493 6048 uliagpkx - ok
22:39:19.0509 6048 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:39:19.0556 6048 umbus - ok
22:39:19.0556 6048 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
22:39:19.0556 6048 UmPass - ok
22:39:19.0681 6048 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:39:19.0712 6048 UNS - ok
22:39:19.0727 6048 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:39:19.0727 6048 upnphost - ok
22:39:19.0774 6048 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:39:19.0774 6048 usbccgp - ok
22:39:19.0805 6048 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:39:19.0821 6048 usbcir - ok
22:39:19.0837 6048 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
22:39:19.0930 6048 usbehci - ok
22:39:19.0961 6048 [ 8B892002D7B79312821169A14317AB86 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:39:19.0977 6048 usbhub - ok
22:39:19.0993 6048 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:39:20.0055 6048 usbohci - ok
22:39:20.0071 6048 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:39:20.0071 6048 usbprint - ok
22:39:20.0102 6048 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:39:20.0102 6048 USBSTOR - ok
22:39:20.0133 6048 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:39:20.0195 6048 usbuhci - ok
22:39:20.0211 6048 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
22:39:20.0273 6048 usbvideo - ok
22:39:20.0305 6048 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:39:20.0320 6048 UxSms - ok
22:39:20.0336 6048 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:39:20.0336 6048 VaultSvc - ok
22:39:20.0367 6048 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:39:20.0367 6048 vdrvroot - ok
22:39:20.0383 6048 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:39:20.0383 6048 vds - ok
22:39:20.0414 6048 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:39:20.0414 6048 vga - ok
22:39:20.0414 6048 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:39:20.0414 6048 VgaSave - ok
22:39:20.0445 6048 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:39:20.0523 6048 vhdmp - ok
22:39:20.0523 6048 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:39:20.0523 6048 viaide - ok
22:39:20.0554 6048 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:39:20.0632 6048 volmgr - ok
22:39:20.0663 6048 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:39:20.0663 6048 volmgrx - ok
22:39:20.0679 6048 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:39:20.0695 6048 volsnap - ok
22:39:20.0710 6048 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:39:20.0726 6048 vsmraid - ok
22:39:20.0773 6048 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:39:20.0851 6048 VSS - ok
22:39:20.0866 6048 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:39:20.0866 6048 vwifibus - ok
22:39:20.0882 6048 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:39:20.0897 6048 vwififlt - ok
22:39:20.0929 6048 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:39:20.0929 6048 vwifimp - ok
22:39:20.0975 6048 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:39:20.0991 6048 W32Time - ok
22:39:21.0069 6048 [ B32009DB1972E7F2C227499289C4384A ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
22:39:21.0116 6048 W3SVC - ok
22:39:21.0147 6048 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:39:21.0147 6048 WacomPen - ok
22:39:21.0178 6048 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:39:21.0272 6048 WANARP - ok
22:39:21.0272 6048 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:39:21.0303 6048 Wanarpv6 - ok
22:39:21.0319 6048 [ B32009DB1972E7F2C227499289C4384A ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
22:39:21.0319 6048 WAS - ok
22:39:21.0397 6048 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:39:21.0459 6048 WatAdminSvc - ok
22:39:21.0537 6048 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:39:21.0599 6048 wbengine - ok
22:39:21.0615 6048 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:39:21.0615 6048 WbioSrvc - ok
22:39:21.0646 6048 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:39:21.0662 6048 wcncsvc - ok
22:39:21.0677 6048 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:39:21.0677 6048 WcsPlugInService - ok
22:39:21.0709 6048 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
22:39:21.0709 6048 Wd - ok
22:39:21.0755 6048 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:39:21.0755 6048 Wdf01000 - ok
