Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware iis alterning my network settings

Started by zewolfe , Aug 19 2013 12:07 PM

  • Please log in to reply

#1
zewolfe
Posted 19 August 2013 - 12:07 PM

zewolfe

    New Member

  • Member
  • Pip
  • 1 posts
Hi!
I appreciate any help in advance...
Anyway, I downloaded and ran an unofficial build of mirc that had a backdoor. Now, when I do a netsh interface dump, I get strange entries in my network configuration. It was before as it added an Ethernet 21 connection before on IPv4. I have since disabled IPv6 for now.
I ran RogueKiller, which originally found a proxy that I deleted, TDSSKiller, McAfee Stinger [which did not find anything], Attached File  OTL.Txt   163.09KB   93 downloadsMalwarebytes, I cleaned my temp files, I did an in-place repair/upgrade of Windows...same problem. HELP!
# ----------------------------------
# IPv6 Configuration
# ----------------------------------
pushd interface ipv6

reset
set interface interface="Local Area Connection* 15" forwarding=disabled advertise=disabled mtu=1280 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv6 configuration



# ----------------------------------

OTL logfile created on: 8/19/2013 11:35:28 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zewolfe\Desktop\_SPECIAL_PROJECTS_\Security Tools\_Malware tools and reports\Malware progs
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.86 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 34.08% Memory free
15.72 Gb Paging File | 10.41 Gb Available in Paging File | 66.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.47 Gb Total Space | 454.31 Gb Free Space | 49.57% Space Free | Partition Type: NTFS
Drive H: | 7.28 Gb Total Space | 0.01 Gb Free Space | 0.08% Space Free | Partition Type: NTFS

