Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
More Win 7 Defender Infection
Message
<blockquote data-quote="ArizEagle" data-source="post: 93803" data-attributes="member: 4153"><p>It said to complete I had to restart... I did not realizing the logs would be deleted. I restarted and scanned. Here's the OTL Txt File: </p><p>Did I goof up again? I hope not...</p><p></p><p>OTL logfile created on: 1/4/2013 10:08:48 AM - Run 2</p><p>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Eagle AMDG\Downloads</p><p>64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation</p><p>Internet Explorer (Version = 9.0.8112.16421)</p><p>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</p><p> </p><p>5.88 Gb Total Physical Memory | 3.85 Gb Available Physical Memory | 65.54% Memory free</p><p>11.76 Gb Paging File | 9.60 Gb Available in Paging File | 81.59% Paging File free</p><p>Paging file location(s): ?:\pagefile.sys [binary data]</p><p> </p><p>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)</p><p>Drive C: | 911.66 Gb Total Space | 860.14 Gb Free Space | 94.35% Space Free | Partition Type: NTFS</p><p> </p><p>Computer Name: EAGLEAMDG-PC | User Name: Eagle AMDG | Logged in as Administrator.</p><p>Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans</p><p>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</p><p> </p><p><span style="color: #E56717">========== Processes (SafeList) ==========</span></p><p> </p><p>PRC - File not found</p><p>PRC - C:\Users\Eagle AMDG\Downloads\OTL (1).exe (OldTimer Tools)</p><p>PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)</p><p>PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)</p><p>PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)</p><p>PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)</p><p>PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.)</p><p>PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)</p><p>PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)</p><p>PRC - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Atheros)</p><p>PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)</p><p>PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()</p><p>PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)</p><p>PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)</p><p>PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)</p><p>PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)</p><p>PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)</p><p>PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)</p><p>PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)</p><p>PRC - C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe ()</p><p>PRC - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()</p><p>PRC - c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)</p><p>PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)</p><p>PRC - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()</p><p> </p><p> </p><p><span style="color: #E56717">========== Modules (No Company Name) ==========</span></p><p> </p><p>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\0cb48ee4524d818a38028e44d6ba2968\System.WorkflowServices.ni.dll ()</p><p>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\30f9318fcf980a0ac504421c663d24e5\System.ServiceModel.Web.ni.dll ()</p><p>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\526e535175775d4c3880f59d6a1463b7\System.Xml.Linq.ni.dll ()</p><p>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll ()</p><p>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\40267c1bec60c4b94be794a65a4a8a49\System.IdentityModel.ni.dll ()</p><p>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\fecb0ca59057e9d190318551d40feb22\System.Runtime.Serialization.ni.dll ()</p><p>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\3d3f043f645c0afeee0f7ed04c5e26e7\SMDiagnostics.ni.dll ()</p><p>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8cdf7f9bde2b780692428f439f0f5a08\System.ServiceModel.ni.dll ()</p><p>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4a443c775f768ede71bde8e10f50ec0b\IAStorUtil.ni.dll ()</p><p>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e88f87e9200afb5ede994c89c92e22b8\IAStorCommon.ni.dll ()</p><p>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll ()</p><p>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll ()</p><p>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()</p><p>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll ()</p><p>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()</p><p>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()</p><p>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll ()</p><p>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()</p><p>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()</p><p>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()</p><p>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()</p><p>MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()</p><p>MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()</p><p>MOD - C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe ()</p><p>MOD - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()</p><p>MOD - C:\Program Files (x86)\Dell\Stage Remote\DataService.dll ()</p><p>MOD - C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll ()</p><p>MOD - C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll ()</p><p>MOD - C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll ()</p><p>MOD - C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll ()</p><p>MOD - C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll ()</p><p>MOD - C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll ()</p><p>MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll ()</p><p>MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll ()</p><p>MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll ()</p><p>MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll ()</p><p>MOD - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()</p><p> </p><p> </p><p><span style="color: #E56717">========== Services (SafeList) ==========</span></p><p> </p><p>SRV:<strong>64bit:</strong> - (McODS) -- C:\Program Files\mcafee\virusscan\mcods.exe (McAfee, Inc.)