22:39:21.0787 6048 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:39:21.0802 6048 WdiServiceHost - ok
22:39:21.0818 6048 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:39:21.0818 6048 WdiSystemHost - ok
22:39:21.0849 6048 [ 94DC2BF6CBAAA95E369C3756D3115A76 ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys
22:39:21.0849 6048 wdkmd - ok
22:39:21.0896 6048 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:39:21.0974 6048 WebClient - ok
22:39:22.0005 6048 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:39:22.0021 6048 Wecsvc - ok
22:39:22.0036 6048 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:39:22.0036 6048 wercplsupport - ok
22:39:22.0052 6048 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:39:22.0052 6048 WerSvc - ok
22:39:22.0067 6048 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:39:22.0067 6048 WfpLwf - ok
22:39:22.0099 6048 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
22:39:22.0192 6048 WimFltr - ok
22:39:22.0223 6048 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:39:22.0223 6048 WIMMount - ok
22:39:22.0239 6048 WinDefend - ok
22:39:22.0239 6048 WinHttpAutoProxySvc - ok
22:39:22.0301 6048 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:39:22.0317 6048 Winmgmt - ok
22:39:22.0395 6048 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:39:22.0457 6048 WinRM - ok
22:39:22.0489 6048 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:39:22.0567 6048 WinUsb - ok
22:39:22.0598 6048 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:39:22.0613 6048 Wlansvc - ok
22:39:22.0645 6048 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:39:22.0645 6048 wlcrasvc - ok
22:39:22.0754 6048 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:39:22.0769 6048 wlidsvc - ok
22:39:22.0785 6048 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:39:22.0785 6048 WmiAcpi - ok
22:39:22.0816 6048 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:39:22.0832 6048 wmiApSrv - ok
22:39:22.0847 6048 WMPNetworkSvc - ok
22:39:22.0894 6048 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:39:22.0910 6048 WPCSvc - ok
22:39:22.0925 6048 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:39:22.0925 6048 WPDBusEnum - ok
22:39:22.0957 6048 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:39:22.0957 6048 ws2ifsl - ok
22:39:22.0972 6048 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
22:39:22.0988 6048 wscsvc - ok
22:39:22.0988 6048 WSearch - ok
22:39:23.0097 6048 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:39:23.0128 6048 wuauserv - ok
22:39:23.0144 6048 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:39:23.0144 6048 WudfPf - ok
22:39:23.0159 6048 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:39:23.0206 6048 WUDFRd - ok
22:39:23.0237 6048 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:39:23.0284 6048 wudfsvc - ok
22:39:23.0300 6048 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:39:23.0300 6048 WwanSvc - ok
22:39:23.0331 6048 ================ Scan global ===============================
22:39:23.0393 6048 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:39:23.0425 6048 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
22:39:23.0440 6048 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
22:39:23.0471 6048 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:39:23.0503 6048 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:39:23.0518 6048 [Global] - ok
22:39:23.0518 6048 ================ Scan MBR ==================================
22:39:23.0534 6048 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:39:24.0407 6048 \Device\Harddisk0\DR0 - ok
22:39:24.0407 6048 ================ Scan VBR ==================================
22:39:24.0439 6048 [ 22D33FF05C396476FAB289E7BF717E00 ] \Device\Harddisk0\DR0\Partition1
22:39:24.0439 6048 \Device\Harddisk0\DR0\Partition1 - ok
22:39:24.0454 6048 [ F7B8F03210B18622D492CEEE0C8DF4AB ] \Device\Harddisk0\DR0\Partition2
22:39:24.0470 6048 \Device\Harddisk0\DR0\Partition2 - ok
22:39:24.0470 6048 ============================================================
22:39:24.0470 6048 Scan finished
22:39:24.0470 6048 ============================================================
22:39:24.0485 6856 Detected object count: 0
22:39:24.0485 6856 Actual detected object count: 0
22:41:49.0441 9016 Deinitialize success
torreattack
2012-09-05, 13:29
Hi Matt :