Computer Name: BANDERET2 | User Name: Zewolfe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/19 11:24:01 | 001,564,672 | ---- | M] (Don HO [email protected]) -- C:\Program Files (x86)\Notepad++\notepad++.exe
PRC - [2013/08/17 08:44:26 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/08/07 08:30:50 | 000,389,016 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2013/08/04 14:45:34 | 001,861,512 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
PRC - [2013/05/16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot\SDTray.exe
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot\SDUpdSvc.exe
PRC - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot\SDFSSvc.exe
PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/16 03:07:06 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/01/03 21:38:00 | 000,291,648 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/10/05 14:57:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zewolfe\Desktop\_SPECIAL_PROJECTS_\Security Tools\_Malware tools and reports\Malware progs\OTL.exe
PRC - [2012/09/01 18:07:22 | 000,285,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/09/01 18:07:22 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/07/17 14:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 14:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/06/25 10:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/03/28 06:49:11 | 000,140,456 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2012/02/16 11:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2012/02/09 09:24:58 | 003,074,624 | ---- | M] (ContentWatch, Inc.) -- C:\Program Files (x86)\ContentWatch\Internet Protection\cwsvc.exe
PRC - [2012/02/09 09:24:58 | 000,676,416 | ---- | M] (ContentWatch, Inc.) -- C:\Program Files (x86)\ContentWatch\Internet Protection\cwtray.exe
PRC - [2012/01/27 15:30:16 | 000,465,216 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2012/01/26 20:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2012/01/26 20:47:36 | 004,293,952 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/19 05:36:57 | 001,075,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\852636470bd3fbaba6cff6230e90eaaa\System.ServiceModel.Web.ni.dll
MOD - [2013/08/19 05:35:39 | 002,959,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\42906f66c63887b2f1b140eb1ea73919\System.IdentityModel.ni.dll
MOD - [2013/08/19 05:35:36 | 019,537,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\44695c46bbf1cef284a210664a03043e\System.ServiceModel.ni.dll
MOD - [2013/08/19 05:35:23 | 000,029,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\0d908b16e41ff0cbd3ddd6f6facd7817\IAStorDataMgrSvcInterfaces.ni.dll
MOD - [2013/08/19 05:35:21 | 000,026,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\2f2b1bc379cd38841f05399944927d8f\IAStorCommon.ni.dll
MOD - [2013/08/19 05:34:57 | 000,366,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\a3b23c37c111913b6fb7f9ca7b0195d9\IAStorUtil.ni.dll
MOD - [2013/08/19 05:34:54 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\72227d58a04b80252053352dead3b9a3\System.ServiceModel.Internals.ni.dll
MOD - [2013/08/19 05:34:54 | 000,121,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\176ea254700896ee68956986b947ea9b\SMDiagnostics.ni.dll
MOD - [2013/08/19 05:34:53 | 002,786,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\a46953d62d9923cfd393cb102df2e6ad\System.Runtime.Serialization.ni.dll
MOD - [2013/08/19 04:59:37 | 012,698,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\5f27b142c87d877c73ac245ab951a773\System.Windows.Forms.ni.dll
MOD - [2013/08/19 04:59:37 | 007,566,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\82d58d49946f82eb56bae40f3b097784\System.Xml.ni.dll
MOD - [2013/08/19 04:59:34 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a35e871c52b7a7aee64c969c02acfaa0\System.Core.ni.dll
MOD - [2013/08/19 04:59:32 | 000,964,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2fd755147672c80dd4b13978933f8a3d\System.Configuration.ni.dll
MOD - [2013/08/19 04:59:30 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\cceaf9d7891fc325a90473aa9a661661\System.Drawing.ni.dll
MOD - [2013/08/19 04:59:28 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ac79b74f022d9a096de2b884f4249543\System.ni.dll
MOD - [2013/08/19 04:59:23 | 016,547,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\bf2ecabcd96ec8238dc385b0a3ffa084\mscorlib.ni.dll
MOD - [2013/08/17 08:44:26 | 003,551,640 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/08/07 08:30:51 | 002,244,504 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2013/08/07 08:30:51 | 000,158,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2013/08/07 08:30:51 | 000,022,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2013/08/04 14:45:33 | 016,166,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
MOD - [2013/07/27 02:21:46 | 001,589,248 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\DSpellCheck.dll
MOD - [2013/05/16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files (x86)\Spybot\snlFileFormats150.bpl
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot\DEC150.bpl
MOD - [2013/04/21 21:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 21:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/02/06 09:56:17 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\ComparePlugin.dll
MOD - [2012/01/26 20:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/11/22 11:16:48 | 000,081,920 | ---- | M] () -- C:\Windows\SysWOW64\wxcode_msw28u_wxjson_CW.dll
MOD - [2011/11/22 11:16:38 | 001,216,512 | ---- | M] () -- C:\Windows\SysWOW64\wxcode_msw28u_wxcurl_CW.dll
MOD - [2011/11/22 11:14:20 | 000,975,872 | ---- | M] () -- C:\Windows\SysWOW64\libxml2_CW.dll
MOD - [2011/11/22 11:09:30 | 000,151,552 | ---- | M] () -- C:\Windows\SysWOW64\libexpat.dll
MOD - [2011/11/22 10:51:56 | 002,916,352 | ---- | M] () -- C:\Windows\SysWOW64\wxmsw28u_core_vc_CW.dll