</p><p>SRV:<strong>64bit:</strong> - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)</p><p>SRV:<strong>64bit:</strong> - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()</p><p>SRV:<strong>64bit:</strong> - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()</p><p>SRV:<strong>64bit:</strong> - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)</p><p>SRV:<strong>64bit:</strong> - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)</p><p>SRV:<strong>64bit:</strong> - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)</p><p>SRV:<strong>64bit:</strong> - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)</p><p>SRV:<strong>64bit:</strong> - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)</p><p>SRV:<strong>64bit:</strong> - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)</p><p>SRV:<strong>64bit:</strong> - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)</p><p>SRV:<strong>64bit:</strong> - (Intel(R) -- c:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)</p><p>SRV:<strong>64bit:</strong> - (McAWFwk) -- c:\Program Files\mcafee\msc\McAWFwk.exe (McAfee, Inc.)</p><p>SRV:<strong>64bit:</strong> - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)</p><p>SRV:<strong>64bit:</strong> - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)</p><p>SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)</p><p>SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)</p><p>SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)</p><p>SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)</p><p>SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)</p><p>SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)</p><p>SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.)</p><p>SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)</p><p>SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)</p><p>SRV - (ZAtheros Wlan Agent) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Atheros)</p><p>SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)</p><p>SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)</p><p>SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)</p><p>SRV - (DellDigitalDelivery) -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)</p><p>SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)</p><p>SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)</p><p>SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)</p><p>SRV - (AdobeActiveFileMonitor9.0) -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)</p><p>SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)</p><p>SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)</p><p>SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)</p><p>SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)</p><p> </p><p> </p><p><span style="color: #E56717">========== Driver Services (SafeList) ==========</span></p><p> </p><p>DRV:<strong>64bit:</strong> - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)</p><p>DRV:<strong>64bit:</strong> - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)</p><p>DRV:<strong>64bit:</strong> - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)</p><p>DRV:<strong>64bit:</strong> - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)</p><p>DRV:<strong>64bit:</strong> - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)</p><p>DRV:<strong>64bit:</strong> - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)</p><p>DRV:<strong>64bit:</strong> - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)</p><p>DRV:<strong>64bit:</strong> - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)</p><p>DRV:<strong>64bit:</strong> - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)</p><p>DRV:<strong>64bit:</strong> - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)</p><p>DRV:<strong>64bit:</strong> - (HipShieldK) -- C:\Windows\SysNative\drivers\HipShieldK.sys (McAfee, Inc.)</p><p>DRV:<strong>64bit:</strong> - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)</p><p>DRV:<strong>64bit:</strong> - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)</p><p>DRV:<strong>64bit:</strong> - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)</p><p>DRV:<strong>64bit:</strong> - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )</p><p>DRV:<strong>64bit:</strong> - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)</p><p>DRV:<strong>64bit:</strong> - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)</p><p>DRV:<strong>64bit:</strong> - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)</p><p>DRV:<strong>64bit:</strong> - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)</p><p>DRV:<strong>64bit:</strong> - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)</p><p>DRV:<strong>64bit:</strong> - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)</p><p>DRV:<strong>64bit:</strong> - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)</p><p>DRV:<strong>64bit:</strong> - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)</p><p>DRV:<strong>64bit:</strong> - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)</p><p>DRV:<strong>64bit:</strong> - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)</p><p>DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)</p><p> </p><p> </p><p><span style="color: #E56717">========== Standard Registry (SafeList) ==========</span></p><p> </p><p> </p><p><span style="color: #E56717">========== Internet Explorer ==========</span></p><p> </p><p>IE:<strong>64bit:</strong> - HKLM\..\SearchScopes,DefaultScope = {5989B38D-2131-4DB9-AA04-3ED82D99B3A3}</p><p>IE:<strong>64bit:</strong> - HKLM\..\SearchScopes\{5989B38D-2131-4DB9-AA04-3ED82D99B3A3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm</p><p>IE - HKLM\..\SearchScopes,DefaultScope = {5989B38D-2131-4DB9-AA04-3ED82D99B3A3}</p><p>IE - HKLM\..\SearchScopes\{5989B38D-2131-4DB9-AA04-3ED82D99B3A3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox</p><p> </p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1</p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=mtmh10102012</p><p>IE - HKCU\..\SearchScopes,DefaultScope = {5989B38D-2131-4DB9-AA04-3ED82D99B3A3}</p><p>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p> </p><p><span style="color: #E56717">========== FireFox ==========</span></p><p> </p><p>FF:<strong>64bit:</strong> - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()</p><p>FF:<strong>64bit:</strong> - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found</p><p>FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found</p><p>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p> </p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/12/14 15:17:58 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012/10/27 10:28:42 | 000,000,000 | ---D | M]</p><p> </p><p> </p><p><span style="color: #E56717">========== Chrome ==========</span></p><p> </p><p>CHR - homepage: http://www.google.com/</p><p>CHR - default_search_provider: Google (Enabled)</p><p>CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite117" alt=":eek:" title="Eek! :eek:" loading="lazy" data-shortname=":eek:" />riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}</p><p>CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}</p><p>CHR - homepage: http://www.google.com/</p><p>CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll</p><p>CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer</p><p>CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll</p><p>CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll</p><p>CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll</p><p>CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL</p><p>CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll</p><p>CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll</p><p>CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll</p><p>CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll</p><p>CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll</p><p>CHR - Extension: YouTube = C:\Users\Eagle AMDG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\</p><p>CHR - Extension: Google Search = C:\Users\Eagle AMDG\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\</p><p>CHR - Extension: Gmail = C:\Users\Eagle AMDG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\</p><p> </p><p>O1 HOSTS File: ([2012/12/29 11:03:08 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts</p><p>O1 - Hosts: 127.0.0.1 localhost</p><p>O1 - Hosts: ::1 localhost</p><p>O2:<strong>64bit:</strong> - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20121011100922.dll (McAfee, Inc.)</p><p>O2:<strong>64bit:</strong> - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)</p><p>O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20121011100922.dll (McAfee, Inc.)</p><p>O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)</p><p>O3:<strong>64bit:</strong> - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)</p><p>O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()</p><p>O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()</p><p>O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)</p><p>O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)</p><p>O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)</p><p>O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)</p><p>O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)</p><p>O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()</p><p>O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3</p><p>O13<strong>64bit:</strong> - gopher Prefix: missing</p><p>O13 - gopher Prefix: missing</p><p>O16:<strong>64bit:</strong> - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{978EA2B4-9D05-40C7-B460-6E329CF28234}: DhcpNameServer = 75.75.75.75 75.75.76.76</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\cozi - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\livecall - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\ms-itss - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\msnim - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\skype4com - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\wlmailhtml - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\wlpg - No CLSID value found</p><p>O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)</p><p>O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)</p><p>O18:<strong>64bit:</strong> - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)</p><p>O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)</p><p>O20:<strong>64bit:</strong> - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)</p><p>O20:<strong>64bit:</strong> - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)</p><p>O20:<strong>64bit:</strong> - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)</p><p>O21:<strong>64bit:</strong> - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.</p><p>O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.</p><p>O32 - HKLM CDRom: AutoRun - 1</p><p>O34 - HKLM BootExecute: (autocheck autochk *)</p><p>O35:<strong>64bit:</strong> - HKLM\..comfile [open] -- "%1" %*</p><p>O35:<strong>64bit:</strong> - HKLM\..exefile [open] -- "%1" %*</p><p>O35 - HKLM\..comfile [open] -- "%1" %*</p><p>O35 - HKLM\..exefile [open] -- "%1" %*</p><p>O37:<strong>64bit:</strong> - HKLM\...com [@ = comfile] -- "%1" %*</p><p>O37:<strong>64bit:</strong> - HKLM\...exe [@ = exefile] -- "%1" %*</p><p>O37 - HKLM\...com [@ = comfile] -- "%1" %*</p><p>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</p><p>O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)</p><p> </p><p><span style="color: #E56717">========== Files/Folders - Created Within 30 Days ==========</span></p><p> </p><p>[2013/01/04 10:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee</p><p>[2013/01/04 10:03:52 | 000,000,000 | ---D | C] -- C:\_OTL</p><p>[2013/01/03 20:30:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET</p><p>[2012/12/29 13:31:56 | 000,000,000 | ---D | C] -- C:\Users\Eagle AMDG\Desktop\RK_Quarantine</p><p>[2012/12/29 11:28:58 | 000,000,000 | ---D | C] -- C:\Users\Eagle AMDG\AppData\Roaming\Malwarebytes</p><p>[2012/12/29 11:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware</p><p>[2012/12/29 11:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes</p><p>[2012/12/29 11:28:48 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys</p><p>[2012/12/29 11:28:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware</p><p>[2012/12/29 11:28:32 | 000,000,000 | ---D | C] -- C:\Users\Eagle AMDG\AppData\Local\Programs</p><p>[2012/12/22 03:01:00 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll</p><p>[2012/12/22 03:01:00 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll</p><p>[2012/12/22 03:01:00 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll</p><p>[2012/12/22 03:00:59 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll</p><p>[2012/12/12 03:00:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll</p><p>[2012/12/12 03:00:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll</p><p>[2012/12/12 03:00:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll</p><p>[2012/12/12 03:00:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl</p><p>[2012/12/12 03:00:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll</p><p>[2012/12/12 03:00:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll</p><p>[2012/12/12 03:00:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll</p><p>[2012/12/12 03:00:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe</p><p>[2012/12/12 03:00:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe</p><p>[2012/12/12 03:00:54 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll</p><p>[2012/12/12 03:00:54 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl</p><p>[2012/12/12 03:00:54 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll</p><p>[2012/12/12 03:00:52 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll</p><p>[2012/12/12 03:00:52 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll</p><p>[2012/12/12 03:00:52 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll</p><p>[2012/12/11 19:53:26 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll</p><p>[2012/12/11 19:53:26 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll</p><p>[2012/12/11 19:53:26 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe</p><p>[2012/12/11 19:53:26 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll</p><p>[2012/12/11 19:53:24 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll</p><p>[2012/12/11 19:53:24 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll</p><p>[2012/12/11 19:53:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe</p><p>[2012/12/11 19:53:24 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll</p><p>[2012/12/11 19:53:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll</p><p>[2012/12/11 19:53:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll</p><p>[2012/12/11 19:53:24 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe</p><p>[2012/12/11 19:53:24 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll</p><p>[2012/12/11 19:53:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll</p><p>[2012/12/11 19:53:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll</p><p>[2012/12/11 19:53:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll</p><p>[2012/12/11 19:53:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll</p><p>[2012/12/11 19:53:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll</p><p>[2012/12/11 19:53:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll</p><p>[2012/12/11 19:53:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll</p><p>[2012/12/11 19:53:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll</p><p>[2012/12/11 19:53:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll</p><p>[2012/12/11 19:53:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll</p><p>[2012/12/11 19:53:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll</p><p>[2012/12/11 19:53:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll</p><p>[2012/12/11 19:53:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll</p><p>[2012/12/11 19:53:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll</p><p>[2012/12/11 19:53:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll</p><p>[2012/12/11 19:53:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll</p><p>[2012/12/11 19:53:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll</p><p>[2012/12/11 19:53:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll</p><p>[2012/12/11 19:53:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll</p><p>[2012/12/11 19:53:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll</p><p>[2012/12/11 19:53:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll</p><p>[2012/12/11 19:53:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll</p><p>[2012/12/11 19:53:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll</p><p>[2012/12/11 19:53:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll</p><p>[2012/12/11 19:53:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll</p><p>[2012/12/11 19:53:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll</p><p>[2012/12/11 19:53:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll</p><p>[2012/12/11 19:53:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll</p><p>[2012/12/11 19:53:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll</p><p>[2012/12/11 19:53:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll</p><p>[2012/12/11 19:53:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll</p><p>[2012/12/11 19:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll</p><p>[2012/12/11 19:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll</p><p>[2012/12/11 19:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll</p><p>[2012/12/11 19:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll</p><p>[2012/12/11 19:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll</p><p>[2012/12/11 19:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll</p><p>[2012/12/11 19:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll</p><p>[2012/12/11 19:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll</p><p>[2012/12/11 19:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll</p><p>[2012/12/11 19:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll</p><p>[2012/12/11 19:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll</p><p>[2012/12/11 19:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll</p><p>[2012/12/11 19:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll</p><p>[2012/12/11 19:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll</p><p>[2012/12/11 19:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll</p><p>[2012/12/11 19:53:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll</p><p>[2012/12/11 19:53:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll</p><p>[2012/12/11 19:53:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll</p><p>[2012/12/11 19:53:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll</p><p>[2012/12/11 19:53:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll</p><p>[2012/12/11 19:53:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll</p><p>[2012/12/11 19:53:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll</p><p>[2012/12/11 19:53:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll</p><p>[2012/12/11 19:53:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll</p><p>[2012/12/11 19:53:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll</p><p>[2012/12/11 19:53:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe</p><p>[2012/12/11 19:52:25 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll</p><p>[2012/12/11 19:52:25 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll</p><p>[2 C:\Users\Eagle AMDG\Documents\*.tmp files -> C:\Users\Eagle AMDG\Documents\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files - Modified Within 30 Days ==========</span></p><p> </p><p>[2013/01/04 10:11:51 | 000,779,788 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI</p><p>[2013/01/04 10:11:51 | 000,660,520 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat</p><p>[2013/01/04 10:11:51 | 000,121,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat</p><p>[2013/01/04 10:11:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job</p><p>[2013/01/04 10:07:07 | 000,000,162 | -H-- | M] () -- C:\Users\Eagle AMDG\Documents\~$ck of Cards.odt</p><p>[2013/01/04 10:05:13 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job</p><p>[2013/01/04 10:05:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat</p><p>[2013/01/04 10:05:04 | 441,049,087 | -HS- | M] () -- C:\hiberfil.sys</p><p>[2013/01/04 09:38:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job</p><p>[2013/01/02 23:31:31 | 000,121,020 | ---- | M] () -- C:\Users\Eagle AMDG\Documents\Deck of Cards.odt</p><p>[2013/01/02 01:56:07 | 000,025,381 | ---- | M] () -- C:\Users\Eagle AMDG\Documents\Homes - Sacramento 95826 - 2012.ods</p><p>[2013/01/02 01:34:37 | 000,031,174 | ---- | M] () -- C:\Users\Eagle AMDG\Documents\Homes - Carmichael - 2012.ods</p><p>[2012/12/30 22:42:59 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>[2012/12/30 22:42:59 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>[2012/12/30 01:22:21 | 000,000,142 | ---- | M] () -- C:\Users\Eagle AMDG\Desktop\RogueKiller Download.url</p><p>[2012/12/29 11:28:53 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>[2012/12/29 11:03:08 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts</p><p>[2012/12/25 00:46:46 | 000,000,000 | ---- | M] () -- C:\Users\Eagle AMDG\AppData\Roaming\SharedSettings.ccs</p><p>[2012/12/22 03:18:10 | 000,281,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT</p><p>[2012/12/19 11:38:02 | 000,026,989 | ---- | M] () -- C:\Users\Eagle AMDG\Documents\Homes - Sacramento 95827 - 2012.ods</p><p>[2012/12/16 09:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll</p><p>[2012/12/16 06:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll</p><p>[2012/12/16 06:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll</p><p>[2012/12/16 06:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll</p><p>[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys</p><p>[2012/12/12 13:39:09 | 000,002,380 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk</p><p>[2012/12/12 09:11:35 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe</p><p>[2012/12/12 09:11:35 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl</p><p>[2012/12/11 20:05:58 | 000,041,043 | ---- | M] () -- C:\Users\Eagle AMDG\Documents\Homes - Citrus Heights 95621 - 2012.ods</p><p>[2012/12/10 16:25:06 | 000,058,804 | ---- | M] () -- C:\Users\Eagle AMDG\Documents\Homes - Rancho - 2012.ods</p><p>[2 C:\Users\Eagle AMDG\Documents\*.tmp files -> C:\Users\Eagle AMDG\Documents\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files Created - No Company Name ==========</span></p><p> </p><p>[2013/01/04 10:07:07 | 000,000,162 | -H-- | C] () -- C:\Users\Eagle AMDG\Documents\~$ck of Cards.odt</p><p>[2012/12/30 01:22:21 | 000,000,142 | ---- | C] () -- C:\Users\Eagle AMDG\Desktop\RogueKiller Download.url</p><p>[2012/12/29 11:28:53 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>[2012/12/25 00:46:46 | 000,000,000 | ---- | C] () -- C:\Users\Eagle AMDG\AppData\Roaming\SharedSettings.ccs</p><p>[2012/06/01 09:54:15 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin</p><p>[2012/06/01 09:54:12 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin</p><p>[2012/06/01 09:54:07 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll</p><p>[2012/06/01 09:54:05 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin</p><p>[2012/06/01 09:54:02 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll</p><p>[2011/12/08 13:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll</p><p>[2011/02/10 08:10:51 | 000,773,448 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI</p><p> </p><p><span style="color: #E56717">========== ZeroAccess Check ==========</span></p><p> </p><p>[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64</p><p>"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Apartment</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p>"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Apartment</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64</p><p>"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Free</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]</p><p>"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Free</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64</p><p>"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Both</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]</p><p></p><p>< End of report ></p></blockquote><p></p>
[QUOTE="ArizEagle, post: 93803, member: 4153"] It said to complete I had to restart... I did not realizing the logs would be deleted. I restarted and scanned. Here's the OTL Txt File: Did I goof up again? I hope not... OTL logfile created on: 1/4/2013 10:08:48 AM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Eagle AMDG\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.88 Gb Total Physical Memory | 3.85 Gb Available Physical Memory | 65.54% Memory free 11.76 Gb Paging File | 9.60 Gb Available in Paging File | 81.59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 911.66 Gb Total Space | 860.14 Gb Free Space | 94.35% Space Free | Partition Type: NTFS Computer Name: EAGLEAMDG-PC | User Name: Eagle AMDG | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - File not found PRC - C:\Users\Eagle AMDG\Downloads\OTL (1).exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.) PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS) PRC - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Atheros) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe () PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe () PRC - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe () PRC - c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE () [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\0cb48ee4524d818a38028e44d6ba2968\System.WorkflowServices.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\30f9318fcf980a0ac504421c663d24e5\System.ServiceModel.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\526e535175775d4c3880f59d6a1463b7\System.Xml.Linq.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\40267c1bec60c4b94be794a65a4a8a49\System.IdentityModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\fecb0ca59057e9d190318551d40feb22\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\3d3f043f645c0afeee0f7ed04c5e26e7\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8cdf7f9bde2b780692428f439f0f5a08\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4a443c775f768ede71bde8e10f50ec0b\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e88f87e9200afb5ede994c89c92e22b8\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe () MOD - C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe () MOD - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe () MOD - C:\Program Files (x86)\Dell\Stage Remote\DataService.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll () MOD - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE () [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - (McODS) -- C:\Program Files\mcafee\virusscan\mcods.exe (McAfee, Inc.) SRV:[b]64bit:[/b] - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.) SRV:[b]64bit:[/b] - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV:[b]64bit:[/b] - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV:[b]64bit:[/b] - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:[b]64bit:[/b] - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:[b]64bit:[/b] - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:[b]64bit:[/b] - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:[b]64bit:[/b] - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:[b]64bit:[/b] - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:[b]64bit:[/b] - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:[b]64bit:[/b] - (Intel(R) -- c:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV:[b]64bit:[/b] - (McAWFwk) -- c:\Program Files\mcafee\msc\McAWFwk.exe (McAfee, Inc.) SRV:[b]64bit:[/b] - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS) SRV - (ZAtheros Wlan Agent) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Atheros) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (DellDigitalDelivery) -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (AdobeActiveFileMonitor9.0) -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:[b]64bit:[/b] - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.) DRV:[b]64bit:[/b] - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:[b]64bit:[/b] - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.) DRV:[b]64bit:[/b] - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:[b]64bit:[/b] - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) DRV:[b]64bit:[/b] - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:[b]64bit:[/b] - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.) DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (HipShieldK) -- C:\Windows\SysNative\drivers\HipShieldK.sys (McAfee, Inc.) DRV:[b]64bit:[/b] - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:[b]64bit:[/b] - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:[b]64bit:[/b] - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:[b]64bit:[/b] - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:[b]64bit:[/b] - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:[b]64bit:[/b] - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:[b]64bit:[/b] - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:[b]64bit:[/b] - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:[b]64bit:[/b] - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:[b]64bit:[/b] - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:[b]64bit:[/b] - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:[b]64bit:[/b] - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:[b]64bit:[/b] - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {5989B38D-2131-4DB9-AA04-3ED82D99B3A3} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{5989B38D-2131-4DB9-AA04-3ED82D99B3A3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {5989B38D-2131-4DB9-AA04-3ED82D99B3A3} IE - HKLM\..\SearchScopes\{5989B38D-2131-4DB9-AA04-3ED82D99B3A3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=mtmh10102012 IE - HKCU\..\SearchScopes,DefaultScope = {5989B38D-2131-4DB9-AA04-3ED82D99B3A3} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/12/14 15:17:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012/10/27 10:28:42 | 000,000,000 | ---D | M] [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll CHR - Extension: YouTube = C:\Users\Eagle AMDG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google Search = C:\Users\Eagle AMDG\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Gmail = C:\Users\Eagle AMDG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2012/12/29 11:03:08 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:[b]64bit:[/b] - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20121011100922.dll (McAfee, Inc.) O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20121011100922.dll (McAfee, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe () O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe () O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16:[b]64bit:[/b] - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{978EA2B4-9D05-40C7-B460-6E329CF28234}: DhcpNameServer = 75.75.75.75 75.75.76.76 O18:[b]64bit:[/b] - Protocol\Handler\cozi - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-itss - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:[b]64bit:[/b] - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/01/04 10:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013/01/04 10:03:52 | 000,000,000 | ---D | C] -- C:\_OTL [2013/01/03 20:30:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/12/29 13:31:56 | 000,000,000 | ---D | C] -- C:\Users\Eagle AMDG\Desktop\RK_Quarantine [2012/12/29 11:28:58 | 000,000,000 | ---D | C] -- C:\Users\Eagle AMDG\AppData\Roaming\Malwarebytes [2012/12/29 11:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/12/29 11:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/12/29 11:28:48 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/12/29 11:28:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/12/29 11:28:32 | 000,000,000 | ---D | C] -- C:\Users\Eagle AMDG\AppData\Local\Programs [2012/12/22 03:01:00 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012/12/22 03:01:00 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012/12/22 03:01:00 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012/12/22 03:00:59 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012/12/12 03:00:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/12/12 03:00:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/12/12 03:00:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/12/12 03:00:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/12/12 03:00:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/12/12 03:00:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/12/12 03:00:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/12/12 03:00:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/12/12 03:00:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/12/12 03:00:54 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/12/12 03:00:54 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/12/12 03:00:54 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/12/12 03:00:52 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/12/12 03:00:52 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/12/12 03:00:52 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/12/11 19:53:26 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012/12/11 19:53:26 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012/12/11 19:53:26 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012/12/11 19:53:26 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012/12/11 19:53:24 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012/12/11 19:53:24 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012/12/11 19:53:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012/12/11 19:53:24 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012/12/11 19:53:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012/12/11 19:53:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012/12/11 19:53:24 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012/12/11 19:53:24 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012/12/11 19:53:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012/12/11 19:53:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012/12/11 19:53:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012/12/11 19:53:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012/12/11 19:53:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012/12/11 19:53:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012/12/11 19:53:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012/12/11 19:53:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012/12/11 19:53:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012/12/11 19:53:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012/12/11 19:53:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012/12/11 19:53:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012/12/11 19:53:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/12/11 19:53:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012/12/11 19:53:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012/12/11 19:53:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/12/11 19:53:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012/12/11 19:53:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012/12/11 19:53:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012/12/11 19:53:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012/12/11 19:53:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012/12/11 19:53:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012/12/11 19:53:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012/12/11 19:53:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012/12/11 19:53:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012/12/11 19:53:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012/12/11 19:53:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012/12/11 19:53:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012/12/11 19:53:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012/12/11 19:53:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012/12/11 19:53:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012/12/11 19:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012/12/11 19:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012/12/11 19:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012/12/11 19:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012/12/11 19:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012/12/11 19:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012/12/11 19:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012/12/11 19:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012/12/11 19:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012/12/11 19:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012/12/11 19:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012/12/11 19:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012/12/11 19:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012/12/11 19:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012/12/11 19:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012/12/11 19:53:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012/12/11 19:53:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012/12/11 19:53:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012/12/11 19:53:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012/12/11 19:53:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012/12/11 19:53:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012/12/11 19:53:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012/12/11 19:53:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012/12/11 19:53:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012/12/11 19:53:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012/12/11 19:53:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012/12/11 19:52:25 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012/12/11 19:52:25 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2 C:\Users\Eagle AMDG\Documents\*.tmp files -> C:\Users\Eagle AMDG\Documents\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/01/04 10:11:51 | 000,779,788 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/01/04 10:11:51 | 000,660,520 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/01/04 10:11:51 | 000,121,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/01/04 10:11:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/01/04 10:07:07 | 000,000,162 | -H-- | M] () -- C:\Users\Eagle AMDG\Documents\~$ck of Cards.odt [2013/01/04 10:05:13 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/01/04 10:05:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/01/04 10:05:04 | 441,049,087 | -HS- | M] () -- C:\hiberfil.sys [2013/01/04 09:38:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/01/02 23:31:31 | 000,121,020 | ---- | M] () -- C:\Users\Eagle AMDG\Documents\Deck of Cards.odt [2013/01/02 01:56:07 | 000,025,381 | ---- | M] () -- C:\Users\Eagle AMDG\Documents\Homes - Sacramento 95826 - 2012.ods [2013/01/02 01:34:37 | 000,031,174 | ---- | M] () -- C:\Users\Eagle AMDG\Documents\Homes - Carmichael - 2012.ods [2012/12/30 22:42:59 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/30 22:42:59 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/30 01:22:21 | 000,000,142 | ---- | M] () -- C:\Users\Eagle AMDG\Desktop\RogueKiller Download.url [2012/12/29 11:28:53 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/12/29 11:03:08 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2012/12/25 00:46:46 | 000,000,000 | ---- | M] () -- C:\Users\Eagle AMDG\AppData\Roaming\SharedSettings.ccs [2012/12/22 03:18:10 | 000,281,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/12/19 11:38:02 | 000,026,989 | ---- | M] () -- C:\Users\Eagle AMDG\Documents\Homes - Sacramento 95827 - 2012.ods [2012/12/16 09:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012/12/16 06:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012/12/16 06:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012/12/16 06:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/12/12 13:39:09 | 000,002,380 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/12/12 09:11:35 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/12/12 09:11:35 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/12/11 20:05:58 | 000,041,043 | ---- | M] () -- C:\Users\Eagle AMDG\Documents\Homes - Citrus Heights 95621 - 2012.ods [2012/12/10 16:25:06 | 000,058,804 | ---- | M] () -- C:\Users\Eagle AMDG\Documents\Homes - Rancho - 2012.ods [2 C:\Users\Eagle AMDG\Documents\*.tmp files -> C:\Users\Eagle AMDG\Documents\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/01/04 10:07:07 | 000,000,162 | -H-- | C] () -- C:\Users\Eagle AMDG\Documents\~$ck of Cards.odt [2012/12/30 01:22:21 | 000,000,142 | ---- | C] () -- C:\Users\Eagle AMDG\Desktop\RogueKiller Download.url [2012/12/29 11:28:53 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/12/25 00:46:46 | 000,000,000 | ---- | C] () -- C:\Users\Eagle AMDG\AppData\Roaming\SharedSettings.ccs [2012/06/01 09:54:15 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012/06/01 09:54:12 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012/06/01 09:54:07 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012/06/01 09:54:05 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012/06/01 09:54:02 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011/12/08 13:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011/02/10 08:10:51 | 000,773,448 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > [/QUOTE]
Insert quotes…
Verification
Post reply
Top
