OTL logfile created on: 8/19/2013 11:35:28 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zewolfe\Desktop\_SPECIAL_PROJECTS_\Security Tools\_Malware tools and reports\Malware progs 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.86 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 34.08% Memory free 15.72 Gb Paging File | 10.41 Gb Available in Paging File | 66.23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 916.47 Gb Total Space | 454.31 Gb Free Space | 49.57% Space Free | Partition Type: NTFS Drive H: | 7.28 Gb Total Space | 0.01 Gb Free Space | 0.08% Space Free | Partition Type: NTFS Computer Name: BANDERET2 | User Name: Zewolfe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/08/19 11:24:01 | 001,564,672 | ---- | M] (Don HO don.h@free.fr) -- C:\Program Files (x86)\Notepad++\notepad++.exe PRC - [2013/08/17 08:44:26 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013/08/07 08:30:50 | 000,389,016 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe PRC - [2013/08/04 14:45:34 | 001,861,512 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe PRC - [2013/05/16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot\SDTray.exe PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot\SDUpdSvc.exe PRC - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot\SDFSSvc.exe PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/04/16 03:07:06 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe PRC - [2013/01/03 21:38:00 | 000,291,648 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012/10/05 14:57:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zewolfe\Desktop\_SPECIAL_PROJECTS_\Security Tools\_Malware tools and reports\Malware progs\OTL.exe PRC - [2012/09/01 18:07:22 | 000,285,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2012/09/01 18:07:22 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2012/07/17 14:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012/07/17 14:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012/06/25 10:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe PRC - [2012/03/28 06:49:11 | 000,140,456 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe PRC - [2012/02/16 11:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe PRC - [2012/02/09 09:24:58 | 003,074,624 | ---- | M] (ContentWatch, Inc.) -- C:\Program Files (x86)\ContentWatch\Internet Protection\cwsvc.exe PRC - [2012/02/09 09:24:58 | 000,676,416 | ---- | M] (ContentWatch, Inc.) -- C:\Program Files (x86)\ContentWatch\Internet Protection\cwtray.exe PRC - [2012/01/27 15:30:16 | 000,465,216 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe PRC - [2012/01/26 20:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe PRC - [2012/01/26 20:47:36 | 004,293,952 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013/08/19 05:36:57 | 001,075,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\852636470bd3fbaba6cff6230e90eaaa\System.ServiceModel.Web.ni.dll MOD - [2013/08/19 05:35:39 | 002,959,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\42906f66c63887b2f1b140eb1ea73919\System.IdentityModel.ni.dll MOD - [2013/08/19 05:35:36 | 019,537,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\44695c46bbf1cef284a210664a03043e\System.ServiceModel.ni.dll MOD - [2013/08/19 05:35:23 | 000,029,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\0d908b16e41ff0cbd3ddd6f6facd7817\IAStorDataMgrSvcInterfaces.ni.dll MOD - [2013/08/19 05:35:21 | 000,026,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\2f2b1bc379cd38841f05399944927d8f\IAStorCommon.ni.dll MOD - [2013/08/19 05:34:57 | 000,366,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\a3b23c37c111913b6fb7f9ca7b0195d9\IAStorUtil.ni.dll MOD - [2013/08/19 05:34:54 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\72227d58a04b80252053352dead3b9a3\System.ServiceModel.Internals.ni.dll MOD - [2013/08/19 05:34:54 | 000,121,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\176ea254700896ee68956986b947ea9b\SMDiagnostics.ni.dll MOD - [2013/08/19 05:34:53 | 002,786,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\a46953d62d9923cfd393cb102df2e6ad\System.Runtime.Serialization.ni.dll MOD - [2013/08/19 04:59:37 | 012,698,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\5f27b142c87d877c73ac245ab951a773\System.Windows.Forms.ni.dll MOD - [2013/08/19 04:59:37 | 007,566,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\82d58d49946f82eb56bae40f3b097784\System.Xml.ni.dll MOD - [2013/08/19 04:59:34 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a35e871c52b7a7aee64c969c02acfaa0\System.Core.ni.dll MOD - [2013/08/19 04:59:32 | 000,964,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2fd755147672c80dd4b13978933f8a3d\System.Configuration.ni.dll MOD - [2013/08/19 04:59:30 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\cceaf9d7891fc325a90473aa9a661661\System.Drawing.ni.dll MOD - [2013/08/19 04:59:28 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ac79b74f022d9a096de2b884f4249543\System.ni.dll MOD - [2013/08/19 04:59:23 | 016,547,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\bf2ecabcd96ec8238dc385b0a3ffa084\mscorlib.ni.dll MOD - [2013/08/17 08:44:26 | 003,551,640 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013/08/07 08:30:51 | 002,244,504 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll MOD - [2013/08/07 08:30:51 | 000,158,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll MOD - [2013/08/07 08:30:51 | 000,022,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll MOD - [2013/08/04 14:45:33 | 016,166,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll MOD - [2013/07/27 02:21:46 | 001,589,248 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\DSpellCheck.dll MOD - [2013/05/16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files (x86)\Spybot\snlFileFormats150.bpl MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot\snlThirdParty150.bpl MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot\DEC150.bpl MOD - [2013/04/21 21:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2013/04/21 21:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2013/02/06 09:56:17 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\ComparePlugin.dll MOD - [2012/01/26 20:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe MOD - [2011/11/22 11:16:48 | 000,081,920 | ---- | M] () -- C:\Windows\SysWOW64\wxcode_msw28u_wxjson_CW.dll MOD - [2011/11/22 11:16:38 | 001,216,512 | ---- | M] () -- C:\Windows\SysWOW64\wxcode_msw28u_wxcurl_CW.dll MOD - [2011/11/22 11:14:20 | 000,975,872 | ---- | M] () -- C:\Windows\SysWOW64\libxml2_CW.dll MOD - [2011/11/22 11:09:30 | 000,151,552 | ---- | M] () -- C:\Windows\SysWOW64\libexpat.dll MOD - [2011/11/22 10:51:56 | 002,916,352 | ---- | M] () -- C:\Windows\SysWOW64\wxmsw28u_core_vc_CW.dll MOD - [2011/11/22 10:51:56 | 001,236,992 | ---- | M] () -- C:\Windows\SysWOW64\wxbase28u_vc_CW.dll MOD - [2011/11/22 10:51:56 | 000,716,800 | ---- | M] () -- C:\Windows\SysWOW64\wxmsw28u_adv_vc_CW.dll MOD - [2011/11/22 10:51:56 | 000,499,712 | ---- | M] () -- C:\Windows\SysWOW64\wxmsw28u_html_vc_CW.dll MOD - [2011/11/22 10:51:56 | 000,135,168 | ---- | M] () -- C:\Windows\SysWOW64\wxbase28u_xml_vc_CW.dll MOD - [2011/09/21 14:46:28 | 001,673,728 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll MOD - [2011/07/18 15:07:28 | 000,014,336 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\NppExport.dll MOD - [2010/11/20 21:52:47 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\f0f10d0591d11a36ee2aa8ee2fbdb2bf\System.WorkflowServices.ni.dll MOD - [2010/11/20 21:52:31 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\4782a5d2bc7d86895faf404a3470aacb\System.ServiceModel.Web.ni.dll MOD - [2010/11/20 21:51:14 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\b4c60dd01be760ee0452df2c040de8fc\System.IdentityModel.ni.dll MOD - [2010/11/20 21:51:12 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e2642bff810609f64343e53dddb6b59c\System.ServiceModel.ni.dll MOD - [2010/11/20 21:49:37 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\4a984a9ad59d14063bc6ae64a0c8f62a\System.Runtime.Serialization.ni.dll MOD - [2010/11/20 21:49:37 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8218dc4808b77f3585fb048c61597af1\SMDiagnostics.ni.dll MOD - [2010/11/20 21:49:35 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\70aac9dff3bdde548962557151c1ff49\System.Xml.Linq.ni.dll MOD - [2010/11/20 21:49:32 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll MOD - [2010/11/20 21:49:28 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\299d0b38053fd7cbd84bac2178c3703b\PresentationFramework.Aero.ni.dll MOD - [2010/11/20 21:49:18 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\da5da08245467818759aa44c4eb948e1\System.Web.ni.dll MOD - [2010/11/20 21:49:02 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bfaf8f86e69928fb2f67987c0203f603\PresentationFramework.ni.dll MOD - [2010/11/20 21:48:49 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll MOD - [2010/11/20 21:48:42 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll MOD - [2010/11/20 21:48:40 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2ad23de8284d4594aa658dfb5e667d97\PresentationCore.ni.dll MOD - [2010/11/20 21:48:30 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll MOD - [2010/11/20 21:48:25 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll MOD - [2010/11/20 21:48:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll MOD - [2010/11/20 21:48:21 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll MOD - [2010/11/20 21:48:14 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2013/05/08 16:49:16 | 000,174,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\McAPExe.exe -- (McAPExe) SRV:[b]64bit:[/b] - [2013/05/06 08:45:48 | 000,018,152 | ---- | M] (Tenable Network Security, Inc) [Disabled | Stopped] -- C:\Program Files\Nessus\nessus-service.exe -- (Tenable Nessus) SRV:[b]64bit:[/b] - [2013/04/11 10:30:50 | 000,602,944 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV:[b]64bit:[/b] - [2013/04/03 13:34:46 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:[b]64bit:[/b] - [2013/04/03 13:32:06 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:[b]64bit:[/b] - [2013/02/28 09:46:18 | 001,017,016 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore) SRV:[b]64bit:[/b] - [2013/01/22 17:51:56 | 000,325,808 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy) SRV:[b]64bit:[/b] - [2013/01/22 17:51:56 | 000,325,808 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc) SRV:[b]64bit:[/b] - [2013/01/22 17:51:56 | 000,325,808 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:[b]64bit:[/b] - [2013/01/22 17:51:56 | 000,325,808 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:[b]64bit:[/b] - [2013/01/22 17:51:56 | 000,325,808 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc) SRV:[b]64bit:[/b] - [2012/09/05 13:40:42 | 000,323,072 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:[b]64bit:[/b] - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV:[b]64bit:[/b] - [2012/08/23 16:05:12 | 003,342,640 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV:[b]64bit:[/b] - [2012/08/23 16:04:28 | 000,272,688 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:[b]64bit:[/b] - [2012/08/23 16:04:00 | 000,629,040 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:[b]64bit:[/b] - [2012/08/23 16:03:14 | 000,149,296 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:[b]64bit:[/b] - [2012/08/23 13:39:38 | 000,135,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV:[b]64bit:[/b] - [2012/07/18 