Solved Possible Malware?

[JamesPCNoob]

Hi guys, I have been having trouble with my laptop since two weeks ago. First, I found a blue screen on my PC which I later restarted and Windows does not allow me to log on.. I had no choice other than performing a System Restore..

It has been all good till few days ago.. The speaker stopped working. My browsers (IE, Chrome, Opera) started failing me. I could visit some of the pages but not all (Google is one of them). I have Mcafee on my PC, and the firewall starts automatically switching off after a few minutes, whenever it's switched off I could not go on the Internet. Same case when I boot with safe mode +networking. Some programs like RealPlayer stopped working too and the speaker also died.. I done a lot of scanning but could not find anything (Mcafee, avast, malwarebytes, hitman, and a few other anti-malware based software that I can't even remember now.

I finally gave up and perform a System Restore again. And this time I could go on the Net as normal, speakers started working.. but the PC starts to hang up every 20 mins or so. I don't have the same problem when it's boot under safe mode + networking though.. Please help

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[JamesPCNoob]

Happy New Year Broni! Please see below logs.

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.03.07

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Leong :: LEONG-PC [administrator]

Protection: Disabled

4/1/2014 8:57:05 AM
mbam-log-2014-01-04 (08-57-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 229035
Time elapsed: 2 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[JamesPCNoob]

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16447
Run by Leong at 9:00:58 on 2014-01-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.60.1033.18.8074.5523 [GMT 3:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.68\opera_crashreporter.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
C:\Windows\notepad.exe
C:\Windows\system32\calc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\notepad.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=ae&l=ar&s=gen
uDefault_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=ae&l=ar&s=gen
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120914063142.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 172.20.0.1
TCP: Interfaces\{0078F24E-9339-444C-9997-6AAABD586D9A} : DHCPNameServer = 172.20.0.1
TCP: Interfaces\{8DCD3E1F-BCA1-4352-936B-0E238B228057} : DHCPNameServer = 172.20.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20120914063142.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-9-14 16152]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-13 639216]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-3-13 281928]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-9-14 28992]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-9-14 22128]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2011-3-13 75672]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 249936]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-9-14 208272]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-9-14 158832]
R3 hswpan;WPAN Driver;C:\Windows\System32\drivers\hswpan.sys [2012-1-27 109056]
R3 irstrtdv;Intel(R) Rapid Start Technology Driver;C:\Windows\System32\drivers\irstrtdv.sys [2012-9-14 26504]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-9-14 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-9-14 788760]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-2-29 25496]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-3-13 481376]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-9-14 646248]
R3 SmbDrvIntel;SmbDrvIntel;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2012-9-14 24888]
R3 ST_ACCEL;STMicroelectronics Accelerometer Service;C:\Windows\System32\drivers\ST_ACCEL.sys [2012-9-14 67184]
S0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-1-3 65776]
S0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-1-3 207904]
S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-1-3 1034464]
S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-1-3 422216]
S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-9-14 98208]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-1-9 659968]
S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-1-3 78648]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-1-3 50344]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-3-27 1014096]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-3-27 1104208]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-1-18 135952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2013-11-12 196616]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-9-14 13592]
S2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-9-14 2439272]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-11 627936]
S2 irstrtsv;Intel(R) Rapid Start Technology Service;C:\WINDOWS\SysWOW64\irstrtsv.exe [2012-9-14 193536]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-9-14 161560]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-3 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-3 701512]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 249936]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 249936]
S2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-9-14 197960]
S2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-26 2823000]
S2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe [2014-1-3 1922600]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
S2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2012-9-14 199272]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-9-14 1695040]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-25 382272]
S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-9-14 363800]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-3-29 2669840]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]
S3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-3 79672]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-3-27 1304912]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2012-2-13 95232]
S3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2012-2-13 747008]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-3-13 65128]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-9-14 176000]
S3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2012-3-21 60928]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-2-29 34232]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-9-14 331264]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-3 25928]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-9-14 224704]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-3-13 227856]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-3-13 98728]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-3-29 273168]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2012-9-14 398144]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-9-14 340584]
S3 SmbDrvAMDASF;SmbDrvAMDASF;C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [2012-9-14 24888]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-01-03 19:01:39 -------- d-----w- C:\Emergency
2014-01-03 18:17:53 -------- d-----w- C:\Windows\SMINST
2014-01-03 14:27:13 -------- d-----w- C:\Program Files (x86)\HD Tune
2014-01-03 14:21:49 -------- d-----w- C:\Program Files\HitmanPro
2014-01-03 14:05:30 -------- d-----w- C:\ProgramData\HitmanPro
2014-01-03 12:19:14 -------- d-----w- C:\Users\Leong\AppData\Local\ElevatedDiagnostics
2014-01-03 09:12:38 -------- d-----w- C:\Users\Leong\AppData\Local\Adobe
2014-01-03 09:00:19 -------- d-----w- C:\Program Files (x86)\dumps
2014-01-03 08:59:42 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2014-01-03 08:52:08 -------- d-----w- C:\Users\Leong\AppData\Roaming\AVAST Software
2014-01-03 08:51:14 79672 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-01-03 08:51:11 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-01-03 08:51:10 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-01-03 08:51:09 1034464 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-01-03 08:51:01 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-01-03 08:50:59 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-01-03 08:50:45 43152 ----a-w- C:\Windows\avastSS.scr
2014-01-03 08:50:03 -------- d-----w- C:\Program Files\AVAST Software
2014-01-03 08:49:23 -------- d-----w- C:\Users\Leong\AppData\Local\Opera Software
2014-01-03 08:49:22 -------- d-----w- C:\Users\Leong\AppData\Roaming\Opera Software
2014-01-03 08:49:00 -------- d-----w- C:\Users\Leong\AppData\Roaming\RealNetworks
2014-01-03 08:48:59 -------- d-----w- C:\ProgramData\AVAST Software
2014-01-03 08:48:04 -------- d-----w- C:\Program Files (x86)\RealNetworks
2014-01-03 08:47:48 -------- d-----w- C:\Program Files (x86)\PANDORA.TV
2014-01-03 08:47:47 -------- d-----w- C:\ProgramData\RealNetworks
2014-01-03 08:47:01 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2014-01-03 08:46:58 -------- d-----w- C:\Program Files (x86)\The KMPlayer
2014-01-03 08:46:17 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2014-01-03 08:46:17 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2014-01-03 08:43:41 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2014-01-03 08:37:28 8537680 ----a-w- C:\ProgramData\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2014-01-03 08:33:38 -------- d-----w- C:\Users\Leong\AppData\Roaming\Malwarebytes
2014-01-03 08:33:22 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-03 08:33:17 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-03 08:33:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-03 08:32:58 -------- d-----w- C:\Users\Leong\AppData\Local\Programs
2014-01-03 08:32:30 -------- d-----w- C:\Users\Leong\AppData\Local\Google
2014-01-03 08:31:53 -------- d-----w- C:\Users\Leong\AppData\Local\Apps
2014-01-03 08:31:51 -------- d-----w- C:\Users\Leong\AppData\Local\Deployment
2014-01-03 08:30:47 -------- d-----w- C:\Program Files (x86)\Dell Digital Delivery
2014-01-03 08:27:25 -------- d-----w- C:\Users\Leong\AppData\Roaming\Intel Corporation
2014-01-03 08:26:27 -------- d-sh--w- C:\$RECYCLE.BIN
2014-01-03 08:26:24 -------- d-----w- C:\Users\Leong\AppData\Local\VirtualStore
2014-01-03 08:23:01 -------- d-----w- C:\Users\Leong\AppData\Local\Absolute_Software
2014-01-03 08:22:54 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-12-13 11:03:43 -------- d-----w- C:\Program Files (x86)\Steam
.
==================== Find3M ====================
.
2014-01-03 09:59:40 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-03 09:59:40 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 9:01:09.98 ===============

 

[JamesPCNoob]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/1/2014 11:16:44 AM
System Uptime: 3/1/2014 5:08:56 PM (16 hours ago)
.
Motherboard: Dell Inc. | | 08HDPJ
Processor: Intel(R) Core(TM) i7-3517U CPU @ 1.90GHz | U3E1 | 2394/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 447 GiB total, 395.723 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: avast! Revert
Device ID: ROOT\LEGACY_ASWRVRT\0000
Manufacturer:
Name: avast! Revert
PNP Device ID: ROOT\LEGACY_ASWRVRT\0000
Service: aswRvrt
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: avast! VM Monitor
Device ID: ROOT\LEGACY_ASWVMM\0000
Manufacturer:
Name: avast! VM Monitor
PNP Device ID: ROOT\LEGACY_ASWVMM\0000
Service: aswVmm
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Absolute Reminder
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8) MUI
Advanced Audio FX Engine
avast! Free Antivirus
Bing Bar
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Digital Delivery
Dell Edoc Viewer
Dell Product Registration
Dell Support Center
Dell Touchpad
Dell Webcam Central
Dota 2
Google Chrome
Google Update Helper
HD Tune 2.55
HitmanPro 3.7
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
Intel(R) Rapid Start Technology
Intel(R) Rapid Storage Technology
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel(R) WiDi
Intel(R) Wireless Display
Intel(R) Wireless Music device driver
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
Junk Mail filter update
KMP Service
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee SecurityCenter
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
NVIDIA 3D Vision Driver 296.01
NVIDIA Control Panel 296.01
NVIDIA Graphics Driver 296.01
NVIDIA Install Application
NVIDIA Optimus 1.7.12
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.7.12
NVIDIA Update Components
Opera Stable 18.0.1284.68
Quickset64
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Skype™ 5.8
ST Microelectronics 3 Axis Digital Accelerometer Solution
Steam
The KMPlayer (remove only)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
4/1/2014 8:59:28 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/1/2014 1:49:11 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
3/1/2014 8:39:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/1/2014 8:38:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
3/1/2014 7:30:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
3/1/2014 5:14:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
3/1/2014 5:10:26 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
3/1/2014 5:10:23 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
3/1/2014 5:10:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/1/2014 5:10:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/1/2014 5:10:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/1/2014 5:10:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/1/2014 5:10:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswRvrt aswSnx aswSP aswVmm discache spldr Wanarpv6
3/1/2014 4:55:40 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
3/1/2014 4:55:40 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
3/1/2014 4:52:50 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
.
==== End Of File ===========================

 

[Broni]

You're running two AV programs, Avast and McAfee.
You must uninstall one of them.
If McAfee use this tool: https://www.techspot.com/downloads/5392-mcafee-software-uninstaller.html

Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.

• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

[JamesPCNoob]

Hi Broni,

I have uninstalled McAfee as you instructed. and the following is the RoqueKiller log.. Proceeding with the rest of the steps now.

RogueKiller V8.8.0 _x64_ [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Leong [Admin rights]
Mode : Remove -- Date : 01/05/2014 00:02:15
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][SUSP PATH] McAfee Cleanup.job : C:\Users\Leong\AppData\Local\Temp\MCPR\mccleanup.exe - -p MFP,APPSTATS,Auth,EMproxy,FWdiver,McSvcHost,HW,MAS,MAT,MBK,MCPR,McProxy,VUL,MHN,MNA,MOBK,MPFP,MPFPCU,MPS,SHRED,MPSCU,MQC,MQCCU,MSAD,MSHR,MSK,MSKCU,MWL,NMC,RedirSvc,VS,MSC -silent -uipipe McAfeeCleanupUIMessagePipe9550 -s -silent [7][x][x][x][x][x][x][x][x] -> DELETED
[V2][SUSP PATH] McAfee Cleanup : C:\Users\Leong\AppData\Local\Temp\MCPR\mccleanup.exe - -p MFP,APPSTATS,Auth,EMproxy,FWdiver,McSvcHost,HW,MAS,MAT,MBK,MCPR,McProxy,VUL,MHN,MNA,MOBK,MPFP,MPFPCU,MPS,SHRED,MPSCU,MQC,MQCCU,MSAD,MSHR,MSK,MSKCU,MWL,NMC,RedirSvc,VS,MSC -silent -uipipe McAfeeCleanupUIMessagePipe6059 -s -silent [7][x][x][x][x][x][x][x][x] -> ERROR DELETING TASK

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) ET5911R3HH9LPP +++++
--- User ---
[MBR] 5de1e94f0f3a8ebca73b2f6261702d33
[BSP] 379a86e276cbb30cc82cc66fe96d98cb : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 18686 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 38350848 | Size: 458210 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x57] The parameter is incorrect. )

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ SCSI) FFS +++++
--- User ---
[MBR] c3564ef0f46f72296cc63dea0a6de1f4
[BSP] e86c94c2e97988bb3b54b6b98ee566dc : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] OS/2-HIBER (0x84) [HIDDEN!] Offset (sectors): 2048 | Size: 8190 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x57] The parameter is incorrect. )

Finished : << RKreport[0]_D_01052014_000215.txt >>
RKreport[0]_S_01052014_000048.txt

 

[JamesPCNoob]

Broni, I ran MBAR and it detected a malware.. This is the first log:
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2014.01.04.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Leong :: LEONG-PC [administrator]

5/1/2014 12:28:56 AM
mbar-log-2014-01-05 (00-28-56).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 247889
Time elapsed: 14 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\WINDOWS\SYSTEM32\drivers\igdkmd64.sys.bak (Unknown.Rootkit.Driver) -> Replace on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

[JamesPCNoob]

Reboot and ran MBAR again and it came clean:

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2014.01.04.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Leong :: LEONG-PC [administrator]

5/1/2014 12:52:38 AM
mbar-log-2014-01-05 (00-52-38).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 247972
Time elapsed: 29 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

[JamesPCNoob]

Here's the system log:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 8466526208, free: 5962031104