I will uncheck the registry altering elements within the program on your advice.
1. Since you decide to keep it, I want you to stop using it untill we finish, is that ok?


[2012/08/23 01:09:20 | 000,010,788 | ---- | C] () -- C:\Users\Public\Documents\cc_20120823_010913.reg
[2012/08/20 16:22:04 | 000,000,920 | ---- | C] () -- C:\Users\Public\Documents\cc_20120820_162155.reg
[2012/08/20 01:47:54 | 000,026,288 | ---- | C] () -- C:\Users\Public\Documents\cc_20120820_014748.reg
2. Are you using CCleaner during 20/8/2012 and 23/08/2012?

3. OTL fix
Please make sure OTL.exe is on your Desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop
Right click on OTL.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
Copy the following text... do not include the quote box title "Quote'

:OTL
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
[2012/08/09 14:11:53 | 000,384,844 | ---- | C] () -- C:\Users\Admin\AppData\Local\funmoods-speeddial.crx

:Files
ipconfig /flushdns /c

:Commands
[EmptyTemp]
[CreateRestorePoint]

Click under the Custom Scan/Fixes box and paste the copied text.
Click the Run Fix button. If prompted... click OK.
When the scan completes, Notepad will open with the scan results.
Please post the contents of report in your next reply.
note: The OTL fix log was located at c:\_OTL\MovedFiles with the format MMDDYYY_HHMMSS.log.



My concern is that my computer activity is being monitored by someone (possibly someone I know),
not necessarily for overtly malicious purposes, but nonetheless it would be most unwelcome if this were the case.
4. Your logs looked clean, but I may be wrong. What made you think your are infected?

What is the symptoms that make you think you are infected? Any re-direction, strange sound or file, email hacked, pop-up?
Since when this incident happen?
How the guy monitor you? by a keylogger or remote connection?


Let's try to scan with another tool.
5. ComboFix
Please download http://i526.photobucket.com/albums/cc345/MPKwings/ComboFixicon1.gifComboFix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)... ?Copyrighted to sUBs. Save it to your desktop. <<--- IMPORTANT!! .
Alternate download sites: Mirror #2 (http://www.forospyware.com/sUBs/ComboFix.exe) or Mirror #3 (http://subs.geekstogo.com/ComboFix.exe)

If you previously downloaded ComboFix, please delete that version and download it again. This tool is frequently updated.

This program is a powerful tool, intended by its creator, to be "used under the guidance and supervision of trained malware removers".
Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!

The first thing you need to do is print out How-To-Use-ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix). Read these instructions thoroughly.
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!

Please disable any Antivirus or Firewall you have active, as shown in this topic (http://www.bleepingcomputer.com/forums/topic114351.html). Please close all open application windows.
Double click the ComboFix.exe icon on your desktop to begin execution. If you receive the "Open File - Security Warning"... press Run.
Press Yes to the Disclaimer prompt.
ComboFix screen appears... preparing to run. ComboFix will now begin creating a System Restore Point and then backup your registry.
If not already installed... Press Yes to the "Install Recovery Console" prompt.
Press Yes at the Recovery Console installation results prompt... Even if unsuccessful, have ComboFix continue the scan.
Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash!
ComboFix will disconnect you from the Internet, may cause your desktop to disappear and also change your clock settings... this is normal, so don't worry. They will be restored when finished. The ComboFix window data will be changing with various "Stages"... completed. When finished the screen will show that a log is being created.
ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.
When finished... Notepad will open ... ComboFix will produce a log file called "log.txt".
Please copy/paste the contents of log.txt... in your next reply.
Do NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read Combofix's Disclaimer (http://img.photobucket.com/albums/v666/sUBs/New_Disclaimer_090525.gif).
** Enable your Antivirus and Firewall, before connecting to the Internet again! **


Thank you,
torreattack
deshojo
2012-09-06, 02:09
Hi Torreattack,

1. I will not be using System Mechanic for registry cleaning/maintenance purposes again (nor any other registry cleaner), but it does have a number of other non-registry functions which may be useful. However, I have disabled all automated tasks, and will not use it at all until we are finished.

2. Yes, I did use CCleaner during that period, in an attempt to clear out what I felt was a suspicious program (Freecorder). I had it back up the registry before any fixes. Again, I will not use it now, and will uninstall it after we are done.