00:52:16 | 000,659,472 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:[b]64bit:[/b] - [2012/05/30 13:11:34 | 000,149,544 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:[b]64bit:[/b] - [2012/04/20 14:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV:[b]64bit:[/b] - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009/07/13 19:41:19 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lpdsvc.dll -- (LPDSVC) SRV:[b]64bit:[/b] - [2009/07/13 19:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp) SRV:[b]64bit:[/b] - [2009/07/13 19:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC) SRV - [2013/08/17 08:44:26 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot\SDUpdSvc.exe -- (SDUpdateService) SRV - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot\SDFSSvc.exe -- (SDScannerService) SRV - [2013/05/15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot\SDWSCSvc.exe -- (SDWSCService) SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/04/16 03:07:06 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service) SRV - [2013/02/28 19:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2012/12/14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012/09/01 18:07:22 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2012/07/17 14:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012/07/17 14:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012/07/13 03:02:15 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012/06/25 10:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service) SRV - [2012/03/28 06:49:11 | 000,140,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2012/02/16 11:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService) SRV - [2012/02/09 09:24:58 | 003,074,624 | ---- | M] (ContentWatch, Inc.) [Auto | Running] -- C:\Program Files (x86)\ContentWatch\Internet Protection\cwsvc.exe -- (CwAltaService20) SRV - [2011/12/21 19:33:40 | 001,104,208 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2011/12/21 19:33:38 | 001,304,912 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2011/12/21 19:33:34 | 001,014,096 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2010/11/20 21:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010/11/20 21:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009/07/13 19:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp) SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2013/07/26 13:42:00 | 000,046,816 | ---- | M] (Tenable Network Security, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NessusMp60.sys -- (NessusMp60) DRV:[b]64bit:[/b] - [2013/07/04 15:57:00 | 000,131,856 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:[b]64bit:[/b] - [2013/04/10 14:19:19 | 000,251,128 | ---- | M] (Pismo Technic Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pfmfs_853.sys -- (pfmfs_853) DRV:[b]64bit:[/b] - [2013/04/03 13:37:38 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:[b]64bit:[/b] - [2013/04/03 13:34:58 | 000,342,416 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:[b]64bit:[/b] - [2013/04/03 13:33:06 | 000,772,944 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:[b]64bit:[/b] - [2013/04/03 13:32:14 | 000,516,608 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:[b]64bit:[/b] - [2013/04/03 13:31:36 | 000,309,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:[b]64bit:[/b] - [2013/04/03 13:31:14 | 000,179,664 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:[b]64bit:[/b] - [2013/02/28 19:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:[b]64bit:[/b] - [2013/02/18 07:46:56 | 000,095,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk) DRV:[b]64bit:[/b] - [2013/02/18 07:46:50 | 000,337,120 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc) DRV:[b]64bit:[/b] - [2013/01/03 21:38:01 | 000,791,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:[b]64bit:[/b] - [2013/01/03 21:38:01 | 000,358,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:[b]64bit:[/b] - [2013/01/03 21:38:01 | 000,020,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:[b]64bit:[/b] - [2012/12/14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2012/12/06 12:11:40 | 011,518,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64) DRV:[b]64bit:[/b] - [2012/10/24 14:50:28 | 000,769,168 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2012/09/18 23:46:20 | 000,447,864 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:[b]64bit:[/b] - [2012/09/05 13:40:42 | 000,542,208 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:[b]64bit:[/b] - [2012/09/01 18:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA) DRV:[b]64bit:[/b] - [2012/09/01 18:01:56 | 000,028,216 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF) DRV:[b]64bit:[/b] - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b]64bit:[/b] - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:[b]64bit:[/b] - [2012/07/02 15:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2012/06/19 07:40:52 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:[b]64bit:[/b] - [2012/06/14 23:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR) DRV:[b]64bit:[/b] - [2012/05/30 13:10:50 | 000,016,168 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:[b]64bit:[/b] - [2012/05/28 10:28:18 | 000,197,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK) DRV:[b]64bit:[/b] - [2012/02/01 17:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2011/12/14 13:26:56 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex) DRV:[b]64bit:[/b] - [2011/12/13 10:26:20 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:[b]64bit:[/b] - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010/11/20 21:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2010/11/20 21:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009/07/13 19:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2006/11/01 03:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6F6B90A9-2C85-4A0F-81CA-7D9C0E4BB00F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6F6B90A9-2C85-4A0F-81CA-7D9C0E4BB00F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\..\SearchScopes,DefaultScope = {877A4BFA-5235-4B0C-8D30-F1345A2FB43D} IE - HKCU\..\SearchScopes\{877A4BFA-5235-4B0C-8D30-F1345A2FB43D}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\..\SearchScopes\{CAC447BD-6F74-41CA-AAD5-F1B7824B400C}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en" FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16 FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.4.4 FF - prefs.js..extensions.enabledAddons: %7B7b1bf0b6-a1b9-42b0-b75d-252036438bdc%7D:6.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1 FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/08/18 21:40:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/08/18 21:42:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/08/18 21:40:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/08/18 21:40:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/08/18 21:40:18 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/08/18 21:40:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013/06/18 17:39:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zewolfe\AppData\Roaming\Mozilla\Extensions [2013/08/18 22:06:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zewolfe\AppData\Roaming\Mozilla\Firefox\Profiles\eia19x6f.default-1375556196811\extensions [2013/08/18 22:07:00 | 000,000,000 | ---D | M] (Youtube High Definition) -- C:\Users\Zewolfe\AppData\Roaming\Mozilla\Firefox\Profiles\eia19x6f.default-1375556196811\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc} [2013/08/17 08:34:25 | 000,002,109 | ---- | M] () (No name found) -- C:\Users\Zewolfe\AppData\Roaming\Mozilla\Firefox\Profiles\eia19x6f.default-1375556196811\extensions\garg_sms@yahoo.in.xpi [2013/08/17 08:32:48 | 000,169,523 | ---- | M] () (No name found) -- C:\Users\Zewolfe\AppData\Roaming\Mozilla\Firefox\Profiles\eia19x6f.default-1375556196811\extensions\jid0-SQnwtgW1b8BsMB5PLV5WScEDWOw@jetpack.xpi [2013/08/17 08:38:51 | 000,004,525 | ---- | M] () (No name found) -- C:\Users\Zewolfe\AppData\Roaming\Mozilla\Firefox\Profiles\eia19x6f.default-1375556196811\extensions\youtubeunblocker@unblocker.yt.xpi [2013/08/17 08:58:04 | 000,017,472 | ---- | M] () (No name found) -- C:\Users\Zewolfe\AppData\Roaming\Mozilla\Firefox\Profiles\eia19x6f.default-1375556196811\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2013/08/06 10:52:02 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Zewolfe\AppData\Roaming\Mozilla\Firefox\Profiles\eia19x6f.default-1375556196811\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013/08/18 21:40:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013/08/18 21:40:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2013/02/08 16:46:38 | 000,000,901 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 localhost O2:[b]64bit:[/b] - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Users\Public\Portable\BitComet_1.36\tools\bitcometbho.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4:[b]64bit:[/b] - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:[b]64bit:[/b] - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:[b]64bit:[/b] - HKLM..\Run: [Keyboard Suite Daemon] C:\Windows\SysNative\xManager\PELKBD.EXE (PRIMAX) O4:[b]64bit:[/b] - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Windows\SysNative\ico.exe (Primax Electronics Ltd.) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [cwcptray] C:\Program Files (x86)\ContentWatch\Internet Protection\cwtray.exe (ContentWatch, Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [stayfocused2] C:\Program Files (x86)\Stayfocused\stayfocused.exe (Bytesignals) O4 - Startup: C:\Users\Zewolfe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk = C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O8:[b]64bit:[/b] - Extra context menu item: &D&ownload &with BitComet - res://C:\Users\Public\Portable\BitComet_1.36\BitComet_x64.exe/AddLink.htm File not found O8:[b]64bit:[/b] - Extra context menu item: &D&ownload all with BitComet - res://C:\Users\Public\Portable\BitComet_1.36\BitComet_x64.exe/AddAllLink.htm File not found O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Users\Public\Portable\BitComet_1.36\BitComet_x64.exe/AddLink.htm File not found O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Users\Public\Portable\BitComet_1.36\BitComet_x64.exe/AddAllLink.htm File not found O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Users\Public\Portable\BitComet_1.36\tools\bitcometbho.dll/206 File not found O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000024 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000025 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab (SysInfo Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7972F88-35B7-4D16-B97D-75753058823A}: DhcpNameServer = 192.168.0.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F53F2CB8-A6E6-46E8-B13C-28A1C0F3459C}: DhcpNameServer = 192.168.0.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F53F2CB8-A6E6-46E8-B13C-28A1C0F3459C}: NameServer = 4.2.2.1,4.2.2.2 O18:[b]64bit:[/b] - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:[b]64bit:[/b] - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013/08/10 06:57:07 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/08/19 11:24:01 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2013/08/19 10:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013/08/19 04:50:51 | 000,000,000 | -HSD | C] -- C:\Recovery [2013/08/18 23:23:01 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2013/08/18 23:18:49 | 000,000,000 | ---D | C] -- C:\inetpub [2013/08/18 23:10:04 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~Q [2013/08/18 22:48:01 | 000,000,000 | -H-D | C] -- C:\$INPLACE.