MOD - [2011/11/22 10:51:56 | 001,236,992 | ---- | M] () -- C:\Windows\SysWOW64\wxbase28u_vc_CW.dll
MOD - [2011/11/22 10:51:56 | 000,716,800 | ---- | M] () -- C:\Windows\SysWOW64\wxmsw28u_adv_vc_CW.dll
MOD - [2011/11/22 10:51:56 | 000,499,712 | ---- | M] () -- C:\Windows\SysWOW64\wxmsw28u_html_vc_CW.dll
MOD - [2011/11/22 10:51:56 | 000,135,168 | ---- | M] () -- C:\Windows\SysWOW64\wxbase28u_xml_vc_CW.dll
MOD - [2011/09/21 14:46:28 | 001,673,728 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
MOD - [2011/07/18 15:07:28 | 000,014,336 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
MOD - [2010/11/20 21:52:47 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\f0f10d0591d11a36ee2aa8ee2fbdb2bf\System.WorkflowServices.ni.dll
MOD - [2010/11/20 21:52:31 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\4782a5d2bc7d86895faf404a3470aacb\System.ServiceModel.Web.ni.dll
MOD - [2010/11/20 21:51:14 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\b4c60dd01be760ee0452df2c040de8fc\System.IdentityModel.ni.dll
MOD - [2010/11/20 21:51:12 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e2642bff810609f64343e53dddb6b59c\System.ServiceModel.ni.dll
MOD - [2010/11/20 21:49:37 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\4a984a9ad59d14063bc6ae64a0c8f62a\System.Runtime.Serialization.ni.dll
MOD - [2010/11/20 21:49:37 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8218dc4808b77f3585fb048c61597af1\SMDiagnostics.ni.dll
MOD - [2010/11/20 21:49:35 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\70aac9dff3bdde548962557151c1ff49\System.Xml.Linq.ni.dll
MOD - [2010/11/20 21:49:32 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
MOD - [2010/11/20 21:49:28 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\299d0b38053fd7cbd84bac2178c3703b\PresentationFramework.Aero.ni.dll
MOD - [2010/11/20 21:49:18 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\da5da08245467818759aa44c4eb948e1\System.Web.ni.dll
MOD - [2010/11/20 21:49:02 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bfaf8f86e69928fb2f67987c0203f603\PresentationFramework.ni.dll
MOD - [2010/11/20 21:48:49 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2010/11/20 21:48:42 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2010/11/20 21:48:40 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2ad23de8284d4594aa658dfb5e667d97\PresentationCore.ni.dll
MOD - [2010/11/20 21:48:30 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll
MOD - [2010/11/20 21:48:25 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2010/11/20 21:48:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2010/11/20 21:48:21 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2010/11/20 21:48:14 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/08 16:49:16 | 000,174,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\McAPExe.exe -- (McAPExe)
SRV:64bit: - [2013/05/06 08:45:48 | 000,018,152 | ---- | M] (Tenable Network Security, Inc) [Disabled | Stopped] -- C:\Program Files\Nessus\nessus-service.exe -- (Tenable Nessus)
SRV:64bit: - [2013/04/11 10:30:50 | 000,602,944 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2013/04/03 13:34:46 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2013/04/03 13:32:06 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2013/02/28 09:46:18 | 001,017,016 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore)
SRV:64bit: - [2013/01/22 17:51:56 | 000,325,808 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2013/01/22 17:51:56 | 000,325,808 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2013/01/22 17:51:56 | 000,325,808 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2013/01/22 17:51:56 | 000,325,808 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2013/01/22 17:51:56 | 000,325,808 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2012/09/05 13:40:42 | 000,323,072 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2012/08/23 16:05:12 | 003,342,640 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/08/23 16:04:28 | 000,272,688 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012/08/23 16:04:00 | 000,629,040 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/08/23 16:03:14 | 000,149,296 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/08/23 13:39:38 | 000,135,984 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012/07/18 00:52:16 | 000,659,472 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2012/05/30 13:11:34 | 000,149,544 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2012/04/20 14:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:41:19 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lpdsvc.dll -- (LPDSVC)
SRV:64bit: - [2009/07/13 19:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2009/07/13 19:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2013/08/17 08:44:26 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot\SDUpdSvc.exe -- (SDUpdateService)
SRV - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot\SDFSSvc.exe -- (SDScannerService)
SRV - [2013/05/15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot\SDWSCSvc.exe -- (SDWSCService)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/16 03:07:06 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/02/28 19:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2012/12/14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/09/01 18:07:22 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/07/17 14:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 14:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/13 03:02:15 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/06/25 10:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/03/28 06:49:11 | 000,140,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2012/02/16 11:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2012/02/09 09:24:58 | 003,074,624 | ---- | M] (ContentWatch, Inc.) [Auto | Running] -- C:\Program Files (x86)\ContentWatch\Internet Protection\cwsvc.exe -- (CwAltaService20)