3. OTL Log posted below.

4. This is a rather complicated matter, and there's only so much I wish to say on a public forum ( I would be happy to expand in a PM if you wish) but the person concerned is very conversant with windows and anti-malware programs.
I found rootkits installed on both hard drives of a previous computer which I had taken to him for replacement of failed hardware about 2 years ago. I then checked some software he had given me on CDs and found numerous trojans and keyloggers.
A friend of his recently let slip that he was aware of me using the internet at vaious times during a weekend when I had told him I would be away from home (about 6 weeks ago).
I had suspected redirects from about 2 weeks ago, as I was finding a lot of very "graphically generic" looking websites, with plain "blocky" looking headers and lots of dodgy looking "download this file now" links. I'm sure you know what I mean when I say they just didn't look or feel right. It may be paranoia, but I've seen those types of pages before and I found redirects then.
I suspect some sort of remote interaction, hence my trying to remove any aids to remote connection, disabling such services. I also completely uninstalled Office 2010, as it seemed rife with "sharing" systems.
I downloaded Malwarebytes a couple of weeks ago and it found a number of problems, I could post the log from that scan if it would help.

5. ComboFix scan results posted below as requested.

Best regards,

Deshojo.


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
C:\Program Files (x86)\Java\jre6\bin\ssv.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Users\Admin\AppData\Local\funmoods-speeddial.crx moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Admin\Desktop\cmd.bat deleted successfully.
C:\Users\Admin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 27195 bytes
->Temporary Internet Files folder emptied: 30085273 bytes
->Java cache emptied: 2027 bytes
->Flash cache emptied: 694 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Matt
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 23820016 bytes
->Java cache emptied: 593458 bytes
->Flash cache emptied: 57795 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 314816 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 53.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.60.0 log created on 09052012_232201