~TR [2013/08/18 21:28:55 | 000,000,000 | --SD | C] -- C:\Users\Zewolfe\AppData\Roaming\Microsoft [2013/08/18 21:28:55 | 000,000,000 | R--D | C] -- C:\Users\Zewolfe\Videos [2013/08/18 21:28:55 | 000,000,000 | R--D | C] -- C:\Users\Zewolfe\Saved Games [2013/08/18 21:28:55 | 000,000,000 | R--D | C] -- C:\Users\Zewolfe\Pictures [2013/08/18 21:28:55 | 000,000,000 | R--D | C] -- C:\Users\Zewolfe\Music [2013/08/18 21:28:55 | 000,000,000 | R--D | C] -- C:\Users\Zewolfe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013/08/18 21:28:55 | 000,000,000 | R--D | C] -- C:\Users\Zewolfe\Links [2013/08/18 21:28:55 | 000,000,000 | R--D | C] -- C:\Users\Zewolfe\Favorites [2013/08/18 21:28:55 | 000,000,000 | R--D | C] -- C:\Users\Zewolfe\Downloads [2013/08/18 21:28:55 | 000,000,000 | R--D | C] -- C:\Users\Zewolfe\Documents [2013/08/18 21:28:55 | 000,000,000 | R--D | C] -- C:\Users\Zewolfe\Desktop [2013/08/18 21:28:55 | 000,000,000 | R--D | C] -- C:\Users\Zewolfe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013/08/18 21:28:55 | 000,000,000 | -HSD | C] -- C:\Users\Zewolfe\AppData\Local\Temporary Internet Files [2013/08/18 21:28:55 | 000,000,000 | -HSD | C] -- C:\Users\Zewolfe\Templates [2013/08/18 21:28:55 | 000,000,000 | -HSD | C] -- C:\Users\Zewolfe\Start Menu [2013/08/18 21:28:55 | 000,000,000 | -HSD | C] -- C:\Users\Zewolfe\SendTo [2013/08/18 21:28:55 | 000,000,000 | -HSD | C] -- C:\Users\Zewolfe\Recent [2013/08/18 21:28:55 | 000,000,000 | -HSD | C] -- C:\Users\Zewolfe\PrintHood [2013/08/18 21:28:55 | 000,000,000 | -HSD | C] -- C:\Users\Zewolfe\NetHood [2013/08/18 21:28:55 | 000,000,000 | -HSD | C] -- C:\Users\Zewolfe\Documents\My Videos [2013/08/18 21:28:55 | 000,000,000 | -HSD | C] -- C:\Users\Zewolfe\Documents\My Pictures [2013/08/18 21:28:55 | 000,000,000 | -HSD | C] -- C:\Users\Zewolfe\Documents\My Music [2013/08/18 21:28:55 | 000,000,000 | -HSD | C] -- C:\Users\Zewolfe\My Documents [2013/08/18 21:28:55 | 000,000,000 | -HSD | C] -- C:\Users\Zewolfe\Local Settings [2013/08/18 21:28:55 | 000,000,000 | -HSD | C] -- C:\Users\Zewolfe\AppData\Local\History [2013/08/18 21:28:55 | 000,000,000 | -HSD | C] -- C:\Users\Zewolfe\Cookies [2013/08/18 21:28:55 | 000,000,000 | -HSD | C] -- C:\Users\Zewolfe\Application Data [2013/08/18 21:28:55 | 000,000,000 | -HSD | C] -- C:\Users\Zewolfe\AppData\Local\Application Data [2013/08/18 21:28:55 | 000,000,000 | -H-D | C] -- C:\Users\Zewolfe\AppData [2013/08/18 21:28:55 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Local\Temp [2013/08/18 21:28:55 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Local\Microsoft [2013/08/18 21:28:55 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Roaming\Media Center Programs [2013/08/18 21:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\DellTPad [2013/08/18 21:26:41 | 006,100,480 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll [2013/08/18 21:26:41 | 001,821,184 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNC64.cpl [2013/08/18 21:26:41 | 001,008,472 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2013/08/18 21:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\IDT [2013/08/18 21:26:32 | 000,056,832 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.DLL [2013/08/18 21:26:32 | 000,056,320 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.DLL [2013/08/18 21:25:10 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2013/08/18 19:00:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Magical Jelly Bean [2013/08/18 19:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder [2013/08/18 06:19:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UEFI Winflash [2013/08/18 06:19:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UEFI Winflash [2013/08/17 08:44:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/08/17 08:10:12 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\Documents\Phoenix BIOS [2013/08/17 07:45:46 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Roaming\PCDr [2013/08/15 15:56:55 | 000,000,000 | ---D | C] -- C:\Windows\Favorites [2013/08/15 15:56:53 | 000,000,000 | ---D | C] -- C:\Windows\Profiles [2013/08/15 09:03:32 | 000,713,248 | ---- | C] (PortableApps.com) -- C:\Users\Zewolfe\Desktop\SMPlayer_Portable_MPlayer_Codec_Addon_1.1_online.paf.exe [2013/08/14 17:38:09 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\Zewolfe\Desktop\dds.com [2013/08/14 13:13:35 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\Desktop\RMPrepUSB_Portable [2013/08/14 12:57:33 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\Desktop\usb110511 [2013/08/12 19:13:04 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Roaming\Audacity [2013/08/12 12:19:27 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\Desktop\Win7-Setup [2013/08/12 12:11:50 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\Desktop\Win7 [2013/08/11 07:21:16 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\Desktop\WinRepair [2013/08/10 19:47:57 | 000,000,000 | ---D | C] -- C:\Program Files\stinger [2013/08/10 07:58:41 | 000,000,000 | ---D | C] -- C:\FRST [2013/08/10 07:23:58 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/08/10 06:55:49 | 000,000,000 | ---D | C] -- C:\Autoruns [2013/08/09 12:27:54 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\SecurityScans [2013/08/09 12:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Baseline Security Analyzer 2 [2013/08/09 10:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2013/08/09 10:06:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/08/09 08:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2013/08/08 13:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013/08/08 13:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013/08/08 13:02:39 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\Documents\ProcAlyzer Dumps [2013/08/08 12:29:33 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Roaming\Malwarebytes [2013/08/08 07:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2013/08/08 05:54:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013/08/08 05:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot [2013/08/08 05:53:30 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013/08/08 05:53:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot [2013/08/07 11:35:27 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Roaming\Dell [2013/08/07 08:56:24 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\Documents\Xirrus sidebar [2013/08/07 08:54:32 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\Documents\games [2013/08/07 08:44:32 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\Documents\Thunderbird Email [2013/08/07 08:35:14 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\Documents\Backup of David's Computers [2013/08/07 08:30:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013/08/06 11:28:27 | 000,105,064 | ---- | C] (Algin Technology LLC) -- C:\Windows\SysWow64\ls.exe [2013/08/06 11:28:27 | 000,090,624 | ---- | C] (GNU) -- C:\Windows\SysWow64\grep.exe [2013/08/05 19:40:35 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Local\Programs [2013/08/05 18:31:01 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Roaming\avidemux [2013/08/05 18:19:08 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Roaming\VidCoder [2013/08/04 21:37:45 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Roaming\Emerge Desktop [2013/08/04 20:41:30 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Roaming\stayfocused2 [2013/08/04 20:41:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stayfocused [2013/08/04 20:41:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stayfocused [2013/08/04 14:51:19 | 000,197,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys [2013/08/03 12:56:44 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\Documents\Old Firefox Data [2013/07/27 17:10:58 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Local\Microsoft_Corporation [2013/07/26 13:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tenable Network Security [2013/07/26 13:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Tenable [2013/07/26 13:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\Nessus [2013/07/26 13:42:00 | 000,046,816 | ---- | C] (Tenable Network Security, Inc.) -- C:\Windows\SysNative\drivers\NessusMp60.sys [2013/07/26 10:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox [2013/07/26 10:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2013/07/25 10:10:23 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\.MakeMKV [2013/07/24 13:08:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cwRsync [2013/07/24 09:23:59 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Local\uGet [2013/07/22 20:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Softland [2013/07/22 20:45:57 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Roaming\Softland [2013/07/22 20:38:26 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Backup [2013/07/22 20:23:10 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\.areca [2013/07/22 18:14:14 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\.ipython [2013/07/22 16:17:54 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Roaming\Rafal [2013/07/22 12:44:32 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Roaming\xVideoServiceThief [2013/07/21 22:07:40 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\Documents\Themes [2013/07/21 21:11:08 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Roaming\Arnaud_Dovi [2013/07/21 21:09:46 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Roaming\Duplicati [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/08/19 10:14:08 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/08/19 10:14:08 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/08/19 10:07:42 | 000,831,714 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/08/19 10:07:42 | 000,695,878 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/08/19 10:07:42 | 000,136,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/08/19 09:59:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/08/19 09:59:07 | 2034,970,623 | -HS- | M] () -- C:\hiberfil.sys [2013/08/19 04:57:52 | 000,824,328 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/08/19 04:54:15 | 000,001,443 | ---- | M] () -- C:\Users\Zewolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2013/08/19 04:51:28 | 000,001,236 | RHS- | M] () -- C:\Users\Zewolfe\ntuser.pol [2013/08/19 01:38:26 | 000,115,640 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013/08/19 01:38:26 | 000,115,640 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2013/08/19 01:11:13 | 000,022,840 | ---- | M] () -- C:\Windows\SysNative\emptyregdb.dat [2013/08/19 01:03:12 | 000,434,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/08/18 21:27:43 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iBtFltCoex_01009.Wdf [2013/08/18 21:27:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf [2013/08/18 21:26:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013/08/18 21:26:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf [2013/08/18 19:52:27 | 000,003,322 | ---- | M] () -- C:\Users\Zewolfe\Desktop\Windows Compatibility Report.htm [2013/08/18 19:47:42 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml [2013/08/18 19:47:42 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml [2013/08/18 19:00:36 | 000,001,112 | ---- | M] () -- C:\Users\Zewolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\KeyFinder.lnk [2013/08/17 09:16:36 | 000,001,699 | ---- | M] () -- C:\Users\Zewolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\7zip.lnk [2013/08/17 08:52:37 | 000,001,165 | ---- | M] () -- C:\Users\Zewolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2013/08/17 08:36:08 | 000,758,480 | ---- | M] () -- C:\Users\Zewolfe\Desktop\freecorder8-setup.exe [2013/08/16 21:55:45 | 171,796,163 | ---- | M] () -- C:\Users\Zewolfe\Desktop\David_interview_at_JS.webm [2013/08/14 20:26:26 | 000,016,252 | ---- | M] () -- C:\Users\Zewolfe\Desktop\Eddy Barillas.html [2013/08/12 21:36:59 | 000,000,114 | RH-- | M] () -- C:\Users\Zewolfe\Desktop\Stinger.opt [2013/08/09 18:16:55 | 000,003,566 | ---- | M] () -- C:\Users\Zewolfe\Documents\serge-logins.kdbx [2013/08/09 17:46:53 | 000,000,187 | ---- | M] () -- C:\Users\Zewolfe\Documents\serge-logins.key [2013/08/09 12:27:35 | 000,002,048 | ---- | M] () -- C:\Uninstall.dat [2013/08/09 12:25:24 | 000,001,083 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Baseline Security Analyzer 2.2.lnk [2013/08/08 14:01:05 | 000,001,040 | ---- | M] () -- C:\Users\Zewolfe\Desktop\_SecTools.lnk [2013/08/08 09:08:48 | 000,001,024 | ---- | M] () -- C:\.rnd [2013/08/08 05:53:38 | 000,001,194 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013/08/07 09:35:42 | 000,002,116 | ---- | M] () -- C:\Users\Zewolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk [2013/08/04 20:41:26 | 000,001,073 | ---- | M] () -- C:\Users\Zewolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\My Program.lnk [2013/08/03 12:27:47 | 000,012,292 | -H-- | M] () -- C:\Users\Zewolfe\.DS_Store [2013/08/03 09:25:27 | 000,000,016 | ---- | M] () -- C:\Users\Zewolfe\photorec.sig [2013/07/26 13:42:00 | 000,046,816 | ---- | M] (Tenable Network Security, Inc.) -- C:\Windows\SysNative\drivers\NessusMp60.sys [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/08/19 04:54:15 | 000,001,415 | ---- | C] () -- C:\Users\Zewolfe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013/08/19 04:53:58 | 000,001,449 | ---- | C] () -- C:\Users\Zewolfe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013/08/19 04:51:28 | 000,001,236 | RHS- | C] () -- C:\Users\Zewolfe\ntuser.pol [2013/08/19 04:47:16 | 2034,970,623 | -HS- | C] () -- C:\hiberfil.sys [2013/08/18 21:28:55 | 000,000,290 | ---- | C] () -- C:\Users\Zewolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2013/08/18 21:28:55 | 000,000,272 | ---- | C] () -- C:\Users\Zewolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2013/08/18 21:28:30 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2013/08/18 21:28:27 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2013/08/18 21:28:17 | 000,824,328 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/08/18 21:27:43 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iBtFltCoex_01009.Wdf [2013/08/18 21:27:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf [2013/08/18 21:26:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013/08/18 21:26:41 | 000,340,476 | ---- | C] () -- C:\Windows\SysNative\W92HDM6ASKULL.mps [2013/08/18 21:26:41 | 000,077,704 | ---- | C] () -- C:\Windows\SysNative\W92HDM6A.mps [2013/08/18 21:26:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf [2013/08/18 19:52:27 | 000,003,322 | ---- | C] () -- C:\Users\Zewolfe\Desktop\Windows Compatibility Report.htm [2013/08/18 19:00:36 | 000,001,112 | ---- | C] () -- C:\Users\Zewolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\KeyFinder.lnk [2013/08/18 08:20:07 | 000,157,601 | ---- | C] () -- C:\Users\Zewolfe\Desktop\Ley del Instituto Hondureño de la Niñez y la Familia IHNFA (actualizada-07).pdf [2013/08/18 08:13:00 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml [2013/08/18 08:13:00 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml [2013/08/17 09:16:36 | 000,001,699 | ---- | C] () -- C:\Users\Zewolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\7zip.lnk [2013/08/17 08:36:25 | 000,758,480 | ---- | C] () -- C:\Users\Zewolfe\Desktop\freecorder8-setup.exe [2013/08/16 12:24:18 | 171,796,163 | ---- | C] () -- C:\Users\Zewolfe\Desktop\David_interview_at_JS.webm [2013/08/14 20:26:26 | 000,016,252 | ---- | C] () -- C:\Users\Zewolfe\Desktop\Eddy Barillas.html [2013/08/14 13:05:46 | 006,595,081 | ---- | C] () -- C:\Users\Zewolfe\Desktop\RMPrepUSB_Portable_v2.1.706.zip [2013/08/14 12:54:13 | 004,278,747 | ---- | C] () -- C:\Users\Zewolfe\Desktop\usb110511.zip [2013/08/12 21:36:59 | 000,000,114 | RH-- | C] () -- C:\Users\Zewolfe\Desktop\Stinger.opt [2013/08/09 18:12:11 | 000,003,566 | ---- | C] () -- C:\Users\Zewolfe\Documents\serge-logins.kdbx [2013/08/09 17:46:53 | 000,000,187 | ---- | C] () -- C:\Users\Zewolfe\Documents\serge-logins.key [2013/08/09 12:25:24 | 000,001,095 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Baseline Security Analyzer 2.2.lnk [2013/08/09 12:25:24 | 000,001,083 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Baseline Security Analyzer 2.2.lnk [2013/08/08 14:01:05 | 000,001,040 | ---- | C] () -- C:\Users\Zewolfe\Desktop\_SecTools.lnk [2013/08/08 08:39:19 | 000,002,048 | ---- | C] () -- C:\Uninstall.dat [2013/08/08 05:53:38 | 000,001,206 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013/08/08 05:53:38 | 000,001,194 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013/08/07 09:45:20 | 000,001,165 | ---- | C] () -- C:\Users\Zewolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2013/08/06 20:07:00 | 000,001,563 | ---- | C] () -- C:\Users\Zewolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\Vbx.lnk [2013/08/04 20:41:26 | 000,001,073 | ---- | C] () -- C:\Users\Zewolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\My Program.lnk [2013/08/03 11:27:41 | 000,012,292 | -H-- | C] () -- C:\Users\Zewolfe\.DS_Store [2013/08/03 09:21:09 | 000,000,016 | ---- | C] () -- C:\Users\Zewolfe\photorec.sig [2013/08/01 19:04:48 | 003,660,188 | ---- | C] () -- C:\Users\Zewolfe\Documents\_JVC Camcorder Manual_.PDF [2013/07/09 12:51:56 | 000,000,266 | ---- | C] () -- C:\Users\Zewolfe\.bash_history [2013/07/09 12:39:24 | 000,000,062 | ---- | C] () -- C:\Users\Zewolfe\.gitconfig [2013/06/26 17:04:18 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll [2013/02/28 19:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2013/02/10 18:49:32 | 000,000,036 | ---- | C] () -- C:\Users\Zewolfe\.gtk-bookmarks [2013/02/01 23:44:28 | 000,237,568 | R--- | C] () -- C:\Windows\SysWow64\qtmlClient.dll [2013/02/01 23:44:28 | 000,000,000 | ---- | C] () -- C:\Windows\Graffiti5.4.ini [2013/02/01 16:24:24 | 000,000,046 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_urlsnooper_InstallInfo.dat [2013/01/03 21:52:28 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2013/01/03 21:52:28 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2012/12/14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012/12/14 02:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012/12/14 02:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012/12/13 17:29:22 | 000,000,467 | ---- | C] () -- C:\Windows\cdplayer.ini [2012/10/22 13:09:54 | 000,000,180 | ---- | C] () -- C:\Windows\lightworks.ini [2012/09/12 20:35:04 | 000,975,872 | ---- | C] () -- C:\Windows\SysWow64\libxml2_CW.dll [2012/09/12 20:35:04 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\libexpat.dll [2012/09/12 20:35:03 | 002,916,352 | ---- | C] () -- C:\Windows\SysWow64\wxmsw28u_core_vc_CW.dll [2012/09/12 20:35:03 | 001,236,992 | ---- | C] () -- C:\Windows\SysWow64\wxbase28u_vc_CW.dll [2012/09/12 20:35:03 | 001,216,512 | ---- | C] () -- C:\Windows\SysWow64\wxcode_msw28u_wxcurl_CW.dll [2012/09/12 20:35:03 | 000,716,800 | ---- | C] () -- C:\Windows\SysWow64\wxmsw28u_adv_vc_CW.dll [2012/09/12 20:35:03 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\wxmsw28u_xrc_vc_CW.dll [2012/09/12 20:35:03 | 000,499,712 | ---- | C] () -- C:\Windows\SysWow64\wxmsw28u_html_vc_CW.dll [2012/09/12 20:35:03 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\wxbase28u_xml_vc_CW.dll [2012/09/12 20:35:03 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\wxbase28u_net_vc_CW.dll [2012/09/12 20:35:03 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\wxmsw28u_media_vc_CW.dll [2012/09/12 20:35:03 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\wxcode_msw28u_wxjson_CW.dll [2012/06/25 10:33:36 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012/06/25 10:33:35 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012/01/10 19:39:16 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 21:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 21:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2013/08/18 22:06:49 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\.phlipple [2013/08/18 22:06:50 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\Arnaud_Dovi [2013/08/18 22:06:50 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\Audacity [2013/08/18 22:06:50 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\avidemux [2013/08/18 22:06:50 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\BitComet [2013/08/18 22:06:50 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\Canon [2013/08/18 22:06:50 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\Disruptive Innovations SARL [2013/08/18 22:06:51 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\Duplicati [2013/08/18 22:06:51 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\Emerge Desktop [2013/08/18 22:06:51 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\HandBrake [2013/08/18 22:06:51 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\ImgBurn [2013/08/18 22:06:51 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\IrfanView [2013/08/18 22:06:51 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\JAM Software [2013/08/18 22:06:51 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\KompoZer [2013/08/18 22:06:52 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\LockHunter [2013/08/19 11:24:00 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\Notepad++ [2013/08/18 22:07:00 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\PCDr [2013/08/18 22:07:01 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\PeaZip [2013/08/18 22:07:01 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\proDAD [2013/08/18 22:07:01 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\Rafal [2013/08/18 22:07:02 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\Softland [2013/08/18 22:07:02 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\Sony [2013/08/18 22:07:03 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\stayfocused2 [2013/08/18 22:09:15 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\Thunderbird [2013/06/29 12:29:11 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\TightVNC [2013/08/18 22:09:15 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\Titler [2013/08/18 22:09:15 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\Ulead Systems [2013/08/18 22:09:20 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\VidCoder [2013/08/18 22:09:22 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\XnConvert [2013/08/18 22:09:22 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\xVideoServiceThief [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 60 bytes -> C:\Users\Zewolfe\.DS_Store:AFP_AfpInfo < End of report >