SRV - [2011/12/21 19:33:40 | 001,104,208 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/12/21 19:33:38 | 001,304,912 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/12/21 19:33:34 | 001,014,096 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/11/20 21:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 21:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/07/13 19:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/07/26 13:42:00 | 000,046,816 | ---- | M] (Tenable Network Security, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NessusMp60.sys -- (NessusMp60)
DRV:64bit: - [2013/07/04 15:57:00 | 000,131,856 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2013/04/10 14:19:19 | 000,251,128 | ---- | M] (Pismo Technic Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pfmfs_853.sys -- (pfmfs_853)
DRV:64bit: - [2013/04/03 13:37:38 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2013/04/03 13:34:58 | 000,342,416 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2013/04/03 13:33:06 | 000,772,944 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2013/04/03 13:32:14 | 000,516,608 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2013/04/03 13:31:36 | 000,309,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2013/04/03 13:31:14 | 000,179,664 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2013/02/28 19:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2013/02/18 07:46:56 | 000,095,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2013/02/18 07:46:50 | 000,337,120 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2013/01/03 21:38:01 | 000,791,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2013/01/03 21:38:01 | 000,358,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2013/01/03 21:38:01 | 000,020,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/12/14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/12/06 12:11:40 | 011,518,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/10/24 14:50:28 | 000,769,168 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/09/18 23:46:20 | 000,447,864 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2012/09/05 13:40:42 | 000,542,208 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/09/01 18:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/09/01 18:01:56 | 000,028,216 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/02 15:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/19 07:40:52 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/14 23:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2012/05/30 13:10:50 | 000,016,168 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2012/05/28 10:28:18 | 000,197,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/02/01 17:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/12/14 13:26:56 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/12/13 10:26:20 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 03:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6F6B90A9-2C85-4A0F-81CA-7D9C0E4BB00F}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6F6B90A9-2C85-4A0F-81CA-7D9C0E4BB00F}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {877A4BFA-5235-4B0C-8D30-F1345A2FB43D}
IE - HKCU\..\SearchScopes\{877A4BFA-5235-4B0C-8D30-F1345A2FB43D}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{CAC447BD-6F74-41CA-AAD5-F1B7824B400C}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.4.4
FF - prefs.js..extensions.enabledAddons: %7B7b1bf0b6-a1b9-42b0-b75d-252036438bdc%7D:6.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/08/18 21:40:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/08/18 21:42:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/08/18 21:40:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/08/18 21:40:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/08/18 21:40:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/08/18 21:40:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2013/06/18 17:39:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zewolfe\AppData\Roaming\Mozilla\Extensions
[2013/08/18 22:06:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zewolfe\AppData\Roaming\Mozilla\Firefox\Profiles\eia19x6f.default-1375556196811\extensions
[2013/08/18 22:07:00 | 000,000,000 | ---D | M] (Youtube High Definition) -- C:\Users\Zewolfe\AppData\Roaming\Mozilla\Firefox\Profiles\eia19x6f.default-1375556196811\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}
[2013/08/17 08:34:25 | 000,002,109 | ---- | M] () (No name found) -- C:\Users\Zewolfe\AppData\Roaming\Mozilla\Firefox\Profiles\eia19x6f.default-1375556196811\extensions\[email protected]
[2013/08/17 08:32:48 | 000,169,523 | ---- | M] () (No name found) -- C:\Users\Zewolfe\AppData\Roaming\Mozilla\Firefox\Profiles\eia19x6f.default-1375556196811\extensions\[email protected]
[2013/08/17 08:38:51 | 000,004,525 | ---- | M] () (No name found) -- C:\Users\Zewolfe\AppData\Roaming\Mozilla\Firefox\Profiles\eia19x6f.default-1375556196811\extensions\[email protected]
[2013/08/17 08:58:04 | 000,017,472 | ---- | M] () (No name found) -- C:\Users\Zewolfe\AppData\Roaming\Mozilla\Firefox\Profiles\eia19x6f.default-1375556196811\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
[2013/08/06 10:52:02 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Zewolfe\AppData\Roaming\Mozilla\Firefox\Profiles\eia19x6f.default-1375556196811\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/08/18 21:40:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/18 21:40:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/02/08 16:46:38 | 000,000,901 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Users\Public\Portable\BitComet_1.36\tools\bitcometbho.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Keyboard Suite Daemon] C:\Windows\SysNative\xManager\PELKBD.EXE (PRIMAX)