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
deshojo
2012-09-06, 02:10
ComboFix 12-09-05.02 - Admin 06/09/2012 0:08.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4010.2666 [GMT 1:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
((((((((((((((((((((((((( Files Created from 2012-08-05 to 2012-09-05 )))))))))))))))))))))))))))))))
.
.
2012-09-05 22:22 . 2012-09-05 22:22 -------- d-----w- C:\_OTL
2012-09-04 11:44 . 2012-09-04 11:44 -------- d-----w- c:\users\DefaultAppPool
2012-08-31 22:19 . 2012-08-02 10:21 511328 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL
2012-08-31 22:19 . 2012-08-02 10:27 2154576 ----a-w- c:\windows\system32\Incinerator64.dll
2012-08-30 20:07 . 2012-08-30 20:07 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-08-30 20:07 . 2012-08-30 20:07 -------- d-----w- c:\programdata\Kaspersky Lab
2012-08-27 23:02 . 2012-08-27 23:02 -------- d-----w- c:\windows\SysWow64\BestPractices
2012-08-27 23:02 . 2012-08-27 23:02 -------- d-----w- c:\windows\system32\BestPractices
2012-08-27 23:02 . 2012-08-27 23:02 -------- d-----w- C:\inetpub
2012-08-26 21:58 . 2012-08-26 22:04 -------- d-----w- c:\users\Matt\AppData\Local\Microsoft Help
2012-08-24 10:40 . 2012-08-24 10:40 -------- d-----w- c:\program files (x86)\ERUNT
2012-08-23 15:06 . 2012-08-23 15:06 -------- d-----w- c:\program files (x86)\Trend Micro
2012-08-21 12:38 . 2012-08-21 12:38 -------- d-----w- c:\users\Matt\AppData\Roaming\Malwarebytes
2012-08-20 15:38 . 2012-08-20 15:38 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2012-08-20 15:38 . 2012-08-20 15:38 -------- d-----w- c:\programdata\Malwarebytes
2012-08-20 15:38 . 2012-08-20 15:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-20 15:38 . 2012-07-03 12:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-20 11:05 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-19 15:37 . 2012-08-19 15:41 -------- d-----w- c:\users\Admin\AppData\Local\Microsoft Games
2012-08-16 13:04 . 2012-08-20 09:53 -------- d-----w- c:\users\Admin\AppData\Local\Diagnostics
2012-08-09 13:16 . 2012-08-09 13:16 -------- d-----w- c:\users\Admin\AppData\Local\Freecorder 6 Video
2012-08-09 13:15 . 2012-08-09 13:15 -------- d-----w- c:\users\Admin\AppData\Roaming\Freecorder 6 Video
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-20 11:00 . 2011-09-03 17:34 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-19 02:31 . 2012-05-15 11:22 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-19 02:31 . 2011-05-31 18:05 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-22 14:46 . 2012-06-22 14:47 18944 ----a-w- c:\windows\system\LFMAC70N.DLL
2012-06-22 14:46 . 2012-06-22 14:47 81946 ----a-w- c:\windows\SysWow64\vb5ko.dll
2012-06-22 14:46 . 2012-06-22 14:47 81920 ----a-w- c:\windows\system\capi2032.dll
2012-06-22 14:46 . 2012-06-22 14:47 24064 ----a-w- c:\windows\system\LFEPS70N.DLL
2012-06-22 14:46 . 2012-06-22 14:47 996872 ----a-w- c:\windows\system\CP3240MT.DLL
2012-06-22 14:46 . 2012-06-22 14:47 34304 ----a-w- c:\windows\system\lfbmp10N.dll
2012-06-22 14:46 . 2012-06-22 14:47 135168 ----a-w- c:\windows\SysWow64\ParaSaver.scr
2012-06-22 14:46 . 2012-06-22 14:47 89600 ----a-w- c:\windows\SysWow64\lfjbg12n.dll
2012-06-22 14:46 . 2012-06-22 14:47 73216 ----a-w- c:\windows\SysWow64\lffax12n.dll
2012-06-22 14:46 . 2012-06-22 14:47 297472 ----a-w- c:\windows\system\ltkrn10N.dll
2012-06-22 14:46 . 2012-06-22 14:47 995383 ----a-w- c:\windows\system\Mfc42.dll
2012-06-22 14:46 . 2012-06-22 14:47 258560 ----a-w- c:\windows\system\LTDIS12n.dll
2012-06-22 14:46 . 2012-06-22 14:47 258560 ----a-w- c:\windows\SysWow64\LTDIS12n.dll
2012-06-22 14:46 . 2012-06-22 14:47 212480 ----a-w- c:\windows\system\Pcdlib32.dll
2012-06-22 14:46 . 2012-06-22 14:47 600576 ----a-w- c:\windows\system\LTWRP10N.DLL
2012-06-22 14:46 . 2012-06-22 14:47 933888 ----a-w- c:\windows\system\MFC40.DLL
2012-06-22 14:46 . 2012-06-22 14:47 388608 ----a-w- c:\windows\system\ltkrn12n.dll
2012-06-22 14:46 . 2012-06-22 14:47 55808 ----a-w- c:\windows\system\LFFAX70N.DLL