Downloaded database version: v2014.01.04.06
Downloaded database version: v2013.12.18.01
Initializing...
======================
------------ Kernel report ------------
01/05/2014 00:10:53
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\stdcfltn.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\??\C:\Windows\system32\drivers\aswSnx.sys
\??\C:\Windows\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\??\C:\Windows\system32\drivers\aswRdr2.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\Netwsw00.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsPStor.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\system32\DRIVERS\ST_ACCEL.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\irstrtdv.sys
\SystemRoot\system32\DRIVERS\AMPPAL.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\iwdbus.sys
\SystemRoot\system32\DRIVERS\hswpan.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\DRIVERS\iBtFltCoex.sys
\SystemRoot\system32\DRIVERS\btmhsf.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\CtClsFlt.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btmaux.sys
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\aswStm.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\System32\ntdll.dll
\WINDOWS\System32\smss.exe
\WINDOWS\System32\apisetschema.dll
\WINDOWS\System32\autochk.exe
\WINDOWS\System32\msvcrt.dll
\WINDOWS\System32\gdi32.dll
\WINDOWS\System32\kernel32.dll
\WINDOWS\System32\oleaut32.dll
\WINDOWS\System32\iertutil.dll
\WINDOWS\System32\urlmon.dll
\WINDOWS\System32\ole32.dll
\WINDOWS\System32\usp10.dll
\WINDOWS\System32\imm32.dll
\WINDOWS\System32\msctf.dll
\WINDOWS\System32\ws2_32.dll
\WINDOWS\System32\clbcatq.dll
\WINDOWS\System32\lpk.dll
\WINDOWS\System32\difxapi.dll
\WINDOWS\System32\comdlg32.dll
\WINDOWS\System32\rpcrt4.dll
\WINDOWS\System32\shlwapi.dll
\WINDOWS\System32\sechost.dll
\WINDOWS\System32\nsi.dll
\WINDOWS\System32\wininet.dll
\WINDOWS\System32\psapi.dll
\WINDOWS\System32\user32.dll
\WINDOWS\System32\shell32.dll
\WINDOWS\System32\normaliz.dll
\WINDOWS\System32\Wldap32.dll
\WINDOWS\System32\imagehlp.dll
\WINDOWS\System32\advapi32.dll
\WINDOWS\System32\setupapi.dll
\WINDOWS\System32\comctl32.dll
\WINDOWS\System32\wintrust.dll
\WINDOWS\System32\KernelBase.dll
\WINDOWS\System32\crypt32.dll
\WINDOWS\System32\cfgmgr32.dll
\WINDOWS\System32\devobj.dll
\WINDOWS\System32\msasn1.dll
\WINDOWS\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800ff42060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa80080f9050
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800ff41060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xfffffa80080f5050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800ff41060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800ff41b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800ff41060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800fd88cb0, DeviceName: Unknown, DriverName: \Driver\stdcfltn\
DevicePointer: 0xfffffa80080f5050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File C:\WINDOWS\SYSTEM32\drivers\igdkmd64.sys.bak --> [Forged file]
Replacement file found for a file C:\WINDOWS\SYSTEM32\drivers\igdkmd64.sys.bak
Infected: C:\WINDOWS\SYSTEM32\drivers\igdkmd64.sys.bak --> [Unknown.Rootkit.Driver]
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2922C300

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 80262

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 81920 Numsec = 38268928
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 38350848 Numsec = 938414080

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500105547264 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976748647-976768647)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800ff42060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800ff42ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800ff42060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800fd88920, DeviceName: Unknown, DriverName: \Driver\stdcfltn\
DevicePointer: 0xfffffa80080f9050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2922DEF9

Partition information:

Partition 0 type is Other (0x84)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 16773120

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 8589934592 bytes
Sector size: 512 bytes

Done!
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 8466526208, free: 6081630208

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 8466526208, free: 5947752448

Could not load protection driver
=======================================
Initializing...
------------ Kernel report ------------
01/05/2014 00:28:53
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\stdcfltn.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\??\C:\Windows\system32\drivers\aswSnx.sys
\??\C:\Windows\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\??\C:\Windows\system32\drivers\aswRdr2.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\Netwsw00.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsPStor.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\system32\DRIVERS\ST_ACCEL.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\irstrtdv.sys
\SystemRoot\system32\DRIVERS\AMPPAL.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\iwdbus.sys
\SystemRoot\system32\DRIVERS\hswpan.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\iBtFltCoex.sys
\SystemRoot\system32\DRIVERS\btmhsf.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btmaux.sys
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\CtClsFlt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\aswStm.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\System32\ntdll.dll
\WINDOWS\System32\smss.exe
\WINDOWS\System32\apisetschema.dll
\WINDOWS\System32\autochk.exe
\WINDOWS\System32\setupapi.dll
\WINDOWS\System32\shlwapi.dll
\WINDOWS\System32\clbcatq.dll
\WINDOWS\System32\ws2_32.dll
\WINDOWS\System32\rpcrt4.dll
\WINDOWS\System32\wininet.dll
\WINDOWS\System32\comdlg32.dll
\WINDOWS\System32\Wldap32.dll
\WINDOWS\System32\psapi.dll
\WINDOWS\System32\oleaut32.dll
\WINDOWS\System32\nsi.dll
\WINDOWS\System32\kernel32.dll
\WINDOWS\System32\urlmon.dll
\WINDOWS\System32\ole32.dll
\WINDOWS\System32\msctf.dll
\WINDOWS\System32\shell32.dll
\WINDOWS\System32\iertutil.dll
\WINDOWS\System32\lpk.dll
\WINDOWS\System32\advapi32.dll
\WINDOWS\System32\imagehlp.dll
\WINDOWS\System32\difxapi.dll
\WINDOWS\System32\usp10.dll
\WINDOWS\System32\normaliz.dll
\WINDOWS\System32\gdi32.dll
\WINDOWS\System32\msvcrt.dll
\WINDOWS\System32\imm32.dll
\WINDOWS\System32\sechost.dll
\WINDOWS\System32\user32.dll
\WINDOWS\System32\comctl32.dll
\WINDOWS\System32\KernelBase.dll
\WINDOWS\System32\cfgmgr32.dll
\WINDOWS\System32\devobj.dll
\WINDOWS\System32\wintrust.dll
\WINDOWS\System32\crypt32.dll
\WINDOWS\System32\msasn1.dll
\WINDOWS\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800ff23060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8007e42050
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800ff22060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xfffffa8007dc5050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800ff22060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800ff22b20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800ff22060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800fd6da70, DeviceName: Unknown, DriverName: \Driver\stdcfltn\
DevicePointer: 0xfffffa8007dc5050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File C:\WINDOWS\SYSTEM32\drivers\igdkmd64.sys.bak --> [Forged file]
Replacement file found for a file C:\WINDOWS\SYSTEM32\drivers\igdkmd64.sys.bak
Infected: C:\WINDOWS\SYSTEM32\drivers\igdkmd64.sys.bak --> [Unknown.Rootkit.Driver]
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2922C300

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 80262

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 81920 Numsec = 38268928
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 38350848 Numsec = 938414080

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500105547264 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976748647-976768647)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800ff23060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800ff23b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800ff23060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800fd6ec20, DeviceName: Unknown, DriverName: \Driver\stdcfltn\
DevicePointer: 0xfffffa8007e42050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2922DEF9

Partition information:

Partition 0 type is Other (0x84)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 16773120

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 8589934592 bytes
Sector size: 512 bytes

Done!
Scan finished
Creating System Restore point...
Could not create restore point...
Cleaning up...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 8466526208, free: 6523170816

=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 8466526208, free: 6089973760

=======================================
Initializing...
------------ Kernel report ------------
01/05/2014 00:52:33
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\stdcfltn.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\??\C:\Windows\system32\drivers\aswSnx.sys
\??\C:\Windows\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\??\C:\Windows\system32\drivers\aswRdr2.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\Netwsw00.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsPStor.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\system32\DRIVERS\ST_ACCEL.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\irstrtdv.sys
\SystemRoot\system32\DRIVERS\AMPPAL.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\iwdbus.sys
\SystemRoot\system32\DRIVERS\hswpan.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\iBtFltCoex.sys
\SystemRoot\system32\DRIVERS\btmhsf.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\CtClsFlt.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btmaux.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\aswStm.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\System32\ntdll.dll
\WINDOWS\System32\smss.exe
\WINDOWS\System32\apisetschema.dll
\WINDOWS\System32\autochk.exe
\WINDOWS\System32\difxapi.dll
\WINDOWS\System32\shell32.dll
\WINDOWS\System32\normaliz.dll
\WINDOWS\System32\ws2_32.dll
\WINDOWS\System32\shlwapi.dll
\WINDOWS\System32\oleaut32.dll
\WINDOWS\System32\psapi.dll
\WINDOWS\System32\gdi32.dll
\WINDOWS\System32\msctf.dll
\WINDOWS\System32\setupapi.dll
\WINDOWS\System32\nsi.dll
\WINDOWS\System32\lpk.dll
\WINDOWS\System32\advapi32.dll
\WINDOWS\System32\Wldap32.dll
\WINDOWS\System32\usp10.dll
\WINDOWS\System32\urlmon.dll
\WINDOWS\System32\ole32.dll
\WINDOWS\System32\rpcrt4.dll
\WINDOWS\System32\imagehlp.dll
\WINDOWS\System32\comdlg32.dll
\WINDOWS\System32\kernel32.dll
\WINDOWS\System32\imm32.dll
\WINDOWS\System32\msvcrt.dll
\WINDOWS\System32\wininet.dll
\WINDOWS\System32\user32.dll
\WINDOWS\System32\sechost.dll
\WINDOWS\System32\iertutil.dll
\WINDOWS\System32\clbcatq.dll
\WINDOWS\System32\wintrust.dll
\WINDOWS\System32\devobj.dll
\WINDOWS\System32\crypt32.dll
\WINDOWS\System32\KernelBase.dll
\WINDOWS\System32\cfgmgr32.dll
\WINDOWS\System32\comctl32.dll
\WINDOWS\System32\msasn1.dll
\WINDOWS\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800ff41060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa80080f9050
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800ff40060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xfffffa80080f5050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800ff40060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800ff40b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800ff40060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800fd8ac20, DeviceName: Unknown, DriverName: \Driver\stdcfltn\
DevicePointer: 0xfffffa80080f5050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File user open failed: C:\WINDOWS\SYSTEM32\drivers\igdkmd64.sys.bak (0x00000570)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2922C300

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 80262

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 81920 Numsec = 38268928
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 38350848 Numsec = 938414080

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500105547264 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976748647-976768647)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800ff41060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800ff41b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800ff41060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800fd8bcb0, DeviceName: Unknown, DriverName: \Driver\stdcfltn\
DevicePointer: 0xfffffa80080f9050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2922DEF9

Partition information:

Partition 0 type is Other (0x84)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 16773120

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 8589934592 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_81920_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removal finished

 

[Broni]

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[JamesPCNoob]