O4:64bit: - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Windows\SysNative\ico.exe (Primax Electronics Ltd.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [cwcptray] C:\Program Files (x86)\ContentWatch\Internet Protection\cwtray.exe (ContentWatch, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [stayfocused2] C:\Program Files (x86)\Stayfocused\stayfocused.exe (Bytesignals)
O4 - Startup: C:\Users\Zewolfe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk = C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - res://C:\Users\Public\Portable\BitComet_1.36\BitComet_x64.exe/AddLink.htm File not found
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - res://C:\Users\Public\Portable\BitComet_1.36\BitComet_x64.exe/AddAllLink.htm File not found
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Users\Public\Portable\BitComet_1.36\BitComet_x64.exe/AddLink.htm File not found
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Users\Public\Portable\BitComet_1.36\BitComet_x64.exe/AddAllLink.htm File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Users\Public\Portable\BitComet_1.36\tools\bitcometbho.dll/206 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000024 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000025 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.13.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7972F88-35B7-4D16-B97D-75753058823A}: DhcpNameServer = 192.168.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F53F2CB8-A6E6-46E8-B13C-28A1C0F3459C}: DhcpNameServer = 192.168.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F53F2CB8-A6E6-46E8-B13C-28A1C0F3459C}: NameServer = 4.2.2.1,4.2.2.2
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/08/10 06:57:07 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/19 11:24:01 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013/08/19 10:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/08/19 04:50:51 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013/08/18 23:23:01 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/08/18 23:18:49 | 000,000,000 | ---D | C] -- C:\inetpub
[2013/08/18 23:10:04 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~Q
[2013/08/18 22:48:01 | 000,000,000 | -H-D | C] -- C:\$INPLACE.~TR
[2013/08/18 21:28:55 | 000,000,000 | --SD | C] -- C:\Users\Zewolfe\AppData\Roaming\Microsoft
[2013/08/18 21:28:55 | 000,000,000 | R--D | C] -- C:\Users\Zewolfe\Videos
[2013/08/18 21:28:55 | 000,000,000 | R--D | C] -- C:\Users\Zewolfe\Saved Games
[2013/08/18 21:28:55 | 000,000,000 | R--D | C] -- C:\Users\Zewolfe\Pictures
[2013/08/18 21:28:55 | 000,000,000 | R--D | C] -- C:\Users\Zewolfe\Music
[2013/08/18 21:28:55 | 000,000,000 | R--D | C] -- C:\Users\Zewolfe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/08/18 21:28:55 | 000,000,000 | R--D | C] -- C:\Users\Zewolfe\Links
[2013/08/18 21:28:55 | 000,000,000 | R--D | C] -- C:\Users\Zewolfe\Favorites
[2013/08/18 21:28:55 | 000,000,000 | R--D | C] -- C:\Users\Zewolfe\Downloads
[2013/08/18 21:28:55 | 000,000,000 | R--D | C] -- C:\Users\Zewolfe\Documents
[2013/08/18 21:28:55 | 000,000,000 | R--D | C] -- C:\Users\Zewolfe\Desktop
[2013/08/18 21:28:55 | 000,000,000 | R--D | C] -- C:\Users\Zewolfe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/08/18 21:28:55 | 000,000,000 | -HSD | C] -- C:\Users\Zewolfe\AppData\Local\Temporary Internet Files
[2013/08/18 21:28:55 | 000,000,000 | -HSD | C] -- C:\Users\Zewolfe\Templates
[2013/08/18 21:28:55 | 000,000,000 | -HSD | C] -- C:\Users\Zewolfe\Start Menu
[2013/08/18 21:28:55 | 000,000,000 | -HSD | C] -- C:\Users\Zewolfe\SendTo
[2013/08/18 21:28:55 | 000,000,000 | -HSD | C] -- C:\Users\Zewolfe\Recent
[2013/08/18 21:28:55 | 000,000,000 | -HSD | C] -- C:\Users\Zewolfe\PrintHood
[2013/08/18 21:28:55 | 000,000,000 | -HSD | C] -- C:\Users\Zewolfe\NetHood
[2013/08/18 21:28:55 | 000,000,000 | -HSD | C] -- C:\Users\Zewolfe\Documents\My Videos
[2013/08/18 21:28:55 | 000,000,000 | -HSD | C] -- C:\Users\Zewolfe\Documents\My Pictures
[2013/08/18 21:28:55 | 000,000,000 | -HSD | C] -- C:\Users\Zewolfe\Documents\My Music
[2013/08/18 21:28:55 | 000,000,000 | -HSD | C] -- C:\Users\Zewolfe\My Documents
[2013/08/18 21:28:55 | 000,000,000 | -HSD | C] -- C:\Users\Zewolfe\Local Settings
[2013/08/18 21:28:55 | 000,000,000 | -HSD | C] -- C:\Users\Zewolfe\AppData\Local\History
[2013/08/18 21:28:55 | 000,000,000 | -HSD | C] -- C:\Users\Zewolfe\Cookies
[2013/08/18 21:28:55 | 000,000,000 | -HSD | C] -- C:\Users\Zewolfe\Application Data
[2013/08/18 21:28:55 | 000,000,000 | -HSD | C] -- C:\Users\Zewolfe\AppData\Local\Application Data
[2013/08/18 21:28:55 | 000,000,000 | -H-D | C] -- C:\Users\Zewolfe\AppData
[2013/08/18 21:28:55 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Local\Temp
[2013/08/18 21:28:55 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Local\Microsoft
[2013/08/18 21:28:55 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Roaming\Media Center Programs
[2013/08/18 21:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\DellTPad
[2013/08/18 21:26:41 | 006,100,480 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll
[2013/08/18 21:26:41 | 001,821,184 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNC64.cpl
[2013/08/18 21:26:41 | 001,008,472 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013/08/18 21:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2013/08/18 21:26:32 | 000,056,832 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.DLL
[2013/08/18 21:26:32 | 000,056,320 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.DLL
[2013/08/18 21:25:10 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/08/18 19:00:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Magical Jelly Bean
[2013/08/18 19:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder
[2013/08/18 06:19:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UEFI Winflash