2012-06-22 14:46 . 2012-06-22 14:47 35328 ----a-w- c:\windows\system\LFFPX70N.DLL
2012-06-22 14:46 . 2012-06-22 14:47 32768 ----a-w- c:\windows\system\LFGIF70N.DLL
2012-06-22 14:46 . 2012-06-22 14:47 306688 ----a-w- c:\windows\system\Lffpx7.dll
2012-06-22 14:46 . 2012-06-22 14:47 27136 ----a-w- c:\windows\system\lfimg10N.dll
2012-06-22 14:46 . 2012-06-22 14:47 26112 ----a-w- c:\windows\system\LFICA70N.DLL
2012-06-22 14:46 . 2012-06-22 14:47 20480 ----a-w- c:\windows\system\LFIMG70N.DLL
2012-06-22 14:46 . 2012-06-22 14:47 388608 ----a-w- c:\windows\SysWow64\ltkrn12n.dll
2012-06-22 14:46 . 2012-06-22 14:47 172032 ----a-w- c:\windows\SysWow64\SpotSaver.scr
2012-06-22 14:46 . 2012-06-22 14:47 20480 ----a-w- c:\windows\system\LFWPG70N.DLL
2012-06-22 14:46 . 2012-06-22 14:47 31232 ----a-w- c:\windows\system\lflmb10N.dll
2012-06-22 14:46 . 2012-06-22 14:47 28672 ----a-w- c:\windows\system\LFLMA70N.DLL
2012-06-22 14:46 . 2012-06-22 14:47 248832 ----a-w- c:\windows\system\LFJ2K12n.dll
2012-06-22 14:46 . 2012-06-22 14:47 19456 ----a-w- c:\windows\system\lfmsp12n.dll
2012-06-22 14:46 . 2012-06-22 14:47 141824 ----a-w- c:\windows\system\lftif12n.dll
2012-06-22 14:46 . 2012-06-22 14:47 61440 ----a-w- c:\windows\system\BPEnhan.dll
2012-06-22 14:46 . 2012-06-22 14:47 29952 ----a-w- c:\windows\system\BORLNDMM.DLL
2012-06-22 14:46 . 2012-06-22 14:47 27136 ----a-w- c:\windows\system\lfcal10N.dll
2012-06-22 14:46 . 2012-06-22 14:47 24576 ----a-w- c:\windows\system\LFBMP70N.DLL
2012-06-22 14:46 . 2012-06-22 14:47 17920 ----a-w- c:\windows\system\LFAVI70N.DLL
2012-06-22 14:46 . 2012-06-22 14:47 19456 ----a-w- c:\windows\SysWow64\lfmsp12n.dll
2012-06-22 14:46 . 2012-06-22 14:47 248832 ----a-w- c:\windows\SysWow64\LFJ2K12n.dll
2012-06-22 14:46 . 2012-06-22 14:47 20992 ----a-w- c:\windows\SysWow64\lfimg12n.dll
2012-06-22 14:46 . 2012-06-22 14:47 141824 ----a-w- c:\windows\SysWow64\lftif12n.dll
2012-06-22 14:46 . 2012-06-22 14:47 93184 ----a-w- c:\windows\system\LFTIF70N.DLL
2012-06-22 14:46 . 2012-06-22 14:47 18944 ----a-w- c:\windows\system\LFWFX70N.DLL
2012-06-22 14:46 . 2012-06-22 14:47 33280 ----a-w- c:\windows\system\lfpcx10N.dll
2012-06-22 14:46 . 2012-06-22 14:47 31232 ----a-w- c:\windows\system\lfpct10N.dll
2012-06-22 14:46 . 2012-06-22 14:47 24576 ----a-w- c:\windows\system\LFPCX70N.DLL
2012-06-22 14:46 . 2012-06-22 14:47 24064 ----a-w- c:\windows\system\LFPCT70N.DLL
2012-06-22 14:46 . 2012-06-22 14:47 22016 ----a-w- c:\windows\system\LFPSD70N.DLL
2012-06-22 14:46 . 2012-06-22 14:47 20992 ----a-w- c:\windows\system\LFTGA70N.DLL
2012-06-22 14:46 . 2012-06-22 14:47 19456 ----a-w- c:\windows\system\LFRAS70N.DLL
2012-06-22 14:46 . 2012-06-22 14:47 19456 ----a-w- c:\windows\system\LFPCD70N.DLL
2012-06-22 14:46 . 2012-06-22 14:47 19456 ----a-w- c:\windows\system\LFMSP70N.DLL
2012-06-22 14:46 . 2012-06-22 14:47 122368 ----a-w- c:\windows\system\lftif10N.dll
2012-06-22 14:46 . 2012-06-22 14:47 111104 ----a-w- c:\windows\system\LFPNG70N.DLL
2012-06-22 14:46 . 2012-06-22 14:47 55296 ----a-w- c:\windows\system\LTFIL70N.DLL
2012-06-22 14:46 . 2012-06-22 14:47 350208 ----a-w- c:\windows\system\LTKRN70N.DLL
2012-06-22 14:46 . 2012-06-22 14:47 165888 ----a-w- c:\windows\system\img12n.dll
2012-06-22 14:46 . 2012-06-22 14:47 130048 ----a-w- c:\windows\system\ltfil12n.DLL
2012-06-22 14:46 . 2012-06-22 14:47 117760 ----a-w- c:\windows\system\img10N.dll
2012-06-22 14:46 . 2012-06-22 14:47 95232 ----a-w- c:\windows\system\Lfkodak.dll
2012-06-22 14:46 . 2012-06-22 14:47 165888 ----a-w- c:\windows\SysWow64\ltimg12n.dll
2012-06-22 14:46 . 2012-06-22 14:47 130048 ----a-w- c:\windows\SysWow64\ltfil12n.DLL
2012-06-22 14:46 . 2012-06-22 14:47 30720 ----a-w- c:\windows\SysWow64\lfbmp12n.dll
2012-06-22 14:46 . 2012-06-22 14:47 28160 ----a-w- c:\windows\system\lfwmf10N.dll
2012-06-22 14:46 . 2012-06-22 14:47 228864 ----a-w- c:\windows\system\LTDIS10N.DLL
2012-06-22 14:46 . 2012-06-22 14:47 25600 ----a-w- c:\windows\system\lfmac10N.dll
2012-06-22 14:46 . 2012-06-22 14:47 25088 ----a-w- c:\windows\system\LFLMB70N.DLL
2012-06-22 14:46 . 2012-06-22 14:47 32256 ----a-w- c:\windows\SysWow64\lflmb12n.dll
2012-06-22 14:46 . 2012-06-22 14:47 77824 ----a-w- c:\windows\system\lffax10N.dll
2012-06-22 14:46 . 2012-06-22 14:47 240640 ----a-w- c:\windows\system\LFDIC10N.DLL
2012-06-22 14:46 . 2012-06-22 14:47 341504 ----a-w- c:\windows\system\LFCMP12n.DLL
2012-06-22 14:46 . 2012-06-22 14:47 224768 ----a-w- c:\windows\system\LFCMP70N.DLL
2012-06-22 14:46 . 2012-06-22 14:47 341504 ----a-w- c:\windows\SysWow64\LFCMP12n.DLL
2012-06-22 14:46 . 2012-06-22 14:47 49664 ----a-w- c:\windows\SysWow64\Lfwmf12n.dll
2012-06-22 14:46 . 2012-06-22 14:47 266752 ----a-w- c:\windows\system\LFCMP10N.DLL
2012-06-22 14:46 . 2012-06-22 14:47 19968 ----a-w- c:\windows\system\LFCAL70N.DLL
2012-06-22 14:46 . 2012-06-22 14:47 103424 ----a-w- c:\windows\system\fil10N.DLL
2012-06-22 14:46 . 2012-06-22 14:47 26624 ----a-w- c:\windows\SysWow64\lfpcx12n.dll
2012-06-22 14:46 . 2012-06-22 14:47 266293 ----a-w- c:\windows\system\Msvcrt.dll
2012-06-22 14:46 . 2012-06-22 14:47 70656 ----a-w- c:\windows\system\MSVCIRT.DLL
2012-06-22 14:46 . 2012-06-22 14:47 344064 ----a-w- c:\windows\system\MSVCRT40.DLL
2012-06-22 14:46 . 2012-06-22 14:47 35840 ----a-w- c:\windows\system\lflma10N.dll
2012-06-22 14:46 . 2012-06-22 14:47 176128 ----a-w- c:\windows\SysWow64\PuzzSaver.scr
2012-06-09 05:43 . 2012-07-11 10:00 14172672 ----a-w- c:\windows\system32\shell32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-11 163040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-09-27 285280]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-12-15 174168]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-11-12 155752]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [2010-12-12 121960]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-03 1255736]
R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R4 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-09-27 3246040]
R4 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184]
R4 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 136176]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 136176]
R4 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
R4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-02-19 2009704]
R4 OS Selector;Acronis OS Selector activator;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-05-25 2139400]
R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-02-18 378472]
R4 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-02-19 25960]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-09-27 1263200]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2012-08-02 30752]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-08-02 1027792]
S2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-04-25 202296]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys [2012-08-02 82160]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-01-24 58128]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-01-24 274944]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-01-24 59904]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-12-22 8505856]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-13 29288]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 412264]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - ioloSGuardDriver
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 07:16]
.
2012-07-10 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 07:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-02-18 312936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 418328]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-01-25 4479648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-06 00:14:38
ComboFix-quarantined-files.txt 2012-09-05 23:14
.
Pre-Run: 480,403,283,968 bytes free
Post-Run: 480,250,761,216 bytes free
.
- - End Of File - - 6671EF699A9F5A8216CA5227B4DA9D84
torreattack
2012-09-06, 13:54
Hi Matt :