Here's the TDSSKiller Report: Nothing detected

02:07:03.0124 5940 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
02:07:03.0777 5940 ============================================================
02:07:03.0777 5940 Current date / time: 2014/01/05 02:07:03.0777
02:07:03.0777 5940 SystemInfo:
02:07:03.0777 5940
02:07:03.0777 5940 OS Version: 6.1.7601 ServicePack: 1.0
02:07:03.0777 5940 Product type: Workstation
02:07:03.0778 5940 ComputerName: LEONG-PC
02:07:03.0778 5940 UserName: Leong
02:07:03.0778 5940 Windows directory: C:\Windows
02:07:03.0778 5940 System windows directory: C:\Windows
02:07:03.0778 5940 Running under WOW64
02:07:03.0778 5940 Processor architecture: Intel x64
02:07:03.0778 5940 Number of processors: 4
02:07:03.0778 5940 Page size: 0x1000
02:07:03.0778 5940 Boot type: Normal boot
02:07:03.0778 5940 ============================================================
02:07:06.0612 5940 Drive \Device\Harddisk0\DR0 - Size: 0x74709D0E00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:07:06.0612 5940 Drive \Device\Harddisk1\DR1 - Size: 0x200000000 (8.00 Gb), SectorSize: 0x200, Cylinders: 0x414, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:07:06.0615 5940 ============================================================
02:07:06.0615 5940 \Device\Harddisk0\DR0:
02:07:06.0615 5940 MBR partitions:
02:07:06.0616 5940 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x247F000
02:07:06.0616 5940 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2493000, BlocksNum 0x37EF1000
02:07:06.0616 5940 \Device\Harddisk1\DR1:
02:07:06.0616 5940 MBR partitions:
02:07:06.0616 5940 ============================================================
02:07:06.0617 5940 C: <-> \Device\Harddisk0\DR0\Partition2
02:07:06.0617 5940 ============================================================
02:07:06.0617 5940 Initialize success
02:07:06.0617 5940 ============================================================
02:07:08.0782 4728 ============================================================
02:07:08.0782 4728 Scan started
02:07:08.0782 4728 Mode: Manual;
02:07:08.0782 4728 ============================================================
02:07:11.0713 4728 ================ Scan system memory ========================
02:07:11.0713 4728 System memory - ok
02:07:11.0713 4728 ================ Scan services =============================
02:07:11.0727 4728 0251651388853532mcinstcleanup - ok
02:07:11.0764 4728 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
02:07:11.0767 4728 1394ohci - ok
02:07:11.0773 4728 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
02:07:11.0776 4728 ACPI - ok
02:07:11.0781 4728 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
02:07:11.0782 4728 AcpiPmi - ok
02:07:11.0789 4728 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
02:07:11.0790 4728 AdobeARMservice - ok
02:07:11.0817 4728 [ 1BA1AB4141A92EB34DA99F1249CA2D4D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
02:07:11.0819 4728 AdobeFlashPlayerUpdateSvc - ok
02:07:11.0828 4728 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
02:07:11.0832 4728 adp94xx - ok
02:07:11.0840 4728 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
02:07:11.0843 4728 adpahci - ok
02:07:11.0849 4728 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
02:07:11.0851 4728 adpu320 - ok
02:07:11.0856 4728 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
02:07:11.0858 4728 AeLookupSvc - ok
02:07:11.0863 4728 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
02:07:11.0865 4728 AERTFilters - ok
02:07:11.0874 4728 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
02:07:11.0878 4728 AFD - ok
02:07:11.0883 4728 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
02:07:11.0884 4728 agp440 - ok
02:07:11.0888 4728 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
02:07:11.0889 4728 ALG - ok
02:07:11.0893 4728 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
02:07:11.0895 4728 aliide - ok
02:07:11.0899 4728 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
02:07:11.0900 4728 amdide - ok
02:07:11.0905 4728 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
02:07:11.0907 4728 AmdK8 - ok
02:07:11.0911 4728 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
02:07:11.0912 4728 AmdPPM - ok
02:07:11.0917 4728 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
02:07:11.0919 4728 amdsata - ok
02:07:11.0924 4728 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
02:07:11.0926 4728 amdsbs - ok
02:07:11.0931 4728 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
02:07:11.0932 4728 amdxata - ok
02:07:11.0938 4728 [ 157B1C973637919DCD0D0464167C86BA ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
02:07:11.0940 4728 AMPPAL - ok
02:07:11.0945 4728 [ 157B1C973637919DCD0D0464167C86BA ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
02:07:11.0947 4728 AMPPALP - ok
02:07:11.0957 4728 [ FB70F8C1283C8CC6BFAA6F9971107E68 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
02:07:11.0961 4728 AMPPALR3 - ok
02:07:11.0966 4728 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
02:07:11.0967 4728 AppID - ok
02:07:11.0971 4728 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
02:07:11.0972 4728 AppIDSvc - ok
02:07:11.0977 4728 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
02:07:11.0978 4728 Appinfo - ok
02:07:11.0984 4728 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
02:07:11.0986 4728 arc - ok
02:07:11.0990 4728 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
02:07:11.0991 4728 arcsas - ok
02:07:12.0006 4728 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
02:07:12.0008 4728 aspnet_state - ok
02:07:12.0013 4728 [ 9C2BEA3957EFFD45F352F0938DFB3721 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
02:07:12.0014 4728 aswMonFlt - ok
02:07:12.0019 4728 [ 679712B7A353EE665B9301592164A172 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
02:07:12.0020 4728 aswRdr - ok
02:07:12.0024 4728 [ C04F7B373881009D7994D9BF55D24AB4 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
02:07:12.0025 4728 aswRvrt - ok
02:07:12.0040 4728 [ 52B5F8FAF7E78C02D26B0B6E3A05F596 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
02:07:12.0048 4728 aswSnx - ok
02:07:12.0056 4728 [ 251360C2FCA22BAFE0583314B3262F98 ] aswSP C:\Windows\system32\drivers\aswSP.sys
02:07:12.0061 4728 aswSP - ok
02:07:12.0066 4728 [ AAB5F5336EDBB5D99CC7E1A9F4D8F63F ] aswStm C:\Windows\system32\drivers\aswStm.sys
02:07:12.0067 4728 aswStm - ok
02:07:12.0072 4728 [ 90399625F341AB76BA4B85A5E860EB1F ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
02:07:12.0074 4728 aswVmm - ok
02:07:12.0077 4728 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
02:07:12.0079 4728 AsyncMac - ok
02:07:12.0083 4728 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
02:07:12.0085 4728 atapi - ok
02:07:12.0094 4728 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
02:07:12.0101 4728 AudioEndpointBuilder - ok
02:07:12.0109 4728 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
02:07:12.0113 4728 AudioSrv - ok
02:07:12.0119 4728 [ D74884939D53612FD84AC82C59CCFE27 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
02:07:12.0120 4728 avast! Antivirus - ok
02:07:12.0124 4728 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
02:07:12.0126 4728 AxInstSV - ok
02:07:12.0136 4728 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
02:07:12.0140 4728 b06bdrv - ok
02:07:12.0146 4728 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
02:07:12.0149 4728 b57nd60a - ok
02:07:12.0156 4728 [ 369C1928C9BBED65C9E347448BD376B0 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe
02:07:12.0159 4728 BBSvc - ok
02:07:12.0165 4728 [ 54949AFAC5CE6FA2E4D7846D4362BAB3 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe
02:07:12.0167 4728 BBUpdate - ok
02:07:12.0171 4728 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
02:07:12.0173 4728 BDESVC - ok
02:07:12.0177 4728 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
02:07:12.0178 4728 Beep - ok
02:07:12.0191 4728 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
02:07:12.0197 4728 BFE - ok
02:07:12.0209 4728 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
02:07:12.0217 4728 BITS - ok
02:07:12.0221 4728 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
02:07:12.0222 4728 blbdrive - ok
02:07:12.0239 4728 [ 6D625A18DDFCD0464B914B71293AD837 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
02:07:12.0250 4728 Bluetooth Device Monitor - ok
02:07:12.0319 4728 [ 74B2BF80D966CFE8BC8005D19E40608D ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
02:07:12.0325 4728 Bluetooth Media Service - ok
02:07:12.0339 4728 [ 707BF27D30ADAB7798C69D5BF41C7131 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
02:07:12.0348 4728 Bluetooth OBEX Service - ok
02:07:12.0353 4728 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
02:07:12.0354 4728 bowser - ok
02:07:12.0357 4728 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
02:07:12.0358 4728 BrFiltLo - ok
02:07:12.0362 4728 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
02:07:12.0364 4728 BrFiltUp - ok
02:07:12.0370 4728 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
02:07:12.0372 4728 Browser - ok
02:07:12.0378 4728 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
02:07:12.0382 4728 Brserid - ok
02:07:12.0386 4728 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
02:07:12.0388 4728 BrSerWdm - ok
02:07:12.0392 4728 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
02:07:12.0393 4728 BrUsbMdm - ok
02:07:12.0396 4728 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
02:07:12.0398 4728 BrUsbSer - ok
02:07:12.0403 4728 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
02:07:12.0405 4728 BthEnum - ok
02:07:12.0408 4728 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
02:07:12.0410 4728 BTHMODEM - ok
02:07:12.0417 4728 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
02:07:12.0419 4728 BthPan - ok
02:07:12.0427 4728 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
02:07:12.0432 4728 BTHPORT - ok
02:07:12.0437 4728 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
02:07:12.0439 4728 bthserv - ok
02:07:12.0442 4728 [ FA2D081709A764F6BEE16B7FFE03E36C ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
02:07:12.0443 4728 BTHSSecurityMgr - ok
02:07:12.0449 4728 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
02:07:12.0451 4728 BTHUSB - ok
02:07:12.0456 4728 [ 3676BEAA7D842047D30E95D59B241F22 ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
02:07:12.0457 4728 btmaux - ok
02:07:12.0469 4728 [ FA0E7B5AFB8FD335234916764A2D6CF9 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
02:07:12.0475 4728 btmhsf - ok
02:07:12.0479 4728 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
02:07:12.0481 4728 cdfs - ok
02:07:12.0485 4728 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
02:07:12.0486 4728 cdrom - ok
02:07:12.0490 4728 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
02:07:12.0492 4728 CertPropSvc - ok
02:07:12.0497 4728 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
02:07:12.0498 4728 circlass - ok
02:07:12.0505 4728 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
02:07:12.0509 4728 CLFS - ok
02:07:12.0520 4728 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:07:12.0521 4728 clr_optimization_v2.0.50727_32 - ok
02:07:12.0527 4728 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:07:12.0530 4728 clr_optimization_v2.0.50727_64 - ok
02:07:12.0543 4728 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:07:12.0544 4728 clr_optimization_v4.0.30319_32 - ok
02:07:12.0549 4728 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:07:12.0551 4728 clr_optimization_v4.0.30319_64 - ok
02:07:12.0556 4728 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
02:07:12.0557 4728 CmBatt - ok
02:07:12.0562 4728 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
02:07:12.0564 4728 cmdide - ok
02:07:12.0573 4728 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
02:07:12.0577 4728 CNG - ok
02:07:12.0581 4728 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
02:07:12.0583 4728 Compbatt - ok
02:07:12.0587 4728 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
02:07:12.0588 4728 CompositeBus - ok
02:07:12.0591 4728 COMSysApp - ok
02:07:12.0614 4728 [ 6AB36327DC4FF7CE22F7A33F532F231E ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
02:07:12.0617 4728 cphs - ok
02:07:12.0621 4728 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
02:07:12.0622 4728 crcdisk - ok
02:07:12.0629 4728 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
02:07:12.0632 4728 CryptSvc - ok
02:07:12.0637 4728 [ DF214BFF646880D0EB31BDC86136B29B ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
02:07:12.0639 4728 CtClsFlt - ok
02:07:12.0648 4728 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
02:07:12.0652 4728 DcomLaunch - ok
02:07:12.0659 4728 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
02:07:12.0662 4728 defragsvc - ok
02:07:12.0667 4728 [ 1B25FE6480DD129E2B94A069BC803912 ] DellDigitalDelivery C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
02:07:12.0669 4728 DellDigitalDelivery - ok
02:07:12.0673 4728 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
02:07:12.0675 4728 DfsC - ok
02:07:12.0682 4728 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
02:07:12.0685 4728 Dhcp - ok
02:07:12.0689 4728 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
02:07:12.0691 4728 discache - ok
02:07:12.0694 4728 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
02:07:12.0696 4728 Disk - ok
02:07:12.0701 4728 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
02:07:12.0703 4728 Dnscache - ok
02:07:12.0709 4728 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
02:07:12.0714 4728 dot3svc - ok
02:07:12.0719 4728 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
02:07:12.0721 4728 DPS - ok
02:07:12.0724 4728 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
02:07:12.0725 4728 drmkaud - ok
02:07:12.0740 4728 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
02:07:12.0748 4728 DXGKrnl - ok
02:07:12.0752 4728 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
02:07:12.0755 4728 EapHost - ok
02:07:12.0894 4728 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
02:07:12.0916 4728 ebdrv - ok
02:07:12.0921 4728 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
02:07:12.0922 4728 EFS - ok
02:07:12.0934 4728 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
02:07:12.0940 4728 ehRecvr - ok
02:07:12.0944 4728 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
02:07:12.0946 4728 ehSched - ok
02:07:12.0954 4728 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
02:07:12.0958 4728 elxstor - ok
02:07:12.0962 4728 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
02:07:12.0963 4728 ErrDev - ok
02:07:12.0973 4728 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
02:07:12.0977 4728 EventSystem - ok
02:07:12.0987 4728 [ 52AE29A233832E0C704FD7FC534AF9FB ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
02:07:12.0993 4728 EvtEng - ok
02:07:12.0998 4728 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
02:07:13.0000 4728 exfat - ok
02:07:13.0006 4728 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
02:07:13.0007 4728 fastfat - ok
02:07:13.0018 4728 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
02:07:13.0025 4728 Fax - ok
02:07:13.0028 4728 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
02:07:13.0029 4728 fdc - ok
02:07:13.0032 4728 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
02:07:13.0034 4728 fdPHost - ok
02:07:13.0038 4728 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
02:07:13.0040 4728 FDResPub - ok
02:07:13.0045 4728 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
02:07:13.0046 4728 FileInfo - ok
02:07:13.0049 4728 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
02:07:13.0051 4728 Filetrace - ok
02:07:13.0055 4728 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
02:07:13.0057 4728 flpydisk - ok
02:07:13.0063 4728 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
02:07:13.0066 4728 FltMgr - ok
02:07:13.0084 4728 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
02:07:13.0090 4728 FontCache - ok
02:07:13.0094 4728 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:07:13.0096 4728 FontCache3.0.0.0 - ok
02:07:13.0099 4728 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
02:07:13.0100 4728 FsDepends - ok
02:07:13.0104 4728 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
02:07:13.0105 4728 Fs_Rec - ok
02:07:13.0111 4728 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
02:07:13.0114 4728 fvevol - ok
02:07:13.0119 4728 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
02:07:13.0121 4728 gagp30kx - ok
02:07:13.0132 4728 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
02:07:13.0139 4728 gpsvc - ok
02:07:13.0143 4728 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:07:13.0144 4728 gupdate - ok
02:07:13.0148 4728 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:07:13.0149 4728 gupdatem - ok
02:07:13.0153 4728 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
02:07:13.0154 4728 hcw85cir - ok
02:07:13.0159 4728 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
02:07:13.0161 4728 HDAudBus - ok
02:07:13.0165 4728 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
02:07:13.0166 4728 HidBatt - ok
02:07:13.0171 4728 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
02:07:13.0173 4728 HidBth - ok
02:07:13.0177 4728 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
02:07:13.0179 4728 HidIr - ok
02:07:13.0182 4728 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
02:07:13.0185 4728 hidserv - ok
02:07:13.0188 4728 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
02:07:13.0189 4728 HidUsb - ok
02:07:13.0194 4728 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
02:07:13.0197 4728 hkmsvc - ok
02:07:13.0202 4728 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
02:07:13.0206 4728 HomeGroupListener - ok
02:07:13.0211 4728 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
02:07:13.0215 4728 HomeGroupProvider - ok
02:07:13.0220 4728 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
02:07:13.0221 4728 HpSAMD - ok
02:07:13.0226 4728 [ 436819F9B8B0032791400BD5B4934FAB ] hswpan C:\Windows\system32\DRIVERS\hswpan.sys
02:07:13.0227 4728 hswpan - ok
02:07:13.0238 4728 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
02:07:13.0245 4728 HTTP - ok
02:07:13.0249 4728 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
02:07:13.0250 4728 hwpolicy - ok
02:07:13.0254 4728 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
02:07:13.0256 4728 i8042prt - ok
02:07:13.0268 4728 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\drivers\iaStor.sys
02:07:13.0272 4728 iaStor - ok
02:07:13.0276 4728 [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
02:07:13.0277 4728 IAStorDataMgrSvc - ok
02:07:13.0285 4728 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
02:07:13.0290 4728 iaStorV - ok
02:07:13.0294 4728 [ 653A38B868A5F20BB506AB57AC41B936 ] ibtfltcoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
02:07:13.0296 4728 ibtfltcoex - ok
02:07:13.0405 4728 [ A43D33528347ED77A8EE1A4C61425285 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
02:07:13.0430 4728 IconMan_R - ok
02:07:13.0443 4728 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:07:13.0450 4728 idsvc - ok
02:07:13.0605 4728 [ 937CB7CC3E71A93771B72C8C52B9EA81 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
02:07:13.0717 4728 igfx - ok
02:07:13.0725 4728 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
02:07:13.0726 4728 iirsp - ok
02:07:13.0739 4728 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
02:07:13.0747 4728 IKEEXT - ok
02:07:13.0752 4728 [ A387D6DE360C3B2284B23000B212910A ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
02:07:13.0754 4728 intaud_WaveExtensible - ok
02:07:13.0796 4728 [ 231B6C6952E474E9A8348B976C904C80 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
02:07:13.0828 4728 IntcAzAudAddService - ok
02:07:13.0835 4728 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
02:07:13.0838 4728 IntcDAud - ok
02:07:13.0848 4728 [ 7C76466F4E0F76CE259C6005D161E9E8 ] Intel(R) Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe
02:07:13.0854 4728 Intel(R) Capability Licensing Service Interface - ok
02:07:13.0857 4728 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
02:07:13.0858 4728 intelide - ok
02:07:13.0863 4728 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
02:07:13.0865 4728 intelppm - ok
02:07:13.0869 4728 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
02:07:13.0872 4728 IPBusEnum - ok
02:07:13.0875 4728 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:07:13.0877 4728 IpFilterDriver - ok
02:07:13.0886 4728 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
02:07:13.0890 4728 iphlpsvc - ok
02:07:13.0893 4728 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
02:07:13.0895 4728 IPMIDRV - ok
02:07:13.0899 4728 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
02:07:13.0900 4728 IPNAT - ok
02:07:13.0904 4728 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
02:07:13.0905 4728 IRENUM - ok
02:07:13.0908 4728 [ 6DC22BDAA595BE00F19696E72F2F3312 ] irstrtdv C:\Windows\system32\DRIVERS\irstrtdv.sys
02:07:13.0911 4728 irstrtdv - ok
02:07:13.0916 4728 [ 205FD80EF4B9832F9763B9A187957260 ] irstrtsv C:\Windows\SysWOW64\irstrtsv.exe
02:07:13.0918 4728 irstrtsv - ok
02:07:13.0922 4728 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