[2013/08/18 06:19:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UEFI Winflash
[2013/08/17 08:44:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/08/17 08:10:12 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\Documents\Phoenix BIOS
[2013/08/17 07:45:46 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Roaming\PCDr
[2013/08/15 15:56:55 | 000,000,000 | ---D | C] -- C:\Windows\Favorites
[2013/08/15 15:56:53 | 000,000,000 | ---D | C] -- C:\Windows\Profiles
[2013/08/15 09:03:32 | 000,713,248 | ---- | C] (PortableApps.com) -- C:\Users\Zewolfe\Desktop\SMPlayer_Portable_MPlayer_Codec_Addon_1.1_online.paf.exe
[2013/08/14 17:38:09 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\Zewolfe\Desktop\dds.com
[2013/08/14 13:13:35 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\Desktop\RMPrepUSB_Portable
[2013/08/14 12:57:33 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\Desktop\usb110511
[2013/08/12 19:13:04 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Roaming\Audacity
[2013/08/12 12:19:27 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\Desktop\Win7-Setup
[2013/08/12 12:11:50 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\Desktop\Win7
[2013/08/11 07:21:16 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\Desktop\WinRepair
[2013/08/10 19:47:57 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2013/08/10 07:58:41 | 000,000,000 | ---D | C] -- C:\FRST
[2013/08/10 07:23:58 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/08/10 06:55:49 | 000,000,000 | ---D | C] -- C:\Autoruns
[2013/08/09 12:27:54 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\SecurityScans
[2013/08/09 12:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Baseline Security Analyzer 2
[2013/08/09 10:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013/08/09 10:06:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/08/09 08:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/08/08 13:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/08/08 13:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/08/08 13:02:39 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\Documents\ProcAlyzer Dumps
[2013/08/08 12:29:33 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Roaming\Malwarebytes
[2013/08/08 07:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2013/08/08 05:54:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/08/08 05:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot
[2013/08/08 05:53:30 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/08/08 05:53:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot
[2013/08/07 11:35:27 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Roaming\Dell
[2013/08/07 08:56:24 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\Documents\Xirrus sidebar
[2013/08/07 08:54:32 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\Documents\games
[2013/08/07 08:44:32 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\Documents\Thunderbird Email
[2013/08/07 08:35:14 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\Documents\Backup of David's Computers
[2013/08/07 08:30:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013/08/06 11:28:27 | 000,105,064 | ---- | C] (Algin Technology LLC) -- C:\Windows\SysWow64\ls.exe
[2013/08/06 11:28:27 | 000,090,624 | ---- | C] (GNU) -- C:\Windows\SysWow64\grep.exe
[2013/08/05 19:40:35 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Local\Programs
[2013/08/05 18:31:01 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Roaming\avidemux
[2013/08/05 18:19:08 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Roaming\VidCoder
[2013/08/04 21:37:45 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Roaming\Emerge Desktop
[2013/08/04 20:41:30 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Roaming\stayfocused2
[2013/08/04 20:41:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stayfocused
[2013/08/04 20:41:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stayfocused
[2013/08/04 14:51:19 | 000,197,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
[2013/08/03 12:56:44 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\Documents\Old Firefox Data
[2013/07/27 17:10:58 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Local\Microsoft_Corporation
[2013/07/26 13:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tenable Network Security
[2013/07/26 13:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Tenable
[2013/07/26 13:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\Nessus
[2013/07/26 13:42:00 | 000,046,816 | ---- | C] (Tenable Network Security, Inc.) -- C:\Windows\SysNative\drivers\NessusMp60.sys
[2013/07/26 10:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2013/07/26 10:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2013/07/25 10:10:23 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\.MakeMKV
[2013/07/24 13:08:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cwRsync
[2013/07/24 09:23:59 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Local\uGet
[2013/07/22 20:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Softland
[2013/07/22 20:45:57 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Roaming\Softland
[2013/07/22 20:38:26 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Backup
[2013/07/22 20:23:10 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\.areca
[2013/07/22 18:14:14 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\.ipython
[2013/07/22 16:17:54 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Roaming\Rafal
[2013/07/22 12:44:32 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Roaming\xVideoServiceThief
[2013/07/21 22:07:40 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\Documents\Themes
[2013/07/21 21:11:08 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Roaming\Arnaud_Dovi
[2013/07/21 21:09:46 | 000,000,000 | ---D | C] -- C:\Users\Zewolfe\AppData\Roaming\Duplicati