This is a rather complicated matter, and there's only so much I wish to say on a public forum ( I would be happy to expand in a PM if you wish.)
Yes, you may. I need more information to decide.


[2012/08/09 14:16:00 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Freecorder 6 Video
[2012/08/09 14:15:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Freecorder 6 Video
[2012/08/09 14:15:11 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Freecorder
These three lines showed that Freecorder were not removed completely yet.


[2012/08/27 20:39:09 | 000,000,000 | -H-- | M] () -- C:\Users\Admin\Documents\Default.rdp
Default.rdp is a file that is created upon using the, "Remote Desktop Connection" application in Windows.
You or somebody might used this service during 27/8/2012.
More detail here: http://support.microsoft.com/kb/186607/en-us


BTW, you computer logs showed that you had been infected by Adware.Funmoods on 9/82012.

Please run this scan.
CKScanner
Please download CKScanner from Here (http://downloads.malwareremoval.com/CKScanner.exe)
Important: - Save it to your desktop.
Right-click CKScanner.exe > select " Run as administrator " then click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved. Please Run the program only once.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


Thank you,
torreattack
deshojo
2012-09-06, 18:12
Hi Torreattack,

I sent you a PM.

I had suspected that it had not all been removed, that may explain the redirected feeling of recent websites.

I have not engaged (and never would) in any remote desktop activities. Is it possible that file could have been left by me simply investigating the rdp service, but not actually using it?

With reference to the files below, Capture one is my photo processing software. I had a licenced version, but lost the licence code when I wrote off a computer about a year ago.
Partlogic is a disk partitioning program I had hoped might help me recover the machine in question.

CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\matt\downloads\phase.one.capture.one.pro.v6.2.49045.multilingual.win64.cracked-eat (1).rar
c:\users\matt\downloads\phase.one.capture.one.pro.v6.2.49045.multilingual.win64.cracked-eat.rar
c:\users\matt\downloads\partlogic-0.7-iso\system\headers\sys\keygen.h
c:\users\matt\downloads\phase.one.capture.one.pro.v6.2.49045.multilingual.win64.cracked-eat (1)\phase.one.capture.one.pro.v6.2.49045.multilingual.win64.cracked-eat\setup.exe
c:\users\matt\downloads\phase.one.capture.one.pro.v6.2.49045.multilingual.win64.cracked-eat (1)\phase.one.capture.one.pro.v6.2.49045.multilingual.win64.cracked-eat\crack\eat.nfo
scanner sequence 3.EM.11.SNNAHF
----- EOF -----
torreattack
2012-09-09, 07:03
Hi deshojo :

Sorry for being late.

Spybot Forum Policy Notification


We do not support the use of illegal Pirated/Warez/Cracked software.

If seeking help in our Malware removal forum please know that users who have programs obtained by such methods will be asked to remove them, since our help could otherwise be seen as aiding copyright violations. Aside from the legalities be aware malware authors prey on users looking to circumvent a software's protection mechanisms. There is a high risk of infection involved in downloading and running crack codes. More info: http://forums.spybot.info/showpost.php?p=25290&postcount=4



Besides that, your computer issues are beyond the scope of this forum.

Your computer is very likely to have been compromised and there is no way that it can be trusted again.

A proper resolution will require physical access so you should consider contacting a local, reliable computer repair shop. They may recommend you to get your computer (or all your computers) wiped and rebuilt, as well as reset your router.

You should change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, any online activity you perform, requiring a username and password) from a known clean computer not located on your premises and not use said passwords on your own computer(s) until the issue has been resolved.

Note: Do NOT change your passwords from this computer or this network as the attacker will be able to get all the new passwords and transaction records.


Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.


Good luck,
torreattack