 

[JamesPCNoob]

02:07:13.0923 4728 isapnp - ok
02:07:13.0931 4728 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
02:07:13.0934 4728 iScsiPrt - ok
02:07:13.0938 4728 [ 846354992EBB373F452EB9182D501B08 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
02:07:13.0939 4728 iusb3hcs - ok
02:07:13.0946 4728 [ 1D88A23853387D34D52CC8F9DDBFC56C ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
02:07:13.0949 4728 iusb3hub - ok
02:07:13.0961 4728 [ FC5EFD7C797DF19DFB999F0605A7924E ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
02:07:13.0967 4728 iusb3xhc - ok
02:07:13.0972 4728 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys
02:07:13.0973 4728 iwdbus - ok
02:07:13.0979 4728 [ D22982C269775BCBDDA8A0F82A9ADE9E ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
02:07:13.0980 4728 jhi_service - ok
02:07:13.0983 4728 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
02:07:13.0985 4728 kbdclass - ok
02:07:13.0988 4728 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
02:07:13.0990 4728 kbdhid - ok
02:07:13.0993 4728 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
02:07:13.0996 4728 KeyIso - ok
02:07:13.0999 4728 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
02:07:14.0001 4728 KSecDD - ok
02:07:14.0005 4728 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
02:07:14.0007 4728 KSecPkg - ok
02:07:14.0010 4728 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
02:07:14.0013 4728 ksthunk - ok
02:07:14.0019 4728 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
02:07:14.0024 4728 KtmRm - ok
02:07:14.0031 4728 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
02:07:14.0036 4728 LanmanServer - ok
02:07:14.0040 4728 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
02:07:14.0044 4728 LanmanWorkstation - ok
02:07:14.0049 4728 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
02:07:14.0050 4728 lltdio - ok
02:07:14.0056 4728 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
02:07:14.0060 4728 lltdsvc - ok
02:07:14.0064 4728 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
02:07:14.0066 4728 lmhosts - ok
02:07:14.0072 4728 [ 5C08357C65F658E29B5DDC2EF18D575C ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
02:07:14.0075 4728 LMS - ok
02:07:14.0081 4728 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
02:07:14.0083 4728 LSI_FC - ok
02:07:14.0088 4728 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
02:07:14.0090 4728 LSI_SAS - ok
02:07:14.0094 4728 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
02:07:14.0096 4728 LSI_SAS2 - ok
02:07:14.0100 4728 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
02:07:14.0102 4728 LSI_SCSI - ok
02:07:14.0105 4728 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
02:07:14.0107 4728 luafv - ok
02:07:14.0113 4728 [ 90AA9E273410AD7A41D2D06E0FB46022 ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys
02:07:14.0115 4728 mbamchameleon - ok
02:07:14.0118 4728 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
02:07:14.0119 4728 MBAMProtector - ok
02:07:14.0126 4728 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
02:07:14.0130 4728 MBAMScheduler - ok
02:07:14.0139 4728 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
02:07:14.0145 4728 MBAMService - ok
02:07:14.0149 4728 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
02:07:14.0152 4728 Mcx2Svc - ok
02:07:14.0155 4728 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
02:07:14.0157 4728 megasas - ok
02:07:14.0163 4728 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
02:07:14.0166 4728 MegaSR - ok
02:07:14.0170 4728 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
02:07:14.0171 4728 MEIx64 - ok
02:07:14.0176 4728 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
02:07:14.0179 4728 MMCSS - ok
02:07:14.0181 4728 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
02:07:14.0183 4728 Modem - ok
02:07:14.0187 4728 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
02:07:14.0189 4728 monitor - ok
02:07:14.0192 4728 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
02:07:14.0193 4728 mouclass - ok
02:07:14.0197 4728 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
02:07:14.0198 4728 mouhid - ok
02:07:14.0202 4728 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
02:07:14.0204 4728 mountmgr - ok
02:07:14.0210 4728 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
02:07:14.0212 4728 mpio - ok
02:07:14.0216 4728 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
02:07:14.0218 4728 mpsdrv - ok
02:07:14.0230 4728 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
02:07:14.0238 4728 MpsSvc - ok
02:07:14.0243 4728 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
02:07:14.0245 4728 MRxDAV - ok
02:07:14.0249 4728 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
02:07:14.0251 4728 mrxsmb - ok
02:07:14.0258 4728 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:07:14.0261 4728 mrxsmb10 - ok
02:07:14.0265 4728 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:07:14.0267 4728 mrxsmb20 - ok
02:07:14.0270 4728 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
02:07:14.0272 4728 msahci - ok
02:07:14.0277 4728 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
02:07:14.0279 4728 msdsm - ok
02:07:14.0283 4728 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
02:07:14.0288 4728 MSDTC - ok
02:07:14.0293 4728 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
02:07:14.0294 4728 Msfs - ok
02:07:14.0297 4728 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
02:07:14.0299 4728 mshidkmdf - ok
02:07:14.0302 4728 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
02:07:14.0304 4728 msisadrv - ok
02:07:14.0308 4728 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
02:07:14.0311 4728 MSiSCSI - ok
02:07:14.0314 4728 msiserver - ok
02:07:14.0319 4728 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
02:07:14.0320 4728 MSKSSRV - ok
02:07:14.0322 4728 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
02:07:14.0324 4728 MSPCLOCK - ok
02:07:14.0328 4728 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
02:07:14.0329 4728 MSPQM - ok
02:07:14.0337 4728 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
02:07:14.0339 4728 MsRPC - ok
02:07:14.0346 4728 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
02:07:14.0347 4728 mssmbios - ok
02:07:14.0351 4728 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
02:07:14.0352 4728 MSTEE - ok
02:07:14.0356 4728 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
02:07:14.0358 4728 MTConfig - ok
02:07:14.0362 4728 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
02:07:14.0364 4728 Mup - ok
02:07:14.0369 4728 [ 4D02A9A4AAE43280D8631F232AAD79BC ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
02:07:14.0372 4728 MyWiFiDHCPDNS - ok
02:07:14.0380 4728 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
02:07:14.0386 4728 napagent - ok
02:07:14.0392 4728 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
02:07:14.0395 4728 NativeWifiP - ok
02:07:14.0408 4728 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\Windows\system32\drivers\ndis.sys
02:07:14.0413 4728 NDIS - ok
02:07:14.0416 4728 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
02:07:14.0418 4728 NdisCap - ok
02:07:14.0422 4728 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
02:07:14.0423 4728 NdisTapi - ok
02:07:14.0427 4728 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
02:07:14.0429 4728 Ndisuio - ok
02:07:14.0434 4728 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
02:07:14.0436 4728 NdisWan - ok
02:07:14.0440 4728 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
02:07:14.0441 4728 NDProxy - ok
02:07:14.0446 4728 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
02:07:14.0447 4728 NetBIOS - ok
02:07:14.0452 4728 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
02:07:14.0455 4728 NetBT - ok
02:07:14.0459 4728 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
02:07:14.0461 4728 Netlogon - ok
02:07:14.0467 4728 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
02:07:14.0472 4728 Netman - ok
02:07:14.0483 4728 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:07:14.0485 4728 NetMsmqActivator - ok
02:07:14.0488 4728 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:07:14.0489 4728 NetPipeActivator - ok
02:07:14.0497 4728 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
02:07:14.0501 4728 netprofm - ok
02:07:14.0504 4728 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:07:14.0505 4728 NetTcpActivator - ok
02:07:14.0509 4728 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:07:14.0511 4728 NetTcpPortSharing - ok
02:07:14.0621 4728 [ 262225F08B891FD7F16B3B93A3177C1F ] NETwNs64 C:\Windows\system32\DRIVERS\Netwsw00.sys
02:07:14.0707 4728 NETwNs64 - ok
02:07:14.0713 4728 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
02:07:14.0715 4728 nfrd960 - ok
02:07:14.0724 4728 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
02:07:14.0729 4728 NlaSvc - ok
02:07:14.0765 4728 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
02:07:14.0786 4728 NOBU - ok
02:07:14.0791 4728 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
02:07:14.0792 4728 Npfs - ok
02:07:14.0796 4728 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
02:07:14.0799 4728 nsi - ok
02:07:14.0803 4728 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
02:07:14.0805 4728 nsiproxy - ok
02:07:14.0828 4728 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
02:07:14.0836 4728 Ntfs - ok
02:07:14.0839 4728 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
02:07:14.0840 4728 Null - ok
02:07:14.0992 4728 [ 62CFE4DB3B014D248B70D1076636B001 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
02:07:15.0095 4728 nvlddmkm - ok
02:07:15.0101 4728 [ 9FD33B959A8FA8912D84589140D18AF5 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
02:07:15.0103 4728 nvpciflt - ok
02:07:15.0107 4728 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
02:07:15.0110 4728 nvraid - ok
02:07:15.0114 4728 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
02:07:15.0116 4728 nvstor - ok
02:07:15.0125 4728 [ 819AC5E0E3499D7333995C8976A3C196 ] NvStUSB C:\Windows\system32\drivers\nvstusb.sys
02:07:15.0129 4728 NvStUSB - ok
02:07:15.0140 4728 [ 09EA4E7A5BB2F65DB0818CC5385E0A19 ] nvsvc C:\Windows\system32\nvvsvc.exe
02:07:15.0147 4728 nvsvc - ok
02:07:15.0234 4728 [ 961A4BD1A239F032056CE5F9B61CAE6D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
02:07:15.0249 4728 nvUpdatusService - ok
02:07:15.0255 4728 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
02:07:15.0256 4728 nv_agp - ok
02:07:15.0260 4728 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
02:07:15.0263 4728 ohci1394 - ok
02:07:15.0269 4728 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
02:07:15.0272 4728 p2pimsvc - ok
02:07:15.0281 4728 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
02:07:15.0286 4728 p2psvc - ok
02:07:15.0307 4728 [ 836266D31F9B7920ED04C4775E401FBC ] PanService C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe
02:07:15.0316 4728 PanService - ok
02:07:15.0321 4728 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
02:07:15.0323 4728 Parport - ok
02:07:15.0328 4728 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
02:07:15.0329 4728 partmgr - ok
02:07:15.0334 4728 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
02:07:15.0338 4728 PcaSvc - ok
02:07:15.0343 4728 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
02:07:15.0346 4728 pci - ok
02:07:15.0349 4728 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
02:07:15.0351 4728 pciide - ok
02:07:15.0357 4728 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
02:07:15.0359 4728 pcmcia - ok
02:07:15.0363 4728 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
02:07:15.0365 4728 pcw - ok
02:07:15.0374 4728 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
02:07:15.0380 4728 PEAUTH - ok
02:07:15.0384 4728 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
02:07:15.0386 4728 PerfHost - ok
02:07:15.0447 4728 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
02:07:15.0472 4728 pla - ok
02:07:15.0482 4728 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
02:07:15.0489 4728 PlugPlay - ok
02:07:15.0493 4728 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
02:07:15.0496 4728 PNRPAutoReg - ok
02:07:15.0502 4728 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
02:07:15.0505 4728 PNRPsvc - ok
02:07:15.0514 4728 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
02:07:15.0519 4728 PolicyAgent - ok
02:07:15.0524 4728 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
02:07:15.0528 4728 Power - ok
02:07:15.0532 4728 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
02:07:15.0534 4728 PptpMiniport - ok
02:07:15.0538 4728 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
02:07:15.0540 4728 Processor - ok
02:07:15.0546 4728 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
02:07:15.0550 4728 ProfSvc - ok
02:07:15.0645 4728 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
02:07:15.0647 4728 ProtectedStorage - ok
02:07:15.0651 4728 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
02:07:15.0652 4728 Psched - ok
02:07:15.0671 4728 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
02:07:15.0683 4728 ql2300 - ok
02:07:15.0689 4728 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
02:07:15.0691 4728 ql40xx - ok
02:07:15.0696 4728 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
02:07:15.0700 4728 QWAVE - ok
02:07:15.0705 4728 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
02:07:15.0706 4728 QWAVEdrv - ok
02:07:15.0710 4728 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
02:07:15.0711 4728 RasAcd - ok
02:07:15.0715 4728 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
02:07:15.0717 4728 RasAgileVpn - ok
02:07:15.0721 4728 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
02:07:15.0725 4728 RasAuto - ok
02:07:15.0730 4728 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
02:07:15.0732 4728 Rasl2tp - ok
02:07:15.0739 4728 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
02:07:15.0744 4728 RasMan - ok
02:07:15.0748 4728 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
02:07:15.0750 4728 RasPppoe - ok
02:07:15.0754 4728 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
02:07:15.0755 4728 RasSstp - ok
02:07:15.0763 4728 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
02:07:15.0767 4728 rdbss - ok
02:07:15.0771 4728 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
02:07:15.0773 4728 rdpbus - ok
02:07:15.0777 4728 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
02:07:15.0779 4728 RDPCDD - ok
02:07:15.0783 4728 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
02:07:15.0785 4728 RDPENCDD - ok
02:07:15.0790 4728 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
02:07:15.0792 4728 RDPREFMP - ok
02:07:15.0798 4728 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
02:07:15.0799 4728 RDPWD - ok
02:07:15.0805 4728 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
02:07:15.0807 4728 rdyboost - ok
02:07:15.0811 4728 [ 96EFEC24346A8EB1157E80523079ADDC ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
02:07:15.0812 4728 RealNetworks Downloader Resolver Service - ok
02:07:15.0818 4728 [ C480D028012881E0136962A49379688D ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
02:07:15.0819 4728 RegSrvc - ok
02:07:15.0823 4728 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
02:07:15.0826 4728 RemoteAccess - ok
02:07:15.0831 4728 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
02:07:15.0834 4728 RemoteRegistry - ok
02:07:15.0839 4728 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
02:07:15.0842 4728 RFCOMM - ok
02:07:15.0846 4728 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
02:07:15.0849 4728 RpcEptMapper - ok
02:07:15.0852 4728 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
02:07:15.0855 4728 RpcLocator - ok
02:07:15.0862 4728 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
02:07:15.0868 4728 RpcSs - ok
02:07:15.0876 4728 [ 1EA2EDA2D6CD253CE3EC3387FEAA40AC ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
02:07:15.0880 4728 RSPCIESTOR - ok
02:07:15.0884 4728 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
02:07:15.0885 4728 rspndr - ok
02:07:15.0890 4728 [ 5D63CCD46688B775382AA68EF844510C ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
02:07:15.0891 4728 RtkAudioService - ok
02:07:15.0901 4728 [ 7F4F11527AF5A7E4526CB6A146B3E40C ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
02:07:15.0907 4728 RTL8167 - ok
02:07:15.0911 4728 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
02:07:15.0913 4728 SamSs - ok
02:07:15.0918 4728 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
02:07:15.0920 4728 sbp2port - ok
02:07:15.0925 4728 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
02:07:15.0929 4728 SCardSvr - ok
02:07:15.0932 4728 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
02:07:15.0934 4728 scfilter - ok
02:07:15.0949 4728 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
02:07:15.0957 4728 Schedule - ok
02:07:15.0961 4728 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
02:07:15.0962 4728 SCPolicySvc - ok
02:07:15.0966 4728 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
02:07:15.0969 4728 sdbus - ok
02:07:15.0974 4728 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
02:07:15.0979 4728 SDRSVC - ok
02:07:15.0982 4728 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
02:07:15.0983 4728 secdrv - ok
02:07:15.0987 4728 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
02:07:15.0990 4728 seclogon - ok
02:07:15.0994 4728 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
02:07:15.0997 4728 SENS - ok
02:07:16.0001 4728 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
02:07:16.0004 4728 SensrSvc - ok
02:07:16.0007 4728 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
02:07:16.0009 4728 Serenum - ok
02:07:16.0014 4728 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
02:07:16.0016 4728 Serial - ok
02:07:16.0019 4728 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
02:07:16.0021 4728 sermouse - ok
02:07:16.0030 4728 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
02:07:16.0034 4728 SessionEnv - ok
02:07:16.0038 4728 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
02:07:16.0040 4728 sffdisk - ok
02:07:16.0043 4728 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
02:07:16.0046 4728 sffp_mmc - ok
02:07:16.0049 4728 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
02:07:16.0051 4728 sffp_sd - ok
02:07:16.0054 4728 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
02:07:16.0056 4728 sfloppy - ok
02:07:16.0080 4728 [ 4215C271D6E6898C3F4DABAB4F387DC9 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
02:07:16.0094 4728 SftService - ok
02:07:16.0101 4728 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
02:07:16.0105 4728 SharedAccess - ok
02:07:16.0113 4728 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
02:07:16.0118 4728 ShellHWDetection - ok
02:07:16.0122 4728 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
02:07:16.0123 4728 SiSRaid2 - ok
02:07:16.0128 4728 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
02:07:16.0130 4728 SiSRaid4 - ok
02:07:16.0136 4728 [ 6128E98EAAED364ED1A32708D2FD22CB ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
02:07:16.0137 4728 SkypeUpdate - ok
02:07:16.0141 4728 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
02:07:16.0144 4728 Smb - ok
02:07:16.0147 4728 [ EB5052F1D1D52C0C5C57A34ADC5F1723 ] SmbDrvAMDASF C:\Windows\system32\drivers\Smb_driver_AMDASF.sys
02:07:16.0149 4728 SmbDrvAMDASF - ok
02:07:16.0152 4728 [ BEE37C41382FF5AC41BB5565AB8B3793 ] SmbDrvIntel C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
02:07:16.0154 4728 SmbDrvIntel - ok
02:07:16.0161 4728 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
02:07:16.0164 4728 SNMPTRAP - ok
02:07:16.0168 4728 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
02:07:16.0169 4728 spldr - ok
02:07:16.0179 4728 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
02:07:16.0186 4728 Spooler - ok
02:07:16.0225 4728 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
02:07:16.0244 4728 sppsvc - ok
02:07:16.0249 4728 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
02:07:16.0252 4728 sppuinotify - ok
02:07:16.0260 4728 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
02:07:16.0264 4728 srv - ok
02:07:16.0272 4728 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
02:07:16.0276 4728 srv2 - ok
02:07:16.0281 4728 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
02:07:16.0283 4728 srvnet - ok
02:07:16.0288 4728 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
02:07:16.0293 4728 SSDPSRV - ok
02:07:16.0297 4728 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
02:07:16.0300 4728 SstpSvc - ok
02:07:16.0305 4728 [ E4EA2412FB1B8AEE33667A9CC6D456A4 ] stdcfltn C:\Windows\system32\DRIVERS\stdcfltn.sys
02:07:16.0306 4728 stdcfltn - ok
02:07:16.0315 4728 [ A87A39F9B42D82F5D60D36BB1D3CC9D3 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
02:07:16.0319 4728 Steam Client Service - ok
02:07:16.0327 4728 [ 4742AB11FCD9E1A2A3790AC50320CCEC ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
02:07:16.0330 4728 Stereo Service - ok
02:07:16.0333 4728 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
02:07:16.0335 4728 stexstor - ok
02:07:16.0345 4728 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
02:07:16.0352 4728 stisvc - ok
02:07:16.0356 4728 [ 10D69C83513B50F34032F7F96E40019D ] ST_ACCEL C:\Windows\system32\DRIVERS\ST_ACCEL.sys
02:07:16.0358 4728 ST_ACCEL - ok
02:07:16.0361 4728 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
02:07:16.0363 4728 swenum - ok
02:07:16.0372 4728 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
02:07:16.0379 4728 swprv - ok
02:07:16.0390 4728 [ DC566058D1FB7E8170BC4073CA042EA2 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
02:07:16.0395 4728 SynTP - ok
02:07:16.0459 4728 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
02:07:16.0471 4728 SysMain - ok
02:07:16.0476 4728 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
02:07:16.0480 4728 TabletInputService - ok
02:07:16.0487 4728 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
02:07:16.0492 4728 TapiSrv - ok
02:07:16.0497 4728 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
02:07:16.0500 4728 TBS - ok
02:07:16.0522 4728 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
02:07:16.0538 4728 Tcpip - ok
02:07:16.0562 4728 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
02:07:16.0571 4728 TCPIP6 - ok
02:07:16.0578 4728 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
02:07:16.0579 4728 tcpipreg - ok
02:07:16.0584 4728 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
02:07:16.0586 4728 TDPIPE - ok
02:07:16.0590 4728 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
02:07:16.0592 4728 TDTCP - ok
02:07:16.0600 4728 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
02:07:16.0602 4728 tdx - ok
02:07:16.0605 4728 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
02:07:16.0607 4728 TermDD - ok
02:07:16.0618 4728 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
02:07:16.0623 4728 TermService - ok
02:07:16.0628 4728 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
02:07:16.0631 4728 Themes - ok
02:07:16.0636 4728 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
02:07:16.0638 4728 THREADORDER - ok
02:07:16.0642 4728 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
02:07:16.0646 4728 TrkWks - ok
02:07:16.0650 4728 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
02:07:16.0652 4728 TrustedInstaller - ok
02:07:16.0660 4728 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
02:07:16.0662 4728 tssecsrv - ok
02:07:16.0667 4728 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
02:07:16.0669 4728 TsUsbFlt - ok
02:07:16.0673 4728 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
02:07:16.0675 4728 TsUsbGD - ok
02:07:16.0679 4728 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
02:07:16.0681 4728 tunnel - ok
02:07:16.0686 4728 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
02:07:16.0688 4728 uagp35 - ok
02:07:16.0695 4728 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
02:07:16.0699 4728 udfs - ok
02:07:16.0706 4728 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
02:07:16.0710 4728 UI0Detect - ok
02:07:16.0713 4728 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
02:07:16.0715 4728 uliagpkx - ok
02:07:16.0719 4728 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
02:07:16.0720 4728 umbus - ok
02:07:16.0725 4728 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
02:07:16.0727 4728 UmPass - ok
02:07:16.0734 4728 [ 0DFC9713D117B349E41A2A477448107A ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
02:07:16.0736 4728 UNS - ok
02:07:16.0743 4728 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
02:07:16.0748 4728 upnphost - ok
02:07:16.0753 4728 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
02:07:16.0755 4728 usbccgp - ok
02:07:16.0759 4728 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
02:07:16.0761 4728 usbcir - ok
02:07:16.0765 4728 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
02:07:16.0766 4728 usbehci - ok
02:07:16.0774 4728 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
02:07:16.0778 4728 usbhub - ok
02:07:16.0782 4728 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
02:07:16.0783 4728 usbohci - ok
02:07:16.0788 4728 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
02:07:16.0790 4728 usbprint - ok
02:07:16.0795 4728 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:07:16.0797 4728 USBSTOR - ok
02:07:16.0801 4728 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
02:07:16.0803 4728 usbuhci - ok
02:07:16.0808 4728 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
02:07:16.0811 4728 usbvideo - ok
02:07:16.0815 4728 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
02:07:16.0818 4728 UxSms - ok
02:07:16.0821 4728 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
02:07:16.0823 4728 VaultSvc - ok
02:07:16.0828 4728 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
02:07:16.0830 4728 vdrvroot - ok
02:07:16.0839 4728 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
02:07:16.0846 4728 vds - ok
02:07:16.0850 4728 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
02:07:16.0852 4728 vga - ok
02:07:16.0855 4728 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
02:07:16.0858 4728 VgaSave - ok
02:07:16.0864 4728 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
02:07:16.0866 4728 vhdmp - ok
02:07:16.0870 4728 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
02:07:16.0872 4728 viaide - ok
02:07:16.0878 4728 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
02:07:16.0880 4728 volmgr - ok
02:07:16.0886 4728 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
02:07:16.0890 4728 volmgrx - ok
02:07:16.0898 4728 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
02:07:16.0901 4728 volsnap - ok
02:07:16.0907 4728 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
02:07:16.0910 4728 vsmraid - ok
02:07:16.0931 4728 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
02:07:16.0946 4728 VSS - ok
02:07:16.0951 4728 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
02:07:16.0953 4728 vwifibus - ok
02:07:16.0958 4728 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
02:07:16.0960 4728 vwififlt - ok
02:07:16.0964 4728 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
02:07:16.0966 4728 vwifimp - ok
02:07:16.0974 4728 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
02:07:16.0978 4728 W32Time - ok
02:07:16.0983 4728 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
02:07:16.0986 4728 WacomPen - ok
02:07:16.0990 4728 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
02:07:16.0993 4728 WANARP - ok
02:07:16.0996 4728 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
02:07:16.0998 4728 Wanarpv6 - ok
02:07:17.0017 4728 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
02:07:17.0032 4728 wbengine - ok
02:07:17.0038 4728 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
02:07:17.0042 4728 WbioSrvc - ok
02:07:17.0050 4728 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
02:07:17.0055 4728 wcncsvc - ok
02:07:17.0060 4728 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
02:07:17.0063 4728 WcsPlugInService - ok
02:07:17.0067 4728 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
02:07:17.0069 4728 Wd - ok
02:07:17.0080 4728 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
02:07:17.0086 4728 Wdf01000 - ok
02:07:17.0090 4728 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
02:07:17.0095 4728 WdiServiceHost - ok
02:07:17.0098 4728 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
02:07:17.0101 4728 WdiSystemHost - ok
02:07:17.0107 4728 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
02:07:17.0112 4728 WebClient - ok
02:07:17.0120 4728 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
02:07:17.0124 4728 Wecsvc - ok
02:07:17.0129 4728 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
02:07:17.0133 4728 wercplsupport - ok
02:07:17.0137 4728 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
02:07:17.0141 4728 WerSvc - ok
02:07:17.0145 4728 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
02:07:17.0147 4728 WfpLwf - ok
02:07:17.0151 4728 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
02:07:17.0154 4728 WimFltr - ok
02:07:17.0157 4728 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
02:07:17.0160 4728 WIMMount - ok
02:07:17.0162 4728 WinDefend - ok
02:07:17.0169 4728 WinHttpAutoProxySvc - ok
02:07:17.0181 4728 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
02:07:17.0184 4728 Winmgmt - ok
02:07:17.0234 4728 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
02:07:17.0252 4728 WinRM - ok
02:07:17.0269 4728 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
02:07:17.0279 4728 Wlansvc - ok
02:07:17.0284 4728 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
02:07:17.0286 4728 wlcrasvc - ok
02:07:17.0315 4728 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:07:17.0333 4728 wlidsvc - ok
02:07:17.0338 4728 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
02:07:17.0339 4728 WmiAcpi - ok
02:07:17.0347 4728 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
02:07:17.0349 4728 wmiApSrv - ok
02:07:17.0352 4728 WMPNetworkSvc - ok
02:07:17.0357 4728 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
02:07:17.0361 4728 WPCSvc - ok
02:07:17.0366 4728 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
02:07:17.0370 4728 WPDBusEnum - ok
02:07:17.0374 4728 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
02:07:17.0376 4728 ws2ifsl - ok
02:07:17.0381 4728 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
02:07:17.0385 4728 wscsvc - ok
02:07:17.0388 4728 WSearch - ok
02:07:17.0420 4728 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
02:07:17.0442 4728 wuauserv - ok
02:07:17.0447 4728 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
02:07:17.0450 4728 WudfPf - ok
02:07:17.0456 4728 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
02:07:17.0459 4728 WUDFRd - ok
02:07:17.0463 4728 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
02:07:17.0466 4728 wudfsvc - ok
02:07:17.0473 4728 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
02:07:17.0478 4728 WwanSvc - ok
02:07:17.0514 4728 [ 118C018DF1C53B94F8C06D2CABBBDA52 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
02:07:17.0534 4728 ZeroConfigService - ok
02:07:17.0545 4728 ================ Scan global ===============================
02:07:17.0552 4728 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
02:07:17.0671 4728 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
02:07:17.0691 4728 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
02:07:17.0697 4728 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
02:07:17.0706 4728 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
02:07:17.0710 4728 [Global] - ok


02:07:17.0711 4728 ================ Scan MBR ==================================
02:07:17.0713 4728 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
02:07:17.0901 4728 \Device\Harddisk0\DR0 - ok
02:07:17.0905 4728 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
02:07:17.0908 4728 \Device\Harddisk1\DR1 - ok
02:07:17.0909 4728 ================ Scan VBR ==================================
02:07:17.0912 4728 [ 4B36DD56D0EFE20A18ABC0DFC318295B ] \Device\Harddisk0\DR0\Partition1
02:07:17.0915 4728 \Device\Harddisk0\DR0\Partition1 - ok
02:07:17.0920 4728 [ 03FB54D3C2EE2A8C5C894014DB1DDE47 ] \Device\Harddisk0\DR0\Partition2
02:07:17.0921 4728 \Device\Harddisk0\DR0\Partition2 - ok
02:07:17.0922 4728 ============================================================
02:07:17.0922 4728 Scan finished
02:07:17.0922 4728 ============================================================
02:07:17.0931 3472 Detected object count: 0
02:07:17.0931 3472 Actual detected object count: 0

 

[Broni]

Good.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[JamesPCNoob]

Broni, Find below Combofix log

ComboFix 14-01-04.03 - Leong 05/01/2014 19:28:44.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.60.1033.18.8074.3201 [GMT 3:00]
Running from: c:\users\Leong\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
((((((((((((((((((((((((( Files Created from 2013-12-05 to 2014-01-05 )))))))))))))))))))))))))))))))
.
.
2014-01-05 16:34 . 2014-01-05 16:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-01-05 16:34 . 2014-01-05 16:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-05 02:44 . 2014-01-05 02:44 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E066999-CB71-4D87-848E-1197B87DAA67}\offreg.dll
2014-01-05 02:41 . 2013-12-15 22:54 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E066999-CB71-4D87-848E-1197B87DAA67}\mpengine.dll
2014-01-04 21:10 . 2014-01-04 22:22 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-04 21:10 . 2014-01-04 21:52 117464 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-01-04 21:09 . 2014-01-04 21:09 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-04 20:59 . 2014-01-04 20:59 7680 ----a-w- c:\windows\system32\drivers\RDPENCDD.sys.bak
2014-01-04 20:58 . 2014-01-04 20:58 82944 ----a-w- c:\windows\system32\drivers\ipfltdrv.sys.bak
2014-01-04 20:57 . 2014-01-04 20:57 23040 ----a-w- c:\windows\system32\drivers\asyncmac.sys.bak
2014-01-03 19:01 . 2014-01-03 19:01 -------- d-----w- C:\Emergency
2014-01-03 18:17 . 2014-01-03 19:01 -------- d-----w- c:\windows\SMINST
2014-01-03 14:27 . 2014-01-03 14:28 -------- d-----w- c:\program files (x86)\HD Tune
2014-01-03 14:21 . 2014-01-03 14:21 -------- d-----w- c:\program files\HitmanPro
2014-01-03 14:05 . 2014-01-03 14:44 -------- d-----w- c:\programdata\HitmanPro
2014-01-03 09:00 . 2014-01-03 09:00 -------- d-----w- c:\program files (x86)\dumps
2014-01-03 08:59 . 2014-01-04 16:32 -------- d-----w- c:\program files (x86)\Common Files\Steam
2014-01-03 08:51 . 2014-01-03 08:51 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-01-03 08:51 . 2014-01-03 08:50 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-03 08:51 . 2014-01-03 08:50 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-03 08:51 . 2014-01-03 08:50 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-03 08:51 . 2014-01-03 08:50 422216 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-03 08:51 . 2014-01-03 08:50 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-03 08:50 . 2014-01-03 08:50 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-01-03 08:50 . 2014-01-03 08:50 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-03 08:50 . 2014-01-03 08:50 43152 ----a-w- c:\windows\avastSS.scr
2014-01-03 08:50 . 2014-01-03 08:50 -------- d-----w- c:\program files\AVAST Software
2014-01-03 08:49 . 2014-01-03 08:49 -------- d-----w- c:\program files (x86)\Opera
2014-01-03 08:48 . 2014-01-03 08:49 -------- d-----w- c:\programdata\AVAST Software
2014-01-03 08:47 . 2014-01-03 08:47 -------- d-----w- c:\program files (x86)\PANDORA.TV
2014-01-03 08:47 . 2014-01-03 08:47 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2014-01-03 08:46 . 2014-01-03 08:47 -------- d-----w- c:\program files (x86)\The KMPlayer
2014-01-03 08:46 . 2014-01-03 08:46 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2014-01-03 08:46 . 2014-01-03 08:46 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2014-01-03 08:43 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2014-01-03 08:37 . 2014-01-03 08:38 8537680 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2014-01-03 08:33 . 2014-01-03 08:33 -------- d-----w- c:\programdata\Malwarebytes
2014-01-03 08:33 . 2014-01-03 08:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-01-03 08:33 . 2013-04-04 11:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-03 08:32 . 2014-01-03 08:34 -------- d-----w- c:\program files (x86)\Google
2014-01-03 08:30 . 2014-01-03 08:30 -------- d-----w- c:\program files (x86)\Dell Digital Delivery
2014-01-03 08:22 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2014-01-03 08:22 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2014-01-03 08:22 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2014-01-03 08:22 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2014-01-03 08:17 . 2012-06-02 12:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2014-01-03 08:17 . 2012-06-02 12:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-01-03 08:16 . 2014-01-03 08:26 -------- d-----w- c:\users\Leong
2013-12-13 11:03 . 2014-01-05 15:47 -------- d-----w- c:\program files (x86)\Steam
2013-12-13 11:03 . 2014-01-03 08:47 -------- d-----w- c:\program files (x86)\Real
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-03 09:59 . 2012-09-14 10:36 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-03 09:59 . 2012-09-14 10:36 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-03 08:19 . 2010-06-24 16:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-11-26 09:25 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-12-11 1823656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2012-03-06 577024]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2011-08-04 4165440]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-09-03 40312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2014-01-03 295512]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-03 3764024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0251651388853532mcinstcleanup;McAfee Application Installer Cleanup (0251651388853532);c:\windows\TEMP\025165~1.EXE;c:\windows\TEMP\025165~1.EXE [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
R3 SmbDrvAMDASF;SmbDrvAMDASF;c:\windows\system32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 irstrtsv;Intel(R) Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe;c:\windows\SysWOW64\irstrtsv.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\KMPService.exe;c:\program files (x86)\PANDORA.TV\PanService\KMPService.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 hswpan;WPAN Driver;c:\windows\system32\DRIVERS\hswpan.sys;c:\windows\SYSNATIVE\DRIVERS\hswpan.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 irstrtdv;Intel(R) Rapid Start Technology Driver;c:\windows\system32\DRIVERS\irstrtdv.sys;c:\windows\SYSNATIVE\DRIVERS\irstrtdv.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvIntel;SmbDrvIntel;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_ACCEL.sys;c:\windows\SYSNATIVE\DRIVERS\ST_ACCEL.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 12557228
*Deregistered* - 12557228
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-03 08:34 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-14 09:59]
.
2014-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-03 08:32]
.
2014-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-03 08:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-03 08:50 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-03-30 6469736]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-09 1158248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-06-12 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-06-12 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-06-12 440128]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-03-15 178960]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-03-27 11407120]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=ae&l=ar&s=gen
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 172.20.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-05 19:37:00
ComboFix-quarantined-files.txt 2014-01-05 16:37
.
Pre-Run: 421,145,587,712 bytes free
Post-Run: 421,392,265,216 bytes free
.
- - End Of File - - C9CF4B42BD1838A708EE051BC47E2187

 

[Broni]

Looks good.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[JamesPCNoob]

Broni, Thank you for the help. Here's the Adwcleaner log

# AdwCleaner v3.016 - Report created 05/01/2014 at 23:51:56
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Leong - LEONG-PC
# Running from : C:\Users\Leong\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_steam_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_steam_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16447


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Leong\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1151 octets] - [05/01/2014 23:50:50]
AdwCleaner[S0].txt - [1082 octets] - [05/01/2014 23:51:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1142 octets] ##########

 

[JamesPCNoob]

JRT Log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Home Premium x64
Ran by Leong on Mon 06/01/2014 at 0:02:20.52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 06/01/2014 at 0:10:10.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[JamesPCNoob]

OTL.txt 1/2

OTL logfile created on: 6/1/2014 12:11:37 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Leong\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

7.89 Gb Total Physical Memory | 6.04 Gb Available Physical Memory | 76.61% Memory free
15.77 Gb Paging File | 13.68 Gb Available in Paging File | 86.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.47 Gb Total Space | 392.22 Gb Free Space | 87.65% Space Free | Partition Type: NTFS

Computer Name: LEONG-PC | User Name: Leong | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/06 00:02:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Leong\Downloads\OTL.exe
PRC - [2014/01/03 11:50:42 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/01/03 11:50:42 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/01/03 11:46:24 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/11/12 10:04:20 | 000,196,616 | ---- | M] (Dell Products, LP.) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
PRC - [2013/09/03 06:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/08/14 15:19:22 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/07/23 02:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE
PRC - [2013/07/23 02:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE
PRC - [2013/07/08 10:42:48 | 001,922,600 | ---- | M] (Pandora.TV) -- C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe
PRC - [2013/07/08 10:42:38 | 001,798,696 | ---- | M] (PandoraTV) -- C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/05/17 02:57:12 | 000,701,952 | ---- | M] (Intel) -- C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
PRC - [2012/05/17 02:57:10 | 000,193,536 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SysWOW64\irstrtsv.exe
PRC - [2012/03/27 16:02:04 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012/03/27 16:01:56 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012/03/07 01:28:30 | 000,577,024 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2012/02/27 12:01:58 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/02/25 17:44:54 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/02/16 20:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2012/02/02 00:44:12 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/02/02 00:44:12 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/02/02 00:43:56 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/01/28 00:30:16 | 000,465,216 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2012/01/27 05:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2012/01/27 05:47:36 | 004,293,952 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/11/30 04:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/11/30 04:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/03 13:59:48 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\613ca3fba5bbcf6e9346170c9c2e4e65\System.WorkflowServices.ni.dll
MOD - [2014/01/03 13:58:58 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\01a1449b79d76e7cf39438cdd55cefbf\System.ServiceModel.Web.ni.dll
MOD - [2014/01/03 13:58:51 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\88f32d62a8df469e8b9f12a8d3093627\System.Xml.Linq.ni.dll
MOD - [2014/01/03 13:57:01 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
MOD - [2014/01/03 13:56:05 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\2c2215e99c21daeec6bf697cf7bcf103\CustomMarshalers.ni.dll
MOD - [2014/01/03 13:56:01 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\92422bb40324d57ccd11c1cd9d50d8cf\System.IdentityModel.ni.dll
MOD - [2014/01/03 13:56:00 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\76692f411b404f1db0c95d81dd537c37\System.Runtime.Serialization.ni.dll
MOD - [2014/01/03 13:55:57 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6294f61f25c953212b92b7e13a0fd9c1\SMDiagnostics.ni.dll
MOD - [2014/01/03 13:55:55 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\64ef7169e1266b6a98131b82bddd234b\System.ServiceModel.ni.dll
MOD - [2014/01/03 11:50:44 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2012/09/14 15:08:38 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2012/09/14 14:06:09 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\05952a05bfe288195ee43bb8c7f99e5b\IAStorUtil.ni.dll
MOD - [2012/09/14 14:06:09 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\f172030132db9ec55c1f3ced218f6d6c\IAStorCommon.ni.dll
MOD - [2012/09/14 13:47:49 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2012/09/14 13:47:42 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
MOD - [2012/09/14 13:47:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2012/09/14 13:47:31 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2012/09/14 13:47:22 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2012/09/14 13:47:17 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2012/09/14 13:47:14 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2012/09/14 13:47:12 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2012/09/14 13:47:11 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2012/09/14 13:38:38 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2012/09/14 13:38:35 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2012/01/27 05:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2010/11/21 06:24:01 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/01/03 11:50:42 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/03/29 15:57:36 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/03/29 15:57:24 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012/03/29 15:57:14 | 000,626,960 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/03/29 15:57:10 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/01/18 00:12:28 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012/01/11 05:01:52 | 000,627,936 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2012/01/09 20:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/05/19 00:31:14 | 000,199,272 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2010/09/23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/01/03 12:59:45 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/11 22:40:36 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/11/12 10:04:20 | 000,196,616 | ---- | M] (Dell Products, LP.) [Auto | Running] -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)
SRV - [2013/09/03 06:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/08/14 15:19:22 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/07/23 02:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/07/23 02:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/07/08 10:42:48 | 001,922,600 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe -- (PanService)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/06/12 14:28:10 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/05/17 02:57:10 | 000,193,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\SysWOW64\irstrtsv.exe -- (irstrtsv)
SRV - [2012/03/27 16:02:04 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012/03/27 16:02:02 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2012/03/27 16:01:56 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012/03/16 13:06:04 | 002,439,272 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012/02/29 16:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/26 09:27:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/25 17:44:54 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/02/16 20:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2012/02/02 00:44:12 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/02/02 00:44:12 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/02 00:43:56 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011/11/30 04:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/08/26 04:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/19 00:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/01/05 00:09:52 | 000,089,304 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2014/01/03 11:51:57 | 000,079,672 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/01/03 11:50:47 | 001,034,464 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/01/03 11:50:47 | 000,422,216 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/01/03 11:50:47 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/01/03 11:50:47 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/01/03 11:50:47 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/01/03 11:50:46 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/09/14 14:54:02 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/09/14 14:53:55 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/09/14 14:53:55 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/11 00:32:02 | 000,425,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/07/11 00:32:00 | 000,024,888 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvIntel)
DRV:64bit: - [2012/07/11 00:32:00 | 000,024,888 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\Smb_driver_AMDASF.sys -- (SmbDrvAMDASF)
DRV:64bit: - [2012/06/07 22:49:08 | 014,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/05/17 02:57:08 | 000,026,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\irstrtdv.sys -- (irstrtdv)
DRV:64bit: - [2012/03/21 19:13:14 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV:64bit: - [2012/03/16 13:06:06 | 000,340,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2012/03/13 01:06:46 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/02/29 01:59:50 | 000,034,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2012/02/29 01:59:50 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2012/02/27 12:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/02/27 12:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/02/27 12:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/02/26 10:42:26 | 000,398,144 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2012/02/26 09:27:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012/02/13 17:10:40 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2012/02/13 16:53:54 | 000,095,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2012/02/02 00:43:56 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/01/27 18:00:28 | 000,109,056 | ---- | M] (Ozmo Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\hswpan.sys -- (hswpan)
DRV:64bit: - [2012/01/09 20:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012/01/09 20:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012/01/04 02:04:52 | 000,067,184 | ---- | M] (STMicroelectronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\ST_ACCEL.sys -- (ST_ACCEL)
DRV:64bit: - [2011/12/07 05:23:10 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/30 05:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/09/30 04:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/07/16 07:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2011/06/16 22:40:20 | 000,176,000 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/11/21 06:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 06:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 06:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 06:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9F38D98D-E04A-45E5-A41C-08EC61AFAEE9}
IE:64bit: - HKLM\..\SearchScopes\{9F38D98D-E04A-45E5-A41C-08EC61AFAEE9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9F38D98D-E04A-45E5-A41C-08EC61AFAEE9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-994249627-1979807694-3722736761-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=ae&l=ar&s=gen
IE - HKU\S-1-5-21-994249627-1979807694-3722736761-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-994249627-1979807694-3722736761-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/01/03 11:48:06 | 000,000,000 | ---D | M]

 

[JamesPCNoob]

OTL.txt 2/2

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = C:\Users\Leong\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: avast! Online Security = C:\Users\Leong\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2011.70_0\
CHR - Extension: RealDownloader = C:\Users\Leong\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: Google Wallet = C:\Users\Leong\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Leong\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/11 00:00:26 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-21-994249627-1979807694-3722736761-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-994249627-1979807694-3722736761-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-994249627-1979807694-3722736761-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.20.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0078F24E-9339-444C-9997-6AAABD586D9A}: DhcpNameServer = 172.20.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DCD3E1F-BCA1-4352-936B-0E238B228057}: DhcpNameServer = 172.20.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/06 00:02:13 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/05 23:50:47 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/05 19:37:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/01/05 19:37:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/01/05 19:27:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/01/05 19:27:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/01/05 19:27:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/01/05 19:27:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/05 19:27:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/01/05 00:09:52 | 000,089,304 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/05 00:08:11 | 000,000,000 | ---D | C] -- C:\Users\Leong\Desktop\mbar
[2014/01/05 00:00:20 | 000,425,272 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys.bak
[2014/01/05 00:00:19 | 000,067,184 | ---- | C] (STMicroelectronics) -- C:\Windows\SysNative\drivers\ST_ACCEL.sys.bak
[2014/01/05 00:00:17 | 000,022,128 | ---- | C] (ST Microelectronics) -- C:\Windows\SysNative\drivers\stdcfltn.sys.bak
[2014/01/05 00:00:14 | 000,024,888 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys.bak
[2014/01/05 00:00:13 | 000,024,888 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys.bak
[2014/01/05 00:00:04 | 000,646,248 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys.bak
[2014/01/04 23:59:11 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys.bak
[2014/01/04 23:59:10 | 000,065,600 | ---- | C] (LSI Corporation) -- C:\Windows\SysNative\drivers\lsi_sas2.sys.bak
[2014/01/04 23:58:46 | 000,109,056 | ---- | C] (Ozmo Inc) -- C:\Windows\SysNative\drivers\hswpan.sys.bak
[2014/01/04 23:58:40 | 000,031,232 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir.sys.bak
[2014/01/04 23:57:56 | 000,195,584 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\AmpPal.sys.bak
[2014/01/04 23:57:55 | 000,194,128 | ---- | C] (AMD Technologies Inc.) -- C:\Windows\SysNative\drivers\amdsbs.sys.bak
[2014/01/04 23:56:23 | 000,000,000 | ---D | C] -- C:\Users\Leong\Desktop\RK_Quarantine
[2014/01/03 22:01:39 | 000,000,000 | ---D | C] -- C:\Emergency
[2014/01/03 21:17:53 | 000,000,000 | ---D | C] -- C:\Windows\SMINST
[2014/01/03 19:11:16 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2014/01/03 17:27:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
[2014/01/03 17:27:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HD Tune
[2014/01/03 17:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014/01/03 17:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/01/03 15:19:14 | 000,000,000 | ---D | C] -- C:\Users\Leong\AppData\Local\ElevatedDiagnostics
[2014/01/03 12:20:36 | 000,000,000 | ---D | C] -- C:\Users\Leong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2014/01/03 12:12:38 | 000,000,000 | ---D | C] -- C:\Users\Leong\AppData\Local\Adobe
[2014/01/03 12:08:36 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2014/01/03 12:00:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dumps
[2014/01/03 11:59:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2014/01/03 11:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2014/01/03 11:52:08 | 000,000,000 | ---D | C] -- C:\Users\Leong\AppData\Roaming\AVAST Software
[2014/01/03 11:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/01/03 11:51:14 | 000,079,672 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/01/03 11:51:09 | 001,034,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/01/03 11:51:06 | 000,422,216 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/01/03 11:51:01 | 000,078,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/01/03 11:50:59 | 000,092,544 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/01/03 11:50:57 | 000,334,136 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/01/03 11:50:45 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/01/03 11:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/01/03 11:49:23 | 000,000,000 | ---D | C] -- C:\Users\Leong\AppData\Local\Opera Software
[2014/01/03 11:49:22 | 000,000,000 | ---D | C] -- C:\Users\Leong\AppData\Roaming\Opera Software
[2014/01/03 11:49:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2014/01/03 11:49:00 | 000,000,000 | ---D | C] -- C:\Users\Leong\AppData\Roaming\RealNetworks
[2014/01/03 11:48:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/01/03 11:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PANDORATV
[2014/01/03 11:48:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2014/01/03 11:47:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PANDORA.TV
[2014/01/03 11:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2014/01/03 11:47:25 | 000,000,000 | ---D | C] -- C:\Users\Leong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
[2014/01/03 11:47:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2014/01/03 11:46:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The KMPlayer
[2014/01/03 11:46:27 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2014/01/03 11:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2014/01/03 11:45:40 | 000,000,000 | ---D | C] -- C:\Users\Leong\AppData\Roaming\Real
[2014/01/03 11:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2014/01/03 11:35:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/01/03 11:33:38 | 000,000,000 | ---D | C] -- C:\Users\Leong\AppData\Roaming\Malwarebytes
[2014/01/03 11:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/03 11:33:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/01/03 11:33:17 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/01/03 11:33:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/01/03 11:32:58 | 000,000,000 | ---D | C] -- C:\Users\Leong\AppData\Local\Programs
[2014/01/03 11:32:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/01/03 11:32:30 | 000,000,000 | ---D | C] -- C:\Users\Leong\AppData\Local\Google
[2014/01/03 11:31:53 | 000,000,000 | ---D | C] -- C:\Users\Leong\AppData\Local\Apps
[2014/01/03 11:31:51 | 000,000,000 | ---D | C] -- C:\Users\Leong\AppData\Local\Deployment
[2014/01/03 11:30:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Digital Delivery
[2014/01/03 11:29:10 | 000,000,000 | ---D | C] -- C:\Users\Leong\AppData\Roaming\Macromedia
[2014/01/03 11:29:03 | 000,000,000 | ---D | C] -- C:\Users\Leong\AppData\Roaming\Adobe
[2014/01/03 11:27:27 | 000,000,000 | ---D | C] -- C:\Users\Leong\AppData\Roaming\Creative
[2014/01/03 11:27:25 | 000,000,000 | ---D | C] -- C:\Users\Leong\AppData\Roaming\Intel Corporation
[2014/01/03 11:27:23 | 000,000,000 | ---D | C] -- C:\Users\Leong\AppData\Roaming\Leadertech
[2014/01/03 11:26:53 | 000,000,000 | R--D | C] -- C:\Users\Leong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/01/03 11:26:53 | 000,000,000 | R--D | C] -- C:\Users\Leong\Searches
[2014/01/03 11:26:53 | 000,000,000 | R--D | C] -- C:\Users\Leong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/01/03 11:26:52 | 000,000,000 | -H-D | C] -- C:\Users\Leong\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/01/03 11:26:35 | 000,000,000 | ---D | C] -- C:\Users\Leong\AppData\Roaming\Identities
[2014/01/03 11:26:29 | 000,000,000 | R--D | C] -- C:\Users\Leong\Contacts
[2014/01/03 11:26:24 | 000,000,000 | ---D | C] -- C:\Users\Leong\AppData\Local\VirtualStore
[2014/01/03 11:23:01 | 000,000,000 | ---D | C] -- C:\Users\Leong\AppData\Local\Absolute_Software
[2014/01/03 11:17:53 | 000,000,000 | ---D | C] -- C:\Users\Leong\AppData\Roaming\Intel
[2014/01/03 11:17:07 | 000,000,000 | -HSD | C] -- C:\Users\Leong\AppData\Local\Temporary Internet Files
[2014/01/03 11:17:07 | 000,000,000 | -HSD | C] -- C:\Users\Leong\Templates
[2014/01/03 11:17:07 | 000,000,000 | -HSD | C] -- C:\Users\Leong\Start Menu
[2014/01/03 11:17:07 | 000,000,000 | -HSD | C] -- C:\Users\Leong\SendTo
[2014/01/03 11:17:07 | 000,000,000 | -HSD | C] -- C:\Users\Leong\Recent
[2014/01/03 11:17:07 | 000,000,000 | -HSD | C] -- C:\Users\Leong\PrintHood
[2014/01/03 11:17:07 | 000,000,000 | -HSD | C] -- C:\Users\Leong\NetHood
[2014/01/03 11:17:07 | 000,000,000 | -HSD | C] -- C:\Users\Leong\Documents\My Videos
[2014/01/03 11:17:07 | 000,000,000 | -HSD | C] -- C:\Users\Leong\Documents\My Pictures
[2014/01/03 11:17:07 | 000,000,000 | -HSD | C] -- C:\Users\Leong\Documents\My Music
[2014/01/03 11:17:07 | 000,000,000 | -HSD | C] -- C:\Users\Leong\My Documents
[2014/01/03 11:17:07 | 000,000,000 | -HSD | C] -- C:\Users\Leong\Local Settings
[2014/01/03 11:17:07 | 000,000,000 | -HSD | C] -- C:\Users\Leong\AppData\Local\History
[2014/01/03 11:17:07 | 000,000,000 | -HSD | C] -- C:\Users\Leong\Cookies
[2014/01/03 11:17:07 | 000,000,000 | -HSD | C] -- C:\Users\Leong\Application Data
[2014/01/03 11:17:07 | 000,000,000 | -HSD | C] -- C:\Users\Leong\AppData\Local\Application Data
[2014/01/03 11:16:58 | 000,000,000 | --SD | C] -- C:\Users\Leong\AppData\Roaming\Microsoft
[2014/01/03 11:16:58 | 000,000,000 | R--D | C] -- C:\Users\Leong\Videos
[2014/01/03 11:16:58 | 000,000,000 | R--D | C] -- C:\Users\Leong\Saved Games
[2014/01/03 11:16:58 | 000,000,000 | R--D | C] -- C:\Users\Leong\Pictures
[2014/01/03 11:16:58 | 000,000,000 | R--D | C] -- C:\Users\Leong\Music
[2014/01/03 11:16:58 | 000,000,000 | R--D | C] -- C:\Users\Leong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/01/03 11:16:58 | 000,000,000 | R--D | C] -- C:\Users\Leong\Links
[2014/01/03 11:16:58 | 000,000,000 | R--D | C] -- C:\Users\Leong\Favorites
[2014/01/03 11:16:58 | 000,000,000 | R--D | C] -- C:\Users\Leong\Downloads
[2014/01/03 11:16:58 | 000,000,000 | R--D | C] -- C:\Users\Leong\Documents
[2014/01/03 11:16:58 | 000,000,000 | R--D | C] -- C:\Users\Leong\Desktop
[2014/01/03 11:16:58 | 000,000,000 | R--D | C] -- C:\Users\Leong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/01/03 11:16:58 | 000,000,000 | -H-D | C] -- C:\Users\Leong\AppData
[2014/01/03 11:16:58 | 000,000,000 | ---D | C] -- C:\Users\Leong\AppData\Local\Temp
[2014/01/03 11:16:58 | 000,000,000 | ---D | C] -- C:\Users\Leong\AppData\Local\SoftThinks
[2014/01/03 11:16:58 | 000,000,000 | ---D | C] -- C:\Users\Leong\Roaming
[2014/01/03 11:16:58 | 000,000,000 | ---D | C] -- C:\Users\Leong\AppData\Local\Microsoft
[2014/01/03 11:16:58 | 000,000,000 | ---D | C] -- C:\Users\Leong\AppData\Roaming\Media Center Programs
[2013/12/13 14:03:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013/12/13 14:03:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real

========== Files - Modified Within 30 Days ==========

[2014/01/06 00:04:37 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/06 00:04:37 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/05 23:57:17 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/05 23:56:58 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/05 23:55:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/05 23:54:54 | 2054,926,335 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/05 22:56:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/05 02:06:54 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Leong\Desktop\TDSSKiller.exe
[2014/01/05 00:09:52 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/05 00:00:20 | 000,425,272 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys.bak
[2014/01/05 00:00:19 | 000,067,184 | ---- | M] (STMicroelectronics) -- C:\Windows\SysNative\drivers\ST_ACCEL.sys.bak
[2014/01/05 00:00:17 | 000,022,128 | ---- | M] (ST Microelectronics) -- C:\Windows\SysNative\drivers\stdcfltn.sys.bak
[2014/01/05 00:00:14 | 000,024,888 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys.bak
[2014/01/05 00:00:14 | 000,024,888 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys.bak
[2014/01/05 00:00:04 | 000,646,248 | ---- | M] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys.bak
[2014/01/04 23:59:12 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys.bak
[2014/01/04 23:59:10 | 000,065,600 | ---- | M] (LSI Corporation) -- C:\Windows\SysNative\drivers\lsi_sas2.sys.bak
[2014/01/04 23:58:52 | 014,760,096 | ---- | M] () -- C:\Windows\SysNative\drivers\igdkmd64.sys.bak
[2014/01/04 23:58:47 | 000,109,056 | ---- | M] (Ozmo Inc) -- C:\Windows\SysNative\drivers\hswpan.sys.bak
[2014/01/04 23:58:40 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir.sys.bak
[2014/01/04 23:57:57 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\AmpPal.sys.bak
[2014/01/04 23:57:55 | 000,194,128 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\SysNative\drivers\amdsbs.sys.bak
[2014/01/04 19:34:18 | 000,007,460 | ---- | M] () -- C:\Users\Leong\AppData\Roaming\AbsoluteReminder.xml
[2014/01/03 19:11:20 | 000,003,344 | ---- | M] () -- C:\bootsqm.dat
[2014/01/03 18:15:10 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2014/01/03 18:15:10 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2014/01/03 16:55:27 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2014/01/03 12:41:59 | 000,778,278 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/03 12:41:59 | 000,647,420 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/03 12:41:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/03 11:51:57 | 000,079,672 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/01/03 11:50:47 | 001,034,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/01/03 11:50:47 | 000,422,216 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/01/03 11:50:47 | 000,334,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/01/03 11:50:47 | 000,207,904 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/01/03 11:50:47 | 000,078,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/01/03 11:50:47 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/01/03 11:50:46 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/01/03 11:50:45 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/01/03 11:46:27 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2014/01/03 11:36:04 | 000,002,281 | ---- | M] () -- C:\Users\Leong\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/03 11:27:56 | 000,001,439 | ---- | M] () -- C:\Users\Leong\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

========== Files Created - No Company Name ==========

[2014/01/05 19:27:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/01/05 19:27:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/01/05 19:27:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/01/05 19:27:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/01/05 19:27:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/01/04 23:58:51 | 014,760,096 | ---- | C] () -- C:\Windows\SysNative\drivers\igdkmd64.sys.bak
[2014/01/03 19:11:20 | 000,003,344 | ---- | C] () -- C:\bootsqm.dat
[2014/01/03 18:11:45 | 2054,926,335 | -HS- | C] () -- C:\hiberfil.sys
[2014/01/03 16:55:27 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2014/01/03 11:51:11 | 000,207,904 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/01/03 11:51:10 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/01/03 11:49:15 | 000,001,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2014/01/03 11:35:41 | 000,002,281 | ---- | C] () -- C:\Users\Leong\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/03 11:33:12 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/03 11:33:06 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/03 11:27:55 | 000,001,439 | ---- | C] () -- C:\Users\Leong\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/01/03 11:27:02 | 000,001,411 | ---- | C] () -- C:\Users\Leong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2014/01/03 11:26:55 | 000,001,445 | ---- | C] () -- C:\Users\Leong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/01/03 11:23:00 | 000,007,460 | ---- | C] () -- C:\Users\Leong\AppData\Roaming\AbsoluteReminder.xml
[2014/01/03 11:19:32 | 000,001,975 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2014/01/03 11:16:58 | 000,000,290 | ---- | C] () -- C:\Users\Leong\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/01/03 11:16:58 | 000,000,272 | ---- | C] () -- C:\Users\Leong\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/09/14 14:38:51 | 000,755,572 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012/09/14 14:38:49 | 000,559,972 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012/09/14 14:38:45 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/09/14 14:38:43 | 013,026,816 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012/02/25 17:45:12 | 000,417,600 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/01/11 04:39:16 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/14 07:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\shell32.dll -- [2012/09/14 14:54:03 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/09/14 14:54:03 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009/07/14 04:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 06:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009/07/14 04:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/01/03 11:52:08 | 000,000,000 | ---D | M] -- C:\Users\Leong\AppData\Roaming\AVAST Software
[2014/01/03 11:27:25 | 000,000,000 | ---D | M] -- C:\Users\Leong\AppData\Roaming\Leadertech
[2014/01/03 11:49:22 | 000,000,000 | ---D | M] -- C:\Users\Leong\AppData\Roaming\Opera Software

========== Purity Check ==========



< End of report >

 

[JamesPCNoob]

Extras.txt

OTL Extras logfile created on: 6/1/2014 12:11:37 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Leong\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

7.89 Gb Total Physical Memory | 6.04 Gb Available Physical Memory | 76.61% Memory free
15.77 Gb Paging File | 13.68 Gb Available in Paging File | 86.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.47 Gb Total Space | 392.22 Gb Free Space | 87.65% Space Free | Partition Type: NTFS

Computer Name: LEONG-PC | User Name: Leong | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)

[HKEY_USERS\S-1-5-21-994249627-1979807694-3722736761-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{095AEDF8-DBA8-4C74-9EAA-6D3C62A8C1F3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{097A8A2E-2419-414E-B06C-416A1F9536C8}" = rport=139 | protocol=6 | dir=out | app=system |
"{1F36E9AE-0933-4BC2-AFD5-9F3F30D8F12F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1FCB05B1-7C8A-4D10-AB5D-CCB9DB243920}" = rport=138 | protocol=17 | dir=out | app=system |
"{4D9DCE2B-DA7D-4B9C-9958-96B47BA164C5}" = rport=445 | protocol=6 | dir=out | app=system |
"{50BA1F1E-DD34-443B-81BD-E7B35488223B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{583AF363-8BBD-417F-A47D-4DE276127523}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6FC57B53-160E-44C5-8B79-FE587B4F763B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{70473B4C-7D03-4AF9-9449-0A4609E564DC}" = lport=445 | protocol=6 | dir=in | app=system |
"{71B6FE0F-FEAD-47DF-8C9E-48A8C86CB135}" = lport=139 | protocol=6 | dir=in | app=system |
"{71C18FDF-1DEA-41F1-A811-CFE08AA53DC5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7992880A-76FF-4F49-82C2-BEA4B4B90276}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{873599FB-C3C6-49D3-9554-F6F728366A28}" = lport=138 | protocol=17 | dir=in | app=system |
"{B5B56606-4989-445D-84A7-821F38897624}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C4CAF2EF-24F5-4C6C-BF00-B2D9D68F9236}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CC103FE2-26C0-4069-B469-0BA1B77DCB6C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D46680E8-26DB-4290-A62A-1BA64C7598BF}" = lport=137 | protocol=17 | dir=in | app=system |
"{E04B4B29-55E2-487F-9A84-AFDD47D498EA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F2F8B13A-BB0F-42CD-8A25-0925C4D75C7C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F4720CD1-F00C-4C33-8905-CFD668C5FFF0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F944F007-7AD1-4BA8-BA6F-A62A8A2ECA37}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FA2E4813-B6B6-4F8E-B769-34A4229DACD8}" = rport=137 | protocol=17 | dir=out | app=system |
"{FCEC77F7-CBEE-495F-B920-D99C1F6A7AC2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14618AE2-3C11-4222-8119-F0E2DEC390DF}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\kmpprocess.exe |
"{20281473-5A9F-4E05-A575-D576D057C8FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{28815960-856A-407B-BACD-608CEB8F2A58}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\kmpprocess.exe |
"{2B21A1A0-DC66-47F4-8DA7-1E10941AF59D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{304CEA83-BF25-4610-91C9-57566629B50B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{422E9C2F-D182-499E-B259-7659C49CDCE2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{50BB91AC-6187-4D81-B6F8-312A1CDE1EE3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{51A5A08E-0DF4-47CF-91CF-9BDC6CA3FE0F}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{55E00620-243B-45AD-8B2E-5A1569183386}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{575E2D42-D03D-43E3-AADC-CBB635390B12}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{57FFE9F9-17E8-402D-A42F-A38074932D93}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{5CA53611-DF85-4698-A583-79FFE6B58A5B}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe |
"{64906644-25BC-44A4-A4D2-BB2A25179AFF}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{65966D44-B8E3-4B8D-AEC1-D4EDE089AE72}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{668BB75D-8AE3-4E72-997C-F8AA8D74C7F2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{6C9BAA9A-4BCC-4B64-A70A-BD91F70397BD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7042D449-5650-4800-82AD-C3E7B7A45487}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{7459966B-2A28-49F2-B34F-7AC42CF5C5D1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{75335DC1-12B2-4163-A379-397769E71DA6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{81F67035-71B6-4EB0-8B58-3D91660119DF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8C5556AE-05AB-4CEA-8E84-03F5312A7A88}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{966641D4-2BE6-42CB-BE47-3FB2DB6F01D7}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\kmpprocess.exe |
"{97CFBD49-9074-4DAA-966F-E1FEE301D1EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{98A8999E-FC1A-4264-A605-4D18ED8A38FA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{996880AC-362E-4410-91DF-B42D0FAA1E22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A82191B2-DBEC-4744-8632-010E828AD551}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{ADBEF985-5565-4CF3-9C3C-27CBA0252559}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AEBADA42-4A63-412B-944B-67E035492E5E}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\kmpprocess.exe |
"{AFFC363E-187B-46BF-8A8B-3D2FD7714F26}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B7C9D993-4D7F-4B19-BBAD-F5B3C5B93254}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{C3E08024-E23B-4F98-BB4C-1750180DF3BE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{C92AB851-54C6-4A57-8A90-53CC8E7E07A4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{CC3E1C76-5FE1-49BB-870B-D7E7C85278DF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CDE85DE1-1575-4B9C-A35A-53A0FCF31DFD}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{D63AEE6E-3685-41BB-AC37-91BD6271B36A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{DB2C227B-2C26-4B05-B803-56BA4AAD7312}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DC5958E2-CA02-44C4-A439-0E74ADEBA0C1}" = protocol=6 | dir=out | app=system |
"{F949F408-EB5D-42FB-A2C0-2C1DF105A1C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{FDC49B58-1BB6-4A59-A1B7-078ED9E7CE13}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{37EC048A-81A2-452A-8D1F-3BE2018E767D}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{4169B8AC-D144-4E38-A9CA-637EA44129ED}" = Intel(R) Wireless Music device driver
"{4E4282C3-F66E-4852-837A-7675527178C2}" = Intel(R) WiDi
"{538B98C3-773F-4F20-9C66-802D104DCBE2}" = Intel® Trusted Connect Service Client
"{54EB8041-1115-4406-AA4B-44D236E84B3B}" = Intel® PROSet/Wireless WiFi Software
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.01
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.01
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.01
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Dell Support Center" = Dell Support Center
"HitmanPro37" = HitmanPro 3.7
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Dell Touchpad

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A0F2CC5-3065-492C-8380-B03AA7106B1A}" = Dell Product Registration
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40F4FF7A-B214-4453-B973-080B09CED019}" = Absolute Reminder
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}" = ST Microelectronics 3 Axis Digital Accelerometer Solution
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.8) MUI
"{B96348BD-6B0D-42E3-80B1-FA6718067BFE}" = Dell Digital Delivery
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D322A9E3-758B-4D60-A7C4-65C88FD378D0}" = Bing Bar
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel(R) Rapid Start Technology
"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = KMP Service
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avast" = avast! Free Antivirus
"Dell Webcam Central" = Dell Webcam Central
"Google Chrome" = Google Chrome
"HD Tune_is1" = HD Tune 2.55
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 18.0.1284.68" = Opera Stable 18.0.1284.68
"RealPlayer 16.0" = RealPlayer
"Steam App 570" = Dota 2
"The KMPlayer" = The KMPlayer (remove only)
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-994249627-1979807694-3722736761-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ System Events ]
Error - 5/1/2014 5:12:38 PM | Computer Name = Leong-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 5/1/2014 5:12:38 PM | Computer Name = Leong-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 5/1/2014 5:12:38 PM | Computer Name = Leong-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 5/1/2014 5:13:09 PM | Computer Name = Leong-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 5/1/2014 5:13:09 PM | Computer Name = Leong-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 5/1/2014 5:13:09 PM | Computer Name = Leong-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.


< End of report >

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.


:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Click on "Run ESET Online Scanner" button.
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[JamesPCNoob]

Hi. This is the OTL log

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Leong
->Temp folder emptied: 2219814 bytes
->Temporary Internet Files folder emptied: 1120845 bytes
->Google Chrome cache emptied: 385441883 bytes
->Flash cache emptied: 3311 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7075708 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 11287119 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 388.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Leong

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Leong
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01062014_213142

Files\Folders moved on Reboot...
C:\Users\Leong\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

[JamesPCNoob]

This is from SecurityCheck

Results of screen317's Security Check version 0.99.78
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Adobe Flash Player 11.9.900.170
Adobe Reader 10.1.8 Adobe Reader out of Date!
Google Chrome 31.0.1650.63
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

 

[JamesPCNoob]

Farbar Service Scanner:

Farbar Service Scanner Version: 05-12-2013
Ran by Leong (administrator) on 06-01-2014 at 21:54:43
Running from "C:\Users\Leong\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****