========== Files - Modified Within 30 Days ==========

[2013/08/19 10:14:08 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/19 10:14:08 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/19 10:07:42 | 000,831,714 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/19 10:07:42 | 000,695,878 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/19 10:07:42 | 000,136,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/19 09:59:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/19 09:59:07 | 2034,970,623 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/19 04:57:52 | 000,824,328 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/08/19 04:54:15 | 000,001,443 | ---- | M] () -- C:\Users\Zewolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/08/19 04:51:28 | 000,001,236 | RHS- | M] () -- C:\Users\Zewolfe\ntuser.pol
[2013/08/19 01:38:26 | 000,115,640 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/08/19 01:38:26 | 000,115,640 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/08/19 01:11:13 | 000,022,840 | ---- | M] () -- C:\Windows\SysNative\emptyregdb.dat
[2013/08/19 01:03:12 | 000,434,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/08/18 21:27:43 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
[2013/08/18 21:27:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf
[2013/08/18 21:26:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/08/18 21:26:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2013/08/18 19:52:27 | 000,003,322 | ---- | M] () -- C:\Users\Zewolfe\Desktop\Windows Compatibility Report.htm
[2013/08/18 19:47:42 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2013/08/18 19:47:42 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2013/08/18 19:00:36 | 000,001,112 | ---- | M] () -- C:\Users\Zewolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\KeyFinder.lnk
[2013/08/17 09:16:36 | 000,001,699 | ---- | M] () -- C:\Users\Zewolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\7zip.lnk
[2013/08/17 08:52:37 | 000,001,165 | ---- | M] () -- C:\Users\Zewolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/08/17 08:36:08 | 000,758,480 | ---- | M] () -- C:\Users\Zewolfe\Desktop\freecorder8-setup.exe
[2013/08/16 21:55:45 | 171,796,163 | ---- | M] () -- C:\Users\Zewolfe\Desktop\David_interview_at_JS.webm
[2013/08/14 20:26:26 | 000,016,252 | ---- | M] () -- C:\Users\Zewolfe\Desktop\Eddy Barillas.html
[2013/08/12 21:36:59 | 000,000,114 | RH-- | M] () -- C:\Users\Zewolfe\Desktop\Stinger.opt
[2013/08/09 18:16:55 | 000,003,566 | ---- | M] () -- C:\Users\Zewolfe\Documents\serge-logins.kdbx
[2013/08/09 17:46:53 | 000,000,187 | ---- | M] () -- C:\Users\Zewolfe\Documents\serge-logins.key
[2013/08/09 12:27:35 | 000,002,048 | ---- | M] () -- C:\Uninstall.dat
[2013/08/09 12:25:24 | 000,001,083 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Baseline Security Analyzer 2.2.lnk
[2013/08/08 14:01:05 | 000,001,040 | ---- | M] () -- C:\Users\Zewolfe\Desktop\_SecTools.lnk
[2013/08/08 09:08:48 | 000,001,024 | ---- | M] () -- C:\.rnd
[2013/08/08 05:53:38 | 000,001,194 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/08/07 09:35:42 | 000,002,116 | ---- | M] () -- C:\Users\Zewolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/08/04 20:41:26 | 000,001,073 | ---- | M] () -- C:\Users\Zewolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\My Program.lnk
[2013/08/03 12:27:47 | 000,012,292 | -H-- | M] () -- C:\Users\Zewolfe\.DS_Store
[2013/08/03 09:25:27 | 000,000,016 | ---- | M] () -- C:\Users\Zewolfe\photorec.sig
[2013/07/26 13:42:00 | 000,046,816 | ---- | M] (Tenable Network Security, Inc.) -- C:\Windows\SysNative\drivers\NessusMp60.sys

========== Files Created - No Company Name ==========

[2013/08/19 04:54:15 | 000,001,415 | ---- | C] () -- C:\Users\Zewolfe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/08/19 04:53:58 | 000,001,449 | ---- | C] () -- C:\Users\Zewolfe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/08/19 04:51:28 | 000,001,236 | RHS- | C] () -- C:\Users\Zewolfe\ntuser.pol
[2013/08/19 04:47:16 | 2034,970,623 | -HS- | C] () -- C:\hiberfil.sys
[2013/08/18 21:28:55 | 000,000,290 | ---- | C] () -- C:\Users\Zewolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/08/18 21:28:55 | 000,000,272 | ---- | C] () -- C:\Users\Zewolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/08/18 21:28:30 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013/08/18 21:28:27 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013/08/18 21:28:17 | 000,824,328 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/08/18 21:27:43 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
[2013/08/18 21:27:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf
[2013/08/18 21:26:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/08/18 21:26:41 | 000,340,476 | ---- | C] () -- C:\Windows\SysNative\W92HDM6ASKULL.mps
[2013/08/18 21:26:41 | 000,077,704 | ---- | C] () -- C:\Windows\SysNative\W92HDM6A.mps
[2013/08/18 21:26:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2013/08/18 19:52:27 | 000,003,322 | ---- | C] () -- C:\Users\Zewolfe\Desktop\Windows Compatibility Report.htm
[2013/08/18 19:00:36 | 000,001,112 | ---- | C] () -- C:\Users\Zewolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\KeyFinder.lnk
[2013/08/18 08:20:07 | 000,157,601 | ---- | C] () -- C:\Users\Zewolfe\Desktop\Ley del Instituto Hondureño de la Niñez y la Familia IHNFA (actualizada-07).pdf
[2013/08/18 08:13:00 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2013/08/18 08:13:00 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2013/08/17 09:16:36 | 000,001,699 | ---- | C] () -- C:\Users\Zewolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\7zip.lnk
[2013/08/17 08:36:25 | 000,758,480 | ---- | C] () -- C:\Users\Zewolfe\Desktop\freecorder8-setup.exe
[2013/08/16 12:24:18 | 171,796,163 | ---- | C] () -- C:\Users\Zewolfe\Desktop\David_interview_at_JS.webm
[2013/08/14 20:26:26 | 000,016,252 | ---- | C] () -- C:\Users\Zewolfe\Desktop\Eddy Barillas.html
[2013/08/14 13:05:46 | 006,595,081 | ---- | C] () -- C:\Users\Zewolfe\Desktop\RMPrepUSB_Portable_v2.1.706.zip
[2013/08/14 12:54:13 | 004,278,747 | ---- | C] () -- C:\Users\Zewolfe\Desktop\usb110511.zip
[2013/08/12 21:36:59 | 000,000,114 | RH-- | C] () -- C:\Users\Zewolfe\Desktop\Stinger.opt
[2013/08/09 18:12:11 | 000,003,566 | ---- | C] () -- C:\Users\Zewolfe\Documents\serge-logins.kdbx
[2013/08/09 17:46:53 | 000,000,187 | ---- | C] () -- C:\Users\Zewolfe\Documents\serge-logins.key
[2013/08/09 12:25:24 | 000,001,095 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Baseline Security Analyzer 2.2.lnk
[2013/08/09 12:25:24 | 000,001,083 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Baseline Security Analyzer 2.2.lnk
[2013/08/08 14:01:05 | 000,001,040 | ---- | C] () -- C:\Users\Zewolfe\Desktop\_SecTools.lnk
[2013/08/08 08:39:19 | 000,002,048 | ---- | C] () -- C:\Uninstall.dat
[2013/08/08 05:53:38 | 000,001,206 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/08/08 05:53:38 | 000,001,194 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/08/07 09:45:20 | 000,001,165 | ---- | C] () -- C:\Users\Zewolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/08/06 20:07:00 | 000,001,563 | ---- | C] () -- C:\Users\Zewolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\Vbx.lnk
[2013/08/04 20:41:26 | 000,001,073 | ---- | C] () -- C:\Users\Zewolfe\Application Data\Microsoft\Internet Explorer\Quick Launch\My Program.lnk
[2013/08/03 11:27:41 | 000,012,292 | -H-- | C] () -- C:\Users\Zewolfe\.DS_Store
[2013/08/03 09:21:09 | 000,000,016 | ---- | C] () -- C:\Users\Zewolfe\photorec.sig
[2013/08/01 19:04:48 | 003,660,188 | ---- | C] () -- C:\Users\Zewolfe\Documents\_JVC Camcorder Manual_.PDF
[2013/07/09 12:51:56 | 000,000,266 | ---- | C] () -- C:\Users\Zewolfe\.bash_history
[2013/07/09 12:39:24 | 000,000,062 | ---- | C] () -- C:\Users\Zewolfe\.gitconfig
[2013/06/26 17:04:18 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2013/02/28 19:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2013/02/10 18:49:32 | 000,000,036 | ---- | C] () -- C:\Users\Zewolfe\.gtk-bookmarks
[2013/02/01 23:44:28 | 000,237,568 | R--- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2013/02/01 23:44:28 | 000,000,000 | ---- | C] () -- C:\Windows\Graffiti5.4.ini
[2013/02/01 16:24:24 | 000,000,046 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_urlsnooper_InstallInfo.dat
[2013/01/03 21:52:28 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2013/01/03 21:52:28 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012/12/14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/12/14 02:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/12/14 02:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012/12/13 17:29:22 | 000,000,467 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012/10/22 13:09:54 | 000,000,180 | ---- | C] () -- C:\Windows\lightworks.ini
[2012/09/12 20:35:04 | 000,975,872 | ---- | C] () -- C:\Windows\SysWow64\libxml2_CW.dll
[2012/09/12 20:35:04 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\libexpat.dll
[2012/09/12 20:35:03 | 002,916,352 | ---- | C] () -- C:\Windows\SysWow64\wxmsw28u_core_vc_CW.dll
[2012/09/12 20:35:03 | 001,236,992 | ---- | C] () -- C:\Windows\SysWow64\wxbase28u_vc_CW.dll
[2012/09/12 20:35:03 | 001,216,512 | ---- | C] () -- C:\Windows\SysWow64\wxcode_msw28u_wxcurl_CW.dll
[2012/09/12 20:35:03 | 000,716,800 | ---- | C] () -- C:\Windows\SysWow64\wxmsw28u_adv_vc_CW.dll
[2012/09/12 20:35:03 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\wxmsw28u_xrc_vc_CW.dll
[2012/09/12 20:35:03 | 000,499,712 | ---- | C] () -- C:\Windows\SysWow64\wxmsw28u_html_vc_CW.dll
[2012/09/12 20:35:03 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\wxbase28u_xml_vc_CW.dll
[2012/09/12 20:35:03 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\wxbase28u_net_vc_CW.dll
[2012/09/12 20:35:03 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\wxmsw28u_media_vc_CW.dll
[2012/09/12 20:35:03 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\wxcode_msw28u_wxjson_CW.dll
[2012/06/25 10:33:36 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012/06/25 10:33:35 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012/01/10 19:39:16 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 21:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 21:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/08/18 22:06:49 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\.phlipple
[2013/08/18 22:06:50 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\Arnaud_Dovi
[2013/08/18 22:06:50 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\Audacity
[2013/08/18 22:06:50 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\avidemux
[2013/08/18 22:06:50 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\BitComet
[2013/08/18 22:06:50 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\Canon
[2013/08/18 22:06:50 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\Disruptive Innovations SARL
[2013/08/18 22:06:51 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\Duplicati
[2013/08/18 22:06:51 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\Emerge Desktop
[2013/08/18 22:06:51 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\HandBrake
[2013/08/18 22:06:51 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\ImgBurn
[2013/08/18 22:06:51 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\IrfanView
[2013/08/18 22:06:51 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\JAM Software
[2013/08/18 22:06:51 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\KompoZer
[2013/08/18 22:06:52 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\LockHunter
[2013/08/19 11:24:00 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\Notepad++
[2013/08/18 22:07:00 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\PCDr
[2013/08/18 22:07:01 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\PeaZip
[2013/08/18 22:07:01 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\proDAD
[2013/08/18 22:07:01 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\Rafal
[2013/08/18 22:07:02 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\Softland
[2013/08/18 22:07:02 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\Sony
[2013/08/18 22:07:03 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\stayfocused2
[2013/08/18 22:09:15 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\Thunderbird
[2013/06/29 12:29:11 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\TightVNC
[2013/08/18 22:09:15 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\Titler
[2013/08/18 22:09:15 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\Ulead Systems
[2013/08/18 22:09:20 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\VidCoder
[2013/08/18 22:09:22 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\XnConvert
[2013/08/18 22:09:22 | 000,000,000 | ---D | M] -- C:\Users\Zewolfe\AppData\Roaming\xVideoServiceThief

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 60 bytes -> C:\Users\Zewolfe\.DS_Store:AFP_AfpInfo

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP