ccfc1987

Honorary Members

View Profile See their activity

Posts
61
Joined
August 11, 2012
Last visited
February 27, 2014

Reputation

0 Neutral

Help! What has happened to my system? I cant even run DDS!

ccfc1987 replied to ccfc1987's topic in Resolved Malware Removal Logs

Had to run in Safe Mode again. After running the problem is still the same ran the disk check again upon startup as well which is rather annnoying :/ Log is below: ComboFix 14-02-24.02 - Conor 27/02/2014 17:15:04.24.2 - x64 NETWORK Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3692.2264 [GMT 0:00] Running from: c:\users\Conor\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2014-01-27 to 2014-02-27 ))))))))))))))))))))))))))))))) . . 2014-02-27 17:26 . 2014-02-27 17:26 -------- d-----w- c:\users\Public\AppData\Local\temp 2014-02-27 17:26 . 2014-02-27 17:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-02-27 15:51 . 2014-02-27 15:51 -------- d-----w- C:\found.005 2014-02-27 15:34 . 2014-02-27 16:06 -------- d-----w- C:\FRST 2014-02-27 13:22 . 2014-02-27 13:22 -------- d-----w- C:\found.004 2014-02-26 13:00 . 2014-02-26 13:00 -------- d-----w- C:\found.003 2014-02-26 08:26 . 2014-02-27 12:53 -------- d-----w- c:\windows\Migration 2014-02-26 08:21 . 2014-02-27 12:54 -------- d-----w- C:\7fcdf01e3cb87b5371c943805f224414 2014-02-25 20:02 . 2014-02-25 20:02 -------- d-----w- c:\program files (x86)\Common Files\Java 2014-02-25 20:01 . 2014-02-25 20:01 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-02-25 20:01 . 2014-02-25 20:01 -------- d-----w- c:\program files (x86)\Java 2014-02-25 13:00 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{73B12862-83DB-4711-8764-3EE7F9C82D95}\mpengine.dll 2014-02-15 23:46 . 2014-02-15 23:46 -------- d-----w- c:\program files\McAfee Security Scan 2014-02-14 03:04 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll 2014-02-14 03:04 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll 2014-02-14 03:02 . 2014-02-06 10:48 111616 ----a-w- c:\windows\system32\ieetwcollector.exe 2014-02-12 21:53 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll 2014-01-30 13:36 . 2014-01-30 13:35 80184 ----a-w- c:\windows\system32\drivers\aswStm.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-02-21 10:22 . 2012-08-19 21:03 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-02-21 10:22 . 2012-08-19 21:03 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-02-16 23:32 . 2012-08-01 22:05 88567024 ----a-w- c:\windows\system32\MRT.exe 2014-01-30 13:35 . 2013-04-20 10:23 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-01-30 13:35 . 2012-05-03 13:07 421704 ----a-w- c:\windows\system32\drivers\aswsp.sys 2014-01-30 13:35 . 2012-05-03 13:07 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2014-01-30 13:35 . 2012-05-03 13:07 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-01-30 13:35 . 2012-05-03 13:07 334136 ----a-w- c:\windows\system32\aswBoot.exe 2014-01-30 13:35 . 2012-05-03 13:06 43152 ----a-w- c:\windows\avastSS.scr 2014-01-22 20:37 . 2012-07-05 11:05 316312 ----a-w- c:\windows\system32\drivers\RapportKE64.sys 2013-12-18 06:13 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe 2013-12-05 03:05 . 2013-12-05 03:05 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-12-05 03:05 . 2013-12-05 03:05 194048 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-12-05 03:05 . 2013-12-05 03:05 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-12-05 03:05 . 2013-12-05 03:05 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll 2013-12-05 03:05 . 2013-12-05 03:05 235008 ----a-w- c:\windows\system32\elshyph.dll 2013-12-05 03:05 . 2013-12-05 03:05 182272 ----a-w- c:\windows\SysWow64\msls31.dll 2013-12-05 03:05 . 2013-12-05 03:05 62464 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-12-05 03:05 . 2013-12-05 03:05 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll 2013-12-05 03:05 . 2013-12-05 03:05 337408 ----a-w- c:\windows\SysWow64\html.iec 2013-12-05 03:05 . 2013-12-05 03:05 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-12-05 03:05 . 2013-12-05 03:05 151552 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-12-05 03:05 . 2013-12-05 03:05 139264 ----a-w- c:\windows\SysWow64\wextract.exe 2013-12-05 03:05 . 2013-12-05 03:05 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-12-05 03:05 . 2013-12-05 03:05 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll 2013-12-05 03:05 . 2013-12-05 03:05 36352 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-12-05 03:05 . 2013-12-05 03:05 13312 ----a-w- c:\windows\SysWow64\mshta.exe 2013-12-05 03:05 . 2013-12-05 03:05 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-12-05 03:05 . 2013-12-05 03:05 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-12-05 03:05 . 2013-12-05 03:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-12-05 03:05 . 2013-12-05 03:05 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-12-05 03:05 . 2013-12-05 03:05 942592 ----a-w- c:\windows\system32\jsIntl.dll 2013-12-05 03:05 . 2013-12-05 03:05 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-12-05 03:05 . 2013-12-05 03:05 247808 ----a-w- c:\windows\system32\msls31.dll 2013-12-05 03:05 . 2013-12-05 03:05 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-12-05 03:05 . 2013-12-05 03:05 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-12-05 03:05 . 2013-12-05 03:05 13312 ----a-w- c:\windows\system32\msfeedssync.exe 2013-12-05 03:05 . 2013-12-05 03:05 131072 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-12-05 03:05 . 2013-12-05 03:05 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-12-05 03:05 . 2013-12-05 03:05 616104 ----a-w- c:\windows\system32\ieapfltr.dat 2013-12-05 03:05 . 2013-12-05 03:05 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-12-05 03:05 . 2013-12-05 03:05 453120 ----a-w- c:\windows\system32\dxtmsft.dll 2013-12-05 03:05 . 2013-12-05 03:05 413696 ----a-w- c:\windows\system32\html.iec 2013-12-05 03:05 . 2013-12-05 03:05 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll 2013-12-05 03:05 . 2013-12-05 03:05 296960 ----a-w- c:\windows\system32\dxtrans.dll 2013-12-05 03:05 . 2013-12-05 03:05 105984 ----a-w- c:\windows\system32\iesysprep.dll 2013-12-05 03:05 . 2013-12-05 03:05 81408 ----a-w- c:\windows\system32\icardie.dll 2013-12-05 03:05 . 2013-12-05 03:05 30208 ----a-w- c:\windows\system32\licmgr10.dll 2013-12-05 03:05 . 2013-12-05 03:05 263376 ----a-w- c:\windows\system32\iedkcs32.dll 2013-12-05 03:05 . 2013-12-05 03:05 243200 ----a-w- c:\windows\system32\webcheck.dll 2013-12-05 03:05 . 2013-12-05 03:05 235520 ----a-w- c:\windows\system32\url.dll 2013-12-05 03:05 . 2013-12-05 03:05 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-12-05 03:04 . 2013-12-05 03:04 84992 ----a-w- c:\windows\system32\mshtmled.dll 2013-12-05 03:04 . 2013-12-05 03:04 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-12-05 03:04 . 2013-12-05 03:04 143872 ----a-w- c:\windows\system32\wextract.exe 2013-12-05 03:04 . 2013-12-05 03:04 101376 ----a-w- c:\windows\system32\inseng.dll 2013-12-05 03:04 . 2013-12-05 03:04 83968 ----a-w- c:\windows\system32\MshtmlDac.dll 2013-12-05 03:04 . 2013-12-05 03:04 774144 ----a-w- c:\windows\system32\jscript.dll 2013-12-05 03:04 . 2013-12-05 03:04 62464 ----a-w- c:\windows\system32\pngfilt.dll 2013-12-05 03:04 . 2013-12-05 03:04 48128 ----a-w- c:\windows\system32\imgutil.dll 2013-12-05 03:04 . 2013-12-05 03:04 147968 ----a-w- c:\windows\system32\occache.dll 2013-12-05 03:04 . 2013-12-05 03:04 13824 ----a-w- c:\windows\system32\mshta.exe 2013-12-05 03:04 . 2013-12-05 03:04 135680 ----a-w- c:\windows\system32\iepeers.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "tvncontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2014-01-20 2327248] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-30 3767096] "pnusbclitray"="pnusbclitray.exe" [2012-06-09 67480] "EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-01-15 2750840] "Conime"="c:\windows\system32\conime.exe" [bU] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-1-13 1138464] CodecPackUpdateChecker.lnk - c:\windows\SysWOW64\C2MP\UpdateChecker.exe [2013-9-1 48248] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-16 329944] Start GeekBuddy.lnk - c:\program files (x86)\Comodo\GeekBuddy\launcher.exe "unit_manager.exe" [2014-1-20 49360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R0 aswRvrt;avast! Revert; [x] R0 aswVmm;avast! VM Monitor; [x] R0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x] R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys;c:\windows\SYSNATIVE\DRIVERS\CFRMD.sys [x] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x] R1 RapportCerberus_59849;RapportCerberus_59849;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [x] R1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x] R1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x] R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x] R2 Cadence License Manager;Cadence License Manager;c:\cadence\LicenseManager\lmgrd.exe;c:\cadence\LicenseManager\lmgrd.exe [x] R2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [x] R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [x] R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [x] R2 lmgrd;Flexlm;c:\orcad\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe;c:\orcad\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe [x] R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x] R2 pnpnptool;Quest RDP PnP Driver;c:\windows\system32\Drivers\pnpnptool.sys;c:\windows\SYSNATIVE\Drivers\pnpnptool.sys [x] R2 pnusbvirtualhubwssrv;Quest USB Hub Client Service;c:\windows\system32\pnusbvirtualhubwssrv.exe;c:\windows\SYSNATIVE\pnusbvirtualhubwssrv.exe [x] R2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x] R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x] R2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x] R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 KUSBusByTCPMasterBus;KUSBusByTCPMasterBus;c:\windows\system32\Drivers\KUSBusByTCPMasterBus.sys;c:\windows\SYSNATIVE\Drivers\KUSBusByTCPMasterBus.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [x] R3 pnusbd;Quest RDP USB Driver;c:\windows\system32\Drivers\pnusbd.sys;c:\windows\SYSNATIVE\Drivers\pnusbd.sys [x] R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x] S0 aswKbd;aswKbd; [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\SPB_16.6] 2011-07-05 01:47 930 ----a-w- c:\cadence\SPB_16.6\tools\ConfigUtility\CreateShortcut.vbs [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] start [bU] . Contents of the 'Scheduled Tasks' folder . 2014-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-19 10:23] . 2014-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-19 14:24] . 2014-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-19 14:24] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2014-01-30 13:35 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448] "Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 9577680] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 10.192.192.1 TCP: Interfaces\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 208.67.222.123,208.67.220.123,10.192.192.1 TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}: NameServer = 208.67.222.123,208.67.220.123 TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}\751425E494E4741212120265942555350214C4542545121212: NameServer = 208.67.222.123,208.67.220.123 TCP: Interfaces\{BA778979-A30E-4822-B18E-7E8FE2E428FD}: NameServer = 198.153.192.60,198.153.194.60 FF - ProfilePath - c:\users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\ue1pm6q0.default-1392630538753\ . . ------- File Associations ------- . .scr=Icad.load.scr . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:e9,2e,90,3b,5c,26,ce,01 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\03\00\0b\0f\06\05?" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-02-27 17:30:24 ComboFix-quarantined-files.txt 2014-02-27 17:30 ComboFix2.txt 2014-02-27 13:53 ComboFix3.txt 2014-02-19 17:34 ComboFix4.txt 2013-12-24 21:06 ComboFix5.txt 2014-02-27 17:13 . Pre-Run: 286,890,729,472 bytes free Post-Run: 286,767,255,552 bytes free . - - End Of File - - 2A5BF6DC88F46DE9BC573E23CEA45FE3 A36C5E4F47E84449FF07ED3517B43A31
- February 27, 2014
- 8 replies
Help! What has happened to my system? I cant even run DDS!

ccfc1987 replied to ccfc1987's topic in Resolved Malware Removal Logs

Hey Gringo, thank you for the reply! As a heads up I have had no choice bu to download and run the programs in Safe Mode with Netowrking. Below are the two logs you require: FRST: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-02-2014 02 Ran by Conor (administrator) on Conor-PC on 27-02-2014 16:04:19 Running from C:\Users\Conor\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Safe Mode (with Networking) The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Quest Software) C:\windows\SysWOW64\pnssosvr.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.) HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.) HKLM\...\Run: [stage Remote] - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-28] () HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [9577680 2012-11-07] (COMODO) HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [tvncontrol] - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-01-20] (Comodo Security Solutions, Inc.) HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-30] (AVAST Software) HKLM-x32\...\Run: [pnusbclitray] - pnusbclitray.exe HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [EKStatusMonitor] - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company) HKLM-x32\...\Run: [Conime] - %windir%\system32\conime.exe HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKU\S-1-5-21-3498985405-2854093996-1078918590-1002\...\Run: [FileHippo.com] - C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA6A93B21087ECD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Tcpip\Parameters: [DhcpNameServer] 10.192.192.1 Tcpip\..\Interfaces\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: [NameServer]208.67.222.123,208.67.220.123,10.192.192.1 Tcpip\..\Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}: [NameServer]208.67.222.123,208.67.220.123 Tcpip\..\Interfaces\{BA778979-A30E-4822-B18E-7E8FE2E428FD}: [NameServer]198.153.192.60,198.153.194.60 FireFox: ======== FF ProfilePath: C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\ue1pm6q0.default-1392630538753 FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @acestream.net/acestreamplugin,version=2.1.5.3 - C:\Users\Conor\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Conor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-05-03] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-09-24] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-09-24] ==================== Services (Whitelisted) ================= S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-08-06] (Advanced Micro Devices, Inc.) S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-30] (AVAST Software) S2 Cadence License Manager; C:\Cadence\LicenseManager\lmgrd.exe [1814352 2011-08-30] (Flexera Software, Inc.) S2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2014-01-20] (Comodo Security Solutions, Inc.) S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2828408 2012-11-07] (COMODO) S2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-01-20] (Comodo Security Solutions, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.) S2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2012-11-22] () S2 pnusbvirtualhubwssrv; C:\windows\system32\pnusbvirtualhubwssrv.exe [473600 2013-10-29] (Quest Software) S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2014-01-22] (Trusteer Ltd.) S2 BingDesktopUpdate; "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe" [X] S2 lmgrd; "C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe" [X] ==================== Drivers (Whitelisted) ==================== R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software) S2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [78648 2014-01-30] (AVAST Software) R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-10-22] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-22] () S1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1038072 2014-01-30] (AVAST Software) S1 aswSP; C:\windows\system32\drivers\aswSP.sys [421704 2014-01-30] (AVAST Software) S3 aswStm; C:\windows\system32\drivers\aswStm.sys [80184 2014-01-30] (AVAST Software) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-30] () S1 CFRMD; C:\Windows\SysWOW64\DRIVERS\CFRMD.sys [37976 2012-09-03] (Windows ® Win 7 DDK provider) S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [584056 2012-11-07] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [38144 2012-11-07] (COMODO) R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [94288 2012-11-07] (COMODO) S2 pnpnptool; C:\windows\system32\Drivers\pnpnptool.sys [51736 2013-10-29] (Quest Software) S3 pnusbd; C:\windows\system32\Drivers\pnusbd.sys [37272 2013-10-29] (Quest Software) S1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-10-25] () S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [282712 2014-01-22] (Trusteer Ltd.) S3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [233336 2014-01-31] (Trusteer Ltd.) S0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [316312 2014-01-22] (Trusteer Ltd.) S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [397848 2014-01-22] (Trusteer Ltd.) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited) S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 KUSBusByTCPMasterBus; System32\Drivers\KUSBusByTCPMasterBus.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-27 15:51 - 2014-02-27 15:51 - 00000000 __SHD () C:\found.005 2014-02-27 15:34 - 2014-02-27 16:04 - 00015903 _____ () C:\Users\Conor\Desktop\FRST.txt 2014-02-27 15:34 - 2014-02-27 15:34 - 00000000 ____D () C:\FRST 2014-02-27 15:24 - 2014-02-27 15:24 - 02155520 _____ (Farbar) C:\Users\Conor\Desktop\FRST64.exe 2014-02-27 14:08 - 2014-02-27 14:08 - 00014414 _____ () C:\Users\Conor\Desktop\hijackthis.log 2014-02-27 14:07 - 2014-02-27 14:08 - 00000000 ____D () C:\Users\Conor\Desktop\Computer Repair 2014-02-27 13:53 - 2014-02-27 13:53 - 00028833 _____ () C:\ComboFix.txt 2014-02-27 13:22 - 2014-02-27 13:22 - 00000000 ____D () C:\found.004 2014-02-27 08:30 - 2014-02-27 15:31 - 00000840 _____ () C:\windows\setupact.log 2014-02-27 08:30 - 2014-02-27 08:30 - 00000000 _____ () C:\windows\setuperr.log 2014-02-27 08:29 - 2014-02-27 13:54 - 00005352 _____ () C:\windows\PFRO.log 2014-02-26 13:07 - 2014-02-26 13:07 - 00013344 ____N () C:\bootsqm.dat 2014-02-26 13:00 - 2014-02-26 13:00 - 00000000 ____D () C:\found.003 2014-02-26 08:21 - 2014-02-27 12:54 - 00000000 ____D () C:\7fcdf01e3cb87b5371c943805f224414 2014-02-25 20:02 - 2014-02-25 20:01 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2014-02-25 20:01 - 2014-02-25 20:01 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2014-02-25 20:01 - 2014-02-25 20:01 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2014-02-25 20:01 - 2014-02-25 20:01 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2014-02-25 20:01 - 2014-02-25 20:01 - 00000000 ____D () C:\Program Files (x86)\Java 2014-02-23 11:29 - 2014-02-27 12:53 - 00000000 ____D () C:\Users\Conor\Downloads\Billy Elliot 2000 1080p BDRip x264 AC3-KINGDOM 2014-02-23 11:24 - 2014-02-27 12:53 - 00000000 ____D () C:\Users\Conor\Downloads\Little.Fockers.DVDRip.XviD-DEFACED 2014-02-20 11:03 - 2014-02-23 11:29 - 00000000 ____D () C:\Users\Conor\Downloads\Gavin and Stacey (Complete Collection) 2014-02-15 23:46 - 2014-02-15 23:46 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-02-15 12:40 - 2014-02-27 12:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-14 03:54 - 2014-02-14 03:54 - 00462208 _____ () C:\windows\system32\FNTCACHE.DAT 2014-02-14 03:04 - 2013-12-21 09:53 - 00548864 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-02-14 03:04 - 2013-12-21 08:56 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2014-02-14 03:03 - 2014-02-06 11:30 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-02-14 03:03 - 2014-02-06 11:30 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-02-14 03:03 - 2014-02-06 11:07 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-02-14 03:03 - 2014-02-06 11:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-02-14 03:03 - 2014-02-06 10:57 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-02-14 03:03 - 2014-02-06 10:56 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-02-14 03:03 - 2014-02-06 10:52 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-02-14 03:03 - 2014-02-06 10:49 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-02-14 03:03 - 2014-02-06 10:32 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-02-14 03:03 - 2014-02-06 10:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-02-14 03:03 - 2014-02-06 10:17 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-02-14 03:03 - 2014-02-06 10:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-02-14 03:03 - 2014-02-06 10:00 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-02-14 03:03 - 2014-02-06 09:57 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-02-14 03:03 - 2014-02-06 09:52 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-02-14 03:03 - 2014-02-06 09:52 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-02-14 03:03 - 2014-02-06 09:49 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-02-14 03:03 - 2014-02-06 09:47 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-02-14 03:03 - 2014-02-06 09:25 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-02-14 03:03 - 2014-02-06 09:13 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-02-14 03:02 - 2014-02-06 12:16 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-02-14 03:02 - 2014-02-06 11:12 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-02-14 03:02 - 2014-02-06 10:48 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-02-14 03:02 - 2014-02-06 10:48 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-02-14 03:02 - 2014-02-06 10:38 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-02-14 03:02 - 2014-02-06 10:11 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-02-14 03:02 - 2014-02-06 09:57 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-02-14 03:02 - 2014-02-06 09:50 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-02-14 03:02 - 2014-02-06 09:46 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-02-14 03:02 - 2014-02-06 09:25 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-02-14 03:02 - 2014-02-06 09:24 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-02-14 03:02 - 2014-02-06 09:22 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-02-14 03:02 - 2014-02-06 09:09 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-02-14 03:02 - 2014-02-06 09:03 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-02-14 03:02 - 2014-02-06 08:55 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-02-14 03:02 - 2014-02-06 08:41 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-02-14 03:02 - 2014-02-06 08:40 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-02-14 03:02 - 2014-02-06 08:36 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-02-14 03:02 - 2014-02-06 08:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-02-13 09:41 - 2014-02-27 12:53 - 00000000 ____D () C:\Users\Conor\Downloads\Love Actually (2003) 2014-02-13 09:40 - 2014-02-16 22:14 - 00000000 ____D () C:\Users\Conor\Downloads\The Holiday (2006) 2014-02-13 09:27 - 2014-02-27 12:53 - 00000000 ____D () C:\Users\Conor\Downloads\Notting Hill (1999) 2014-02-13 09:27 - 2014-02-14 20:40 - 00000000 ____D () C:\Users\Conor\Downloads\What Women Want (2000) 2014-02-12 21:54 - 2013-12-31 23:05 - 00420008 _____ () C:\windows\SysWOW64\locale.nls 2014-02-12 21:54 - 2013-12-31 23:04 - 00420008 _____ () C:\windows\system32\locale.nls 2014-02-12 21:53 - 2013-12-24 23:09 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll 2014-02-12 21:53 - 2013-12-24 22:48 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll 2014-02-12 21:53 - 2013-12-06 02:30 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll 2014-02-12 21:53 - 2013-12-06 02:30 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll 2014-02-12 21:53 - 2013-12-06 02:02 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll 2014-02-12 21:53 - 2013-12-06 02:02 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll 2014-02-12 21:53 - 2013-12-04 02:27 - 00488448 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll 2014-02-12 21:53 - 2013-12-04 02:27 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll 2014-02-12 21:53 - 2013-12-04 02:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll 2014-02-12 21:53 - 2013-12-04 02:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll 2014-02-12 21:53 - 2013-12-04 02:26 - 00528384 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll 2014-02-12 21:53 - 2013-12-04 02:16 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe 2014-02-12 21:53 - 2013-12-04 02:16 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe 2014-02-12 21:53 - 2013-12-04 02:16 - 00553984 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe 2014-02-12 21:53 - 2013-12-04 02:16 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe 2014-02-12 21:53 - 2013-12-04 02:03 - 00428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc.dll 2014-02-12 21:53 - 2013-12-04 02:03 - 00423936 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_isv.dll 2014-02-12 21:53 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp_isv.dll 2014-02-12 21:53 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp.dll 2014-02-12 21:53 - 2013-12-04 02:02 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll 2014-02-12 21:53 - 2013-12-04 01:54 - 00594944 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_isv.exe 2014-02-12 21:53 - 2013-12-04 01:54 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate.exe 2014-02-12 21:53 - 2013-12-04 01:54 - 00510976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp.exe 2014-02-12 21:53 - 2013-12-04 01:54 - 00508928 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp_isv.exe 2014-02-12 21:53 - 2013-11-26 08:16 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll 2014-02-12 21:53 - 2013-11-22 22:48 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll 2014-02-12 13:56 - 2014-02-12 13:56 - 00126520 _____ () C:\Users\Conor\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-03 16:13 - 2014-02-03 16:16 - 00000000 ____D () C:\Users\Conor\Downloads\Cloudy with a Chance of Meatballs 2 (2013) 2014-02-02 22:44 - 2014-02-02 22:44 - 00000000 ____D () C:\Users\Conor\Downloads\Cloudy with a Chance of Meatballs (2009) 2014-01-30 13:36 - 2014-02-27 13:31 - 00002214 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-01-30 13:36 - 2014-01-30 13:35 - 00080184 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys 2014-01-30 13:34 - 2014-01-30 13:34 - 00000873 _____ () C:\Users\Public\Desktop\VLC media player.lnk ==================== One Month Modified Files and Folders ======= 2014-02-27 16:04 - 2014-02-27 15:34 - 00015903 _____ () C:\Users\Conor\Desktop\FRST.txt 2014-02-27 16:02 - 2009-07-14 05:13 - 00786622 _____ () C:\windows\system32\PerfStringBackup.INI 2014-02-27 15:51 - 2014-02-27 15:51 - 00000000 __SHD () C:\found.005 2014-02-27 15:34 - 2014-02-27 15:34 - 00000000 ____D () C:\FRST 2014-02-27 15:34 - 2012-08-01 14:44 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update 2014-02-27 15:34 - 2011-11-27 21:23 - 01621939 _____ () C:\windows\WindowsUpdate.log 2014-02-27 15:32 - 2013-11-19 14:25 - 00000892 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-27 15:32 - 2013-10-16 06:59 - 00000000 ____D () C:\ProgramData\Kodak 2014-02-27 15:32 - 2011-11-27 23:18 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks 2014-02-27 15:32 - 2011-11-27 23:18 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks 2014-02-27 15:32 - 2011-11-27 23:07 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup 2014-02-27 15:31 - 2014-02-27 08:30 - 00000840 _____ () C:\windows\setupact.log 2014-02-27 15:31 - 2009-07-14 05:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-02-27 15:24 - 2014-02-27 15:24 - 02155520 _____ (Farbar) C:\Users\Conor\Desktop\FRST64.exe 2014-02-27 15:14 - 2009-07-14 04:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-27 15:14 - 2009-07-14 04:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-27 15:12 - 2012-08-19 21:03 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-02-27 14:08 - 2014-02-27 14:08 - 00014414 _____ () C:\Users\Conor\Desktop\hijackthis.log 2014-02-27 14:08 - 2014-02-27 14:07 - 00000000 ____D () C:\Users\Conor\Desktop\Computer Repair 2014-02-27 13:59 - 2013-11-19 14:25 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-27 13:54 - 2014-02-27 08:29 - 00005352 _____ () C:\windows\PFRO.log 2014-02-27 13:53 - 2014-02-27 13:53 - 00028833 _____ () C:\ComboFix.txt 2014-02-27 13:53 - 2013-06-01 10:34 - 00000000 ____D () C:\Qoobox 2014-02-27 13:48 - 2009-07-14 02:34 - 00000215 _____ () C:\windows\system.ini 2014-02-27 13:31 - 2014-01-30 13:36 - 00002214 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-02-27 13:22 - 2014-02-27 13:22 - 00000000 ____D () C:\found.004 2014-02-27 12:54 - 2014-02-26 08:21 - 00000000 ____D () C:\7fcdf01e3cb87b5371c943805f224414 2014-02-27 12:54 - 2014-02-15 12:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-27 12:54 - 2013-12-12 23:46 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-02-27 12:54 - 2013-06-01 16:15 - 00000000 ____D () C:\Program Files\My Dell 2014-02-27 12:53 - 2014-02-23 11:29 - 00000000 ____D () C:\Users\Conor\Downloads\Billy Elliot 2000 1080p BDRip x264 AC3-KINGDOM 2014-02-27 12:53 - 2014-02-23 11:24 - 00000000 ____D () C:\Users\Conor\Downloads\Little.Fockers.DVDRip.XviD-DEFACED 2014-02-27 12:53 - 2014-02-13 09:41 - 00000000 ____D () C:\Users\Conor\Downloads\Love Actually (2003) 2014-02-27 12:53 - 2014-02-13 09:27 - 00000000 ____D () C:\Users\Conor\Downloads\Notting Hill (1999) 2014-02-27 12:53 - 2014-01-15 18:07 - 00000000 ____D () C:\Users\Conor\Downloads\National Lampoons Vacation (1983) 2014-02-27 12:53 - 2014-01-04 21:16 - 00000000 ____D () C:\Users\Conor\Downloads\The Damned United 2014-02-27 12:53 - 2014-01-04 13:57 - 00000000 ____D () C:\Users\Conor\Downloads\An Idiot Abroad 2014-02-27 12:53 - 2013-11-16 13:09 - 00000000 ____D () C:\Users\Conor\Downloads\Max and Paddys' Road to Nowhere (Complete Collection) 2014-02-27 12:53 - 2013-06-24 12:04 - 00000000 ____D () C:\Users\Conor\AppData\Roaming\BitTorrent 2014-02-27 12:53 - 2013-05-18 10:25 - 00000000 ____D () C:\Users\Conor\Desktop\Virus Scans (Run Weekly!) 2014-02-27 12:53 - 2013-05-05 08:38 - 00000000 ____D () C:\Users\Conor\AppData\Roaming\vlc 2014-02-27 12:53 - 2012-08-19 21:03 - 00000000 ____D () C:\windows\system32\Macromed 2014-02-27 12:53 - 2012-08-13 20:28 - 00000000 ____D () C:\windows\erdnt 2014-02-27 12:53 - 2012-03-11 14:20 - 00000000 ____D () C:\Users\Conor 2014-02-27 12:53 - 2011-11-27 23:13 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-02-27 12:53 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\rescache 2014-02-27 12:53 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\registration 2014-02-27 12:53 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\AppCompat 2014-02-27 08:34 - 2011-11-27 22:39 - 00000000 ____D () C:\ProgramData\Sonic 2014-02-27 08:30 - 2014-02-27 08:30 - 00000000 _____ () C:\windows\setuperr.log 2014-02-27 08:28 - 2013-08-25 10:01 - 00000000 ____D () C:\AdwCleaner 2014-02-26 13:07 - 2014-02-26 13:07 - 00013344 ____N () C:\bootsqm.dat 2014-02-26 13:00 - 2014-02-26 13:00 - 00000000 ____D () C:\found.003 2014-02-26 12:30 - 2009-07-14 05:08 - 00032608 _____ () C:\windows\Tasks\SCHEDLGU.TXT 2014-02-26 11:29 - 2011-11-27 21:44 - 00770932 _____ () C:\windows\SysWOW64\PerfStringBackup.INI 2014-02-25 20:19 - 2013-10-22 12:46 - 00000000 ____D () C:\ProgramData\Oracle 2014-02-25 20:01 - 2014-02-25 20:02 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2014-02-25 20:01 - 2014-02-25 20:01 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2014-02-25 20:01 - 2014-02-25 20:01 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2014-02-25 20:01 - 2014-02-25 20:01 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2014-02-25 20:01 - 2014-02-25 20:01 - 00000000 ____D () C:\Program Files (x86)\Java 2014-02-23 18:23 - 2013-06-01 17:59 - 00003440 _____ () C:\windows\System32\Tasks\PCDEventLauncherTask 2014-02-23 11:29 - 2014-02-20 11:03 - 00000000 ____D () C:\Users\Conor\Downloads\Gavin and Stacey (Complete Collection) 2014-02-23 11:29 - 2014-01-09 21:31 - 00000000 ____D () C:\Users\Conor\Downloads\Cast Away (2000) 2014-02-23 11:22 - 2013-12-18 22:43 - 00000000 ____D () C:\Users\Conor\Downloads\Anchorman The Legend Of Ron Burgundy (2004) 2014-02-21 22:00 - 2012-03-22 16:50 - 00000000 ____D () C:\ProgramData\PCDr 2014-02-21 19:37 - 2012-03-11 14:25 - 00000000 ____D () C:\Users\Conor\Desktop\BEng Electronic Engineering 2014-02-21 10:23 - 2012-08-19 21:03 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-02-21 10:22 - 2012-08-19 21:03 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-02-21 10:22 - 2012-08-19 21:03 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-21 09:08 - 2012-08-14 18:32 - 00000000 ____D () C:\windows\Minidump 2014-02-19 17:15 - 2013-10-21 16:10 - 00000236 _____ () C:\Users\Conor\quartus2.ini 2014-02-19 16:19 - 2013-11-08 13:12 - 00036352 ___SH () C:\Users\Conor\Thumbs.db 2014-02-17 00:08 - 2013-05-03 12:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-16 23:38 - 2013-08-14 21:07 - 00000000 ____D () C:\windows\system32\MRT 2014-02-16 23:32 - 2012-08-01 22:05 - 88567024 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-02-16 22:14 - 2014-02-13 09:40 - 00000000 ____D () C:\Users\Conor\Downloads\The Holiday (2006) 2014-02-15 23:46 - 2014-02-15 23:46 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-02-14 20:40 - 2014-02-13 09:27 - 00000000 ____D () C:\Users\Conor\Downloads\What Women Want (2000) 2014-02-14 03:54 - 2014-02-14 03:54 - 00462208 _____ () C:\windows\system32\FNTCACHE.DAT 2014-02-12 21:15 - 2013-09-28 10:58 - 00000000 ____D () C:\_acestream_cache_ 2014-02-12 21:15 - 2013-09-14 16:39 - 00000000 ____D () C:\Users\Conor\AppData\Roaming\.ACEStream 2014-02-12 13:56 - 2014-02-12 13:56 - 00126520 _____ () C:\Users\Conor\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-07 09:54 - 2013-11-19 14:25 - 00003892 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-02-07 09:54 - 2013-11-19 14:25 - 00003640 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-02-06 12:16 - 2014-02-14 03:02 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-02-06 11:30 - 2014-02-14 03:03 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-02-06 11:30 - 2014-02-14 03:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-02-06 11:12 - 2014-02-14 03:02 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-02-06 11:07 - 2014-02-14 03:03 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-02-06 11:06 - 2014-02-14 03:03 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-02-06 10:57 - 2014-02-14 03:03 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-02-06 10:56 - 2014-02-14 03:03 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-02-06 10:52 - 2014-02-14 03:03 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-02-06 10:49 - 2014-02-14 03:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-02-06 10:48 - 2014-02-14 03:02 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-02-06 10:48 - 2014-02-14 03:02 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-02-06 10:38 - 2014-02-14 03:02 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-02-06 10:32 - 2014-02-14 03:03 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-02-06 10:20 - 2014-02-14 03:03 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-02-06 10:17 - 2014-02-14 03:03 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-02-06 10:11 - 2014-02-14 03:02 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-02-06 10:01 - 2014-02-14 03:03 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-02-06 10:00 - 2014-02-14 03:03 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-02-06 09:57 - 2014-02-14 03:03 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-02-06 09:57 - 2014-02-14 03:02 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-02-06 09:52 - 2014-02-14 03:03 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-02-06 09:52 - 2014-02-14 03:03 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-02-06 09:50 - 2014-02-14 03:02 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-02-06 09:49 - 2014-02-14 03:03 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-02-06 09:47 - 2014-02-14 03:03 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-02-06 09:46 - 2014-02-14 03:02 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-02-06 09:25 - 2014-02-14 03:03 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-02-06 09:25 - 2014-02-14 03:02 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-02-06 09:24 - 2014-02-14 03:02 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-02-06 09:22 - 2014-02-14 03:02 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-02-06 09:13 - 2014-02-14 03:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-02-06 09:09 - 2014-02-14 03:02 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-02-06 09:03 - 2014-02-14 03:02 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-02-06 08:55 - 2014-02-14 03:02 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-02-06 08:41 - 2014-02-14 03:02 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-02-06 08:40 - 2014-02-14 03:02 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-02-06 08:36 - 2014-02-14 03:02 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-02-06 08:34 - 2014-02-14 03:02 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-02-03 16:16 - 2014-02-03 16:13 - 00000000 ____D () C:\Users\Conor\Downloads\Cloudy with a Chance of Meatballs 2 (2013) 2014-02-02 22:44 - 2014-02-02 22:44 - 00000000 ____D () C:\Users\Conor\Downloads\Cloudy with a Chance of Meatballs (2009) 2014-01-30 13:35 - 2014-01-30 13:36 - 00080184 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys 2014-01-30 13:35 - 2013-04-20 10:23 - 00207904 _____ () C:\windows\system32\Drivers\aswVmm.sys 2014-01-30 13:35 - 2012-05-03 13:07 - 01038072 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys 2014-01-30 13:35 - 2012-05-03 13:07 - 00421704 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys 2014-01-30 13:35 - 2012-05-03 13:07 - 00334136 _____ (AVAST Software) C:\windows\system32\aswBoot.exe 2014-01-30 13:35 - 2012-05-03 13:07 - 00078648 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys 2014-01-30 13:35 - 2012-05-03 13:06 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr 2014-01-30 13:34 - 2014-01-30 13:34 - 00000873 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-01-30 13:32 - 2013-04-20 10:14 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-01-30 13:32 - 2012-08-09 22:20 - 00000000 ____D () C:\Program Files\CCleaner Files to move or delete: ==================== C:\Users\Conor\aio_install.exe Some content of TEMP: ==================== C:\Users\Conor\AppData\Local\Temp\bk2xdl0e.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-19 18:02 ==================== End Of Log ============================ Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2014 02 Ran by Conor at 2014-02-27 16:05:53 Running from C:\Users\Conor\Desktop Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: COMODO Defense+ (Disabled - Up to date) {FEEA52D5-051E-08DD-07EF-2F009097607D} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: COMODO Firewall (Enabled) {7DB03214-694B-060B-1600-BD4715C36DBB} ==================== Installed Programs ====================== 64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden 7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - ) Ace Stream Media 2.1.5.3 (HKCU\...\AceStream) (Version: 2.1.5.3 - Ace Stream Media) Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.) Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd) AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden AMD Fuel (Version: 2011.0806.105.31 - AMD) Hidden AMD Media Foundation Decoders (Version: 1.0.60805.2350 - ATI Technologies Inc.) Hidden AMD VISION Engine Control Center (x32 Version: 2011.0806.105.31 - ATI) Hidden Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ATI AVIVO64 Codecs (Version: 11.6.0.10806 - ATI Technologies Inc.) Hidden ATI Catalyst Install Manager (HKLM\...\{8F56EA58-DCEE-8262-12AC-5C7ED4B3FE01}) (Version: 3.0.829.0 - ATI Technologies, Inc.) Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version: - Audacity Team) Auslogics BoostSpeed (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 5.3 - Auslogics Software Pty Ltd) avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2013 - Avast Software) Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts) Battlefield 2 (HKLM-x32\...\{A8DBF55D-73C0-4E37-A10E-365BFBB14119}) (Version: 1.5.0.0 - Electronic Arts) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden BitTorrent (HKCU\...\BitTorrent) (Version: 7.8.2.30182 - BitTorrent Inc.) BlackBerry Desktop Software 7.0 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.0.0.59 - Research In Motion Ltd.) BlackBerry Desktop Software 7.0 (x32 Version: 7.0.0.59 - Research In Motion Ltd.) Hidden BlackBerry Device Software Updater (HKLM-x32\...\{38676C9C-270F-43D1-926A-E45DE8820A6B}) (Version: 7.1.0.34 - Research In Motion Ltd) Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden C4200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden c4200_Help (x32 Version: 82.0.210.000 - Hewlett-Packard) Hidden Cadence License Manager 12.01 (HKLM-x32\...\{2A83C3BE-15D0-4AFD-8F23-FD7B6E5BBD97}) (Version: 12.01.0000 - Cadence Design Systems) Cadence SPB/OrCAD 16.6 (HKCU\...\{4CA5F148-A11D-4D37-A2D3-CCFC671F113C}) (Version: 16.60.000 - Cadence Design Systems, Inc.) CADopia IntelliCAD 4 (x32 Version: 4.00.0000 - CADopia) Hidden Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0806.105.31 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2011.0806.105.31 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2011.0806.105.31 - ATI) Hidden Catalyst Control Center Profiles Mobile (x32 Version: 2011.0806.105.31 - ATI) Hidden CCC Help Chinese Standard (x32 Version: 2011.0806.0104.31 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2011.0806.0104.31 - ATI) Hidden CCC Help Czech (x32 Version: 2011.0806.0104.31 - ATI) Hidden CCC Help Danish (x32 Version: 2011.0806.0104.31 - ATI) Hidden CCC Help Dutch (x32 Version: 2011.0806.0104.31 - ATI) Hidden CCC Help English (x32 Version: 2011.0806.0104.31 - ATI) Hidden CCC Help Finnish (x32 Version: 2011.0806.0104.31 - ATI) Hidden CCC Help French (x32 Version: 2011.0806.0104.31 - ATI) Hidden CCC Help German (x32 Version: 2011.0806.0104.31 - ATI) Hidden CCC Help Greek (x32 Version: 2011.0806.0104.31 - ATI) Hidden CCC Help Hungarian (x32 Version: 2011.0806.0104.31 - ATI) Hidden CCC Help Italian (x32 Version: 2011.0806.0104.31 - ATI) Hidden CCC Help Japanese (x32 Version: 2011.0806.0104.31 - ATI) Hidden CCC Help Korean (x32 Version: 2011.0806.0104.31 - ATI) Hidden CCC Help Norwegian (x32 Version: 2011.0806.0104.31 - ATI) Hidden CCC Help Polish (x32 Version: 2011.0806.0104.31 - ATI) Hidden CCC Help Portuguese (x32 Version: 2011.0806.0104.31 - ATI) Hidden CCC Help Russian (x32 Version: 2011.0806.0104.31 - ATI) Hidden CCC Help Spanish (x32 Version: 2011.0806.0104.31 - ATI) Hidden CCC Help Swedish (x32 Version: 2011.0806.0104.31 - ATI) Hidden CCC Help Thai (x32 Version: 2011.0806.0104.31 - ATI) Hidden CCC Help Turkish (x32 Version: 2011.0806.0104.31 - ATI) Hidden ccc-utility64 (Version: 2011.0806.105.31 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform) center (x32 Version: 7.7.2.0 - Eastman Kodak Company) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden COMODO Internet Security (HKLM\...\{E62381A7-B1C1-4121-8262-84D38C77786C}) (Version: 5.12.55693.2551 - COMODO Security Solutions Inc.) Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden CopyTrans Suite Remove Only (HKCU\...\CopyTrans Suite) (Version: 2.37 - WindSolutions) Crystal Reports 2008 Runtime (HKLM-x32\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.0.0.683 - Business Objects) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version: - Microsoft) Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell) Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.) Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps) Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft) Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps) Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1207.101.225 - ALPS ELECTRIC CO., LTD.) Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.) Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd) Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.100.82.88 - Dell Inc.) Escape Whisper Valley (x32 Version: 2.2.0.95 - WildTangent) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) essentials (x32 Version: 7.7.2.0 - Eastman Kodak Company) Hidden Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden FIFA 14 Demo (HKLM-x32\...\{7A6577E7-F341-430F-9173-91E14E2DE270}) (Version: 1.0.0.0 - Electronic Arts) FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - ) Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.2.413 - Foxit Corporation) GeekBuddy (HKLM-x32\...\{3BD70150-9D30-488F-8CA7-CE99EF8324CC}) (Version: 4.10.86 - Comodo Security Solutions Inc) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games) GTAIII (HKLM-x32\...\{92B94569-6683-4617-8C54-EB27A1B51B30}) (Version: - ) High-Definition Video Playback (x32 Version: 11.1.11100.4.196 - Nero AG) Hidden HI-TECH C Compiler for the PIC10/12/16 MCUs V9.83PL0 (HKLM-x32\...\PICC 9.83) (Version: 9.83 - HI-TECH Software) HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1 (HKLM\...\{14BC5667-22B0-4DC4-8205-597053BBDDC9}) (Version: 13.0 - HP) HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard) HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT) iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.) Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Java 6 Update 27 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416027FF}) (Version: 6.0.270 - Oracle) Jewel Quest (x32 Version: 2.2.0.95 - WildTangent) Hidden Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.7.6.0 - Eastman Kodak Company) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Luxor (x32 Version: 2.2.0.95 - WildTangent) Hidden MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - ) Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden MATLAB R2011b (HKLM\...\Matlab R2011b) (Version: 7.13 - The MathWorks, Inc.) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.) Media Player Codec Pack 4.2.9 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.2.9 - Media Player Codec Pack) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation) Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.) Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden Nero Control Center 10 (x32 Version: 10.6.13000.0.11 - Nero AG) Hidden Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) Hidden Nero Core Components 10 (x32 Version: 2.0.20000.9.12 - Nero AG) Hidden Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP) Origin (HKLM-x32\...\Origin) (Version: 9.0.15.65 - Electronic Arts, Inc.) PDFill FREE PDF Tools (HKLM\...\{735A3951-E139-4E4A-AFAE-BA25E9FF5E6A}) (Version: 10.0 - PlotSoft LLC) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.) PS_AIO_Software_min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Quartus II 9.1sp2 Web Edition (HKLM-x32\...\{4A8CFC2B-2E30-4D00-98A5-A9D32E747C28}) (Version: 9.1sp2 - Altera Corporation) Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.) Rapport (Version: 3.5.1205.20 - Trusteer) Hidden Rapport (x32 Version: 3.5.1304.46 - Trusteer) Hidden RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.) Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group) Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden Roxio Burn (x32 Version: 1.8 - Roxio) Hidden Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio) Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden Roxio File Backup (Version: 1.3.2 - Roxio) Hidden Samantha Swift (x32 Version: 2.2.0.95 - WildTangent) Hidden Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Sentinel Protection Installer 7.1.0 (HKLM\...\{4C1A3B65-E284-4F04-822F-3774E0CEEF67}) (Version: 7.1.0 - Safenet Inc,) Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP) SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden SopCast 3.8.3 (HKLM-x32\...\SopCast) (Version: 3.8.3 - www.sopcast.com) Sopcast Toolbar (HKLM-x32\...\{53504356-3700-A76A-76A7-A758B70C0300}) (Version: 12.3.0.840 - APN, LLC) SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC) Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden StreamTorrent 1.0 (HKLM-x32\...\StreamTorrent 1.0) (Version: - ) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.15400 - Nero AG) SyncUP (x32 Version: 1.12.11200.10.102 - Nero AG) Hidden System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC) TomTom HOME (HKLM-x32\...\{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}) (Version: 2.9.3 - TomTom) TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1304.46 - Trusteer) Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS) UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN) VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.) Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.0.0.0 - Azureus Software, Inc.) vWorkspace Connector for Web Access (HKLM-x32\...\{2F592C28-8F7C-414E-A07A-74FDE6726857}) (Version: 7.6.0.845 - Quest Software) WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden Wedding Dash - Ready, Aim, Love! (x32 Version: 2.2.0.95 - WildTangent) Hidden WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7600 - Broadcom Corporation) WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.2.5 - WildTangent) WildTangent Games App (Dell Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden WinPatrol (HKLM\...\{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}) (Version: 28.1.2013.0 - BillP Studios) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Restore Points ========================= 19-02-2014 16:37:45 ComboFix created restore point 21-02-2014 19:36:55 Windows Update 25-02-2014 19:59:59 Installed Java 7 Update 51 26-02-2014 08:18:27 Windows Update ==================== Hosts content: ========================== 2013-12-14 09:19 - 2014-02-27 13:48 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {10206171-14D5-4AEE-8AAB-B6074EDEC5BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-19] (Google Inc.) Task: {10D2B73B-2CBD-429D-9CD0-86F50F8F36CE} - System32\Tasks\{2ECB3BD1-BD37-42E6-98D6-462EE6ABB7E0} => Firefox.exe http://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?source=lightinstaller&page=tsProgressBar Task: {182BBCCE-23DB-42A4-85A4-D6B3DFE7DA82} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.) Task: {64C5F6BE-3EB2-4BC7-A653-F45CB65B26B2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-30] (AVAST Software) Task: {690A627B-0F35-4D83-9BE3-B4B873183491} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {7CA52196-F12E-4CDF-9C6E-FCEF1BA8D915} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.) Task: {8AC844BE-B3B8-4C1C-9F0F-3F79C0A6C3EB} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated) Task: {96DD64D5-4EA1-41ED-B9A7-455FF4BDEC09} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-19] (Google Inc.) Task: {B3BE9A92-66FD-4D0C-AECF-6748B9F20270} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd) Task: {C7C079D3-25D3-4245-895F-490058D0EEC1} - System32\Tasks\PCDoctorBackgroundMonitorTask-Retry => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.) Task: {ED50FAAC-292C-4308-9253-C3172385B93A} - System32\Tasks\{DEAA5464-99A2-4B36-874C-8DAC1FF7098F} => Firefox.exe http://ui.skype.com/ui/0/5.8.0.158.259/en/go/help.faq.installer?source=lightinstaller&LastError=1618 Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2014-02-15 12:40 - 2014-02-15 12:40 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:07BF512B AlternateDataStreams: C:\ProgramData\Temp:5C321E34 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\32508145.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\32572666.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\45852858.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\81940613.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\85319584.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\90348415.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\32508145.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\32572666.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\45852858.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\81940613.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\85319584.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\90348415.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupreg: AceStream => C:\Users\Conor\AppData\Roaming\ACEStream\engine\ace_engine.exe MSCONFIG\startupreg: WinPatrol => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: RapportKE64 Description: RapportKE64 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: RapportKE64 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: aswVmm Description: aswVmm Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: aswVmm Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: aswRvrt Description: aswRvrt Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: aswRvrt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (02/27/2014 04:00:50 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/27/2014 03:33:45 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/27/2014 03:32:20 PM) (Source: Bonjour Service) (User: ) Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 16 15.193.192.10.in-addr.arpa. PTR Conor-PC.local. Error: (02/27/2014 03:32:20 PM) (Source: Bonjour Service) (User: ) Description: mDNSCoreReceiveResponse: Received from 10.192.193.15:5353 18 15.193.192.10.in-addr.arpa. PTR Conor-PC-2.local. Error: (02/27/2014 03:22:24 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/27/2014 03:17:58 PM) (Source: Bonjour Service) (User: ) Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 16 15.193.192.10.in-addr.arpa. PTR Conor-PC.local. Error: (02/27/2014 03:17:58 PM) (Source: Bonjour Service) (User: ) Description: mDNSCoreReceiveResponse: Received from 10.192.193.15:5353 18 15.193.192.10.in-addr.arpa. PTR Conor-PC-2.local. Error: (02/27/2014 03:04:32 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/27/2014 02:35:28 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/27/2014 02:34:13 PM) (Source: Bonjour Service) (User: ) Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 16 15.193.192.10.in-addr.arpa. PTR Conor-PC.local. System errors: ============= Error: (02/27/2014 04:00:56 PM) (Source: DCOM) (User: ) Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58} Error: (02/27/2014 04:00:06 PM) (Source: Service Control Manager) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: %%1068 Error: (02/27/2014 04:00:05 PM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (02/27/2014 04:00:05 PM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (02/27/2014 04:00:05 PM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (02/27/2014 04:00:04 PM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (02/27/2014 04:00:04 PM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (02/27/2014 04:00:04 PM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (02/27/2014 04:00:04 PM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (02/27/2014 04:00:04 PM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Microsoft Office Sessions: ========================= Error: (02/27/2014 04:00:50 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/27/2014 03:33:45 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/27/2014 03:32:20 PM) (Source: Bonjour Service)(User: ) Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 16 15.193.192.10.in-addr.arpa. PTR Conor-PC.local. Error: (02/27/2014 03:32:20 PM) (Source: Bonjour Service)(User: ) Description: mDNSCoreReceiveResponse: Received from 10.192.193.15:5353 18 15.193.192.10.in-addr.arpa. PTR Conor-PC-2.local. Error: (02/27/2014 03:22:24 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/27/2014 03:17:58 PM) (Source: Bonjour Service)(User: ) Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 16 15.193.192.10.in-addr.arpa. PTR Conor-PC.local. Error: (02/27/2014 03:17:58 PM) (Source: Bonjour Service)(User: ) Description: mDNSCoreReceiveResponse: Received from 10.192.193.15:5353 18 15.193.192.10.in-addr.arpa. PTR Conor-PC-2.local. Error: (02/27/2014 03:04:32 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/27/2014 02:35:28 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/27/2014 02:34:13 PM) (Source: Bonjour Service)(User: ) Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 16 15.193.192.10.in-addr.arpa. PTR Conor-PC.local. CodeIntegrity Errors: =================================== Date: 2014-02-27 13:48:01.950 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-27 13:48:01.528 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-27 13:48:01.107 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-27 13:48:00.686 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-19 17:19:39.843 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-19 17:19:39.297 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-19 17:19:38.735 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-19 17:19:38.174 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-24 20:45:41.708 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-24 20:45:40.663 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 21% Total physical RAM: 3692.02 MB Available physical RAM: 2894.68 MB Total Pagefile: 7382.22 MB Available Pagefile: 6633.86 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:260.52 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: BAFC8161) Partition: GPT Partition Type. ==================== End Of Log ============================
- February 27, 2014
- 8 replies
Help! What has happened to my system? I cant even run DDS!

ccfc1987 posted a topic in Resolved Malware Removal Logs

Hey guys, No idea what has happened to my laptop. I switched it on last night and theproblems started! It runs fine for about five minutes an then whenever I run Firefox/other programs it keeps crashing. Also whenever I reboot the system keeps wanting to check my hard drive for consistency which I have only seen probaly twice in the two years Ive had my laptop.I have ma naged to run HJT so I have attached the log but DDS wouldn't complete; I left for a good half an hour and nothing! Could anybody help please, I am really desperate! I will probably have to download any programs off another computer and run in safe mode so hopefully that will not affect the process. Thanks in advance! Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 14:08:34, on 27/02/2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.16518) FIREFOX: 27.0.1 (en-US) Boot mode: Normal Running processes: C:\windows\SysWOW64\pnssosvr.exe C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe C:\Windows\SysWOW64\C2MP\UpdateChecker.exe C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Windows\SysWOW64\PNUSBCLITRAY.exe C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe C:\Windows\SysWOW64\PNTray.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe C:\windows\SysWOW64\RunDll32.exe C:\Users\Conor\Desktop\Computer Repair\HijackThis.exe C:\windows\SysWOW64\DllHost.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKLM\..\Run: [pnusbclitray] pnusbclitray.exe O4 - HKLM\..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: CodecPackUpdateChecker.lnk = C:\Windows\SysWOW64\C2MP\UpdateChecker.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe O4 - Global Startup: Start GeekBuddy.lnk = C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 208.67.222.123,208.67.220.123,10.192.192.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}: NameServer = 208.67.222.123,208.67.220.123 O17 - HKLM\System\CCS\Services\Tcpip\..\{BA778979-A30E-4822-B18E-7E8FE2E428FD}: NameServer = 198.153.192.60,198.153.194.60 O17 - HKLM\System\CS1\Services\Tcpip\..\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 208.67.222.123,208.67.220.123,10.192.192.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 208.67.222.123,208.67.220.123,10.192.192.1 O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bing Desktop Update service (BingDesktopUpdate) - Unknown owner - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: Cadence License Manager - Flexera Software, Inc. - C:\Cadence\LicenseManager\lmgrd.exe O23 - Service: COMODO LPS Launcher (CLPSLauncher) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: GeekBuddyRSP Server (GeekBuddyRSP) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe O23 - Service: Kodak AiO Status Monitor Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe O23 - Service: Flexlm (lmgrd) - Unknown owner - C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe (file missing) O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe O23 - Service: Quest USB Hub Client Service (pnusbvirtualhubwssrv) - Unknown owner - C:\windows\system32\pnusbvirtualhubwssrv.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: RoxMediaDB12OEM - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 14412 bytes
- February 27, 2014
- 8 replies
Help! Reasonably fast Laptop really slow from no where

ccfc1987 replied to ccfc1987's topic in Resolved Malware Removal Logs

AdwCleaner Log: # AdwCleaner v3.010 - Report created 31/10/2013 at 11:17:05 # Updated 20/10/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Conor - Conor-PC # Running from : C:\Users\Conor\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\Conor\AppData\Roaming\thinstall ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16720 -\\ Mozilla Firefox v24.0 (en-US) [ File : C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\98llgyia.default-1382598762311\prefs.js ] [ File : C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\aemi6jha.default-1358357058997\prefs.js ] [ File : C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ] ************************* AdwCleaner[R0].txt - [1751 octets] - [31/10/2013 11:17:05] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1811 octets] ########## SecurityCheck Log Results of screen317's Security Check version 0.99.76 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` SpywareBlaster 5.0 Malwarebytes Anti-Malware version 1.75.0.1300 Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.9.900.117 Mozilla Firefox (24.0) ````````Process Check: objlist.exe by Laurent```````` Comodo Firewall cmdagent.exe Comodo Firewall cfp.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast avastui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 8% ````````````````````End of Log``````````````````````
- October 31, 2013
- 14 replies
Help! Reasonably fast Laptop really slow from no where

ccfc1987 replied to ccfc1987's topic in Resolved Malware Removal Logs

Can you please list software that is cracked please so I can remove? I have deleted the KMS Emulator and AutoKMS because I know for a fact that is a crack.
- October 31, 2013
- 14 replies
Help! Reasonably fast Laptop really slow from no where

ccfc1987 replied to ccfc1987's topic in Resolved Malware Removal Logs

MBAM Log: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.10.29.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16721 Conor :: Conor-PC [administrator] 29/10/2013 18:33:02 mbam-log-2013-10-29 (18-33-02).txt Scan type: Full scan (C:\|D:\|E:\|G:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 536934 Time elapsed: 5 hour(s), 7 minute(s), 14 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Users\Conor\AppData\Roaming\Auslogics\Rescue\Boost Speed\130808194733583.rsc (PUP.Optional.OneClickDownloader.A) -> Quarantined and deleted successfully. C:\Users\Conor\AppData\Roaming\Auslogics\Rescue\Boost Speed\131028113319671.rsc (PUP.Optional.OneClickDownloader.A) -> Quarantined and deleted successfully. C:\Users\Conor\AppData\Roaming\Thinstall\MATLAB R2007b\4000003900003i\matlab.exe (Rootkit.Dropper) -> Quarantined and deleted successfully. (end) ESET Log: C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Backup\DSLUpdate\hstart.exe.bak a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Backup\DSLUpdate\hstart.exe.bk1 a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application C:\Users\Conor\AppData\Roaming\Auslogics\Rescue\Boost Speed\130825111737855.rsc a variant of Win32/Bundled.Toolbar.Ask.D application C:\Users\Conor\AppData\Roaming\Auslogics\Rescue\Boost Speed\131018172051034.rsc Win32/InstalleRex.K application C:\Windows\KMSEmulator.exe Win32/HackKMS.A application C:\Windows\AutoKMS\AutoKMS.exe MSIL/HackKMS.A application
- October 31, 2013
- 14 replies
Help! Reasonably fast Laptop really slow from no where

ccfc1987 replied to ccfc1987's topic in Resolved Malware Removal Logs

Hi. The message I got was: 'Windows Resource Protection did not find any integrity violations.'
- October 29, 2013
- 14 replies
Help! Reasonably fast Laptop really slow from no where

ccfc1987 replied to ccfc1987's topic in Resolved Malware Removal Logs

Log Name: Application Source: Microsoft-Windows-Wininit Date: 29/04/2013 20:02:16 Event ID: 1001 Task Category: None Level: Information Keywords: Classic User: N/A Computer: Conor-PC Description: Checking file system on C: The type of the file system is NTFS. Volume label is OS. One of your disks needs to be checked for consistency. You may cancel the disk check, but it is strongly recommended that you continue. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 3)... Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0xe73d1 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0xf76d is already in use. Deleting corrupt attribute record (128, "") from file record segment 63341. Attribute record of type 0x80 and instance tag 0x3 is cross linked starting at 0x1e006f for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x3 in file 0x12078 is already in use. Deleting corrupt attribute record (128, "") from file record segment 73848. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x1547f4 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x1c422 is already in use. Deleting corrupt attribute record (128, "") from file record segment 115746. Attribute record of type 0x80 and instance tag 0x3 is cross linked starting at 0x157849 for possibly 0x3 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x3 in file 0x202ee is already in use. Deleting corrupt attribute record (128, "") from file record segment 131822. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x15759d for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x22e10 is already in use. Deleting corrupt attribute record (128, "") from file record segment 142864. Attribute record of type 0x80 and instance tag 0x3 is cross linked starting at 0x1e0669 for possibly 0x3 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x3 in file 0x23312 is already in use. Deleting corrupt attribute record (128, "") from file record segment 144146. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x25b621 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x26bfa is already in use. Deleting corrupt attribute record (128, "") from file record segment 158714. The attribute of type 0x80 and instance tag 0x0 in file 0x2b847 has allocated length of 0x3a5000 instead of 0x3a3000. Deleted corrupt attribute list entry with type code 128 in file 178247. Unable to locate attribute with instance tag 0x0 and segment reference 0x4400000000f333. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 62259. Unable to locate attribute with instance tag 0x0 and segment reference 0x64000000025322. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 152354. 374016 file records processed. File verification completed. Deleting orphan file record segment 62259. Deleting orphan file record segment 152354. 365 large file records processed. 0 bad file records processed. 0 EA records processed. 58 reparse records processed. CHKDSK is verifying indexes (stage 2 of 3)... The object id index entry in file 0x19 points to file 0x1fe83 but the file has no object id in it. Deleting an index entry from index $O of file 25. The object id index entry in file 0x19 points to file 0x1feab but the file has no object id in it. Deleting an index entry from index $O of file 25. The object id in file 0x1c237 does not appear in the object id index in file 0x19. Inserting an index entry into index $O of file 25. The object id in file 0x1cb2d does not appear in the object id index in file 0x19. Inserting an index entry into index $O of file 25. Unable to locate the file name attribute of index entry ~$Letter.docx of index $I30 with parent 0x1fe in file 0x230b5. Deleting index entry ~$Letter.docx in index $I30 of file 510. Unable to locate the file name attribute of index entry ~$LETT~1.DO~ of index $I30 with parent 0x1fe in file 0x230b5. Deleting index entry ~$LETT~1.DO~ in index $I30 of file 510. Unable to locate the file name attribute of index entry Letter.lnk of index $I30 with parent 0x20d in file 0x22e2d. Deleting index entry Letter.lnk in index $I30 of file 525. 434804 index entries processed. Index verification completed. CHKDSK is scanning unindexed files for reconnect to their original directory. Recovering orphaned file prefs.js (46173) into directory file 61099. Recovering orphaned file TEMPFI~1.TMP (74711) into directory file 147916. Recovering orphaned file Temp File.tmp (74711) into directory file 147916. Recovering orphaned file C96359~1.DMP (115314) into directory file 71778. Recovering orphaned file c9635914-acee-47cf-85f6-fcd391205a94.dmp (115314) into directory file 71778. Recovering orphaned file MOZILL~1.LNK (117549) into directory file 167324. Recovering orphaned file Mozilla Firefox.lnk (117549) into directory file 167324. Recovering orphaned file LOCALS~1.RDF (142864) into directory file 61099. Recovering orphaned file localstore.rdf (142864) into directory file 61099. Recovering orphaned file {7781B~1 (143723) into directory file 3047. Recovering orphaned file {7781bee5-2ad4-43b9-9a37-8e49daefebfa} (143723) into directory file 3047. 12 unindexed files scanned. CHKDSK is recovering remaining unindexed files. 6 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 3)... 374016 file SDs/SIDs processed. Cleaning up 538 unused index entries from index $SII of file 0x9. Cleaning up 538 unused index entries from index $SDH of file 0x9. Cleaning up 538 unused security descriptors. Security descriptor verification completed. Inserting data attribute into file 63341. Inserting data attribute into file 73848. Inserting data attribute into file 115746. Inserting data attribute into file 131822. Inserting data attribute into file 142864. Inserting data attribute into file 144146. Inserting data attribute into file 158714. Inserting data attribute into file 178247. 30403 data files processed. CHKDSK is verifying Usn Journal... 37735448 USN bytes processed. Usn Journal verification completed. Correcting errors in the master file table's (MFT) BITMAP attribute. Correcting errors in the Volume Bitmap. Windows has made corrections to the file system. 472922135 KB total disk space. 62973084 KB in 157518 files. 89872 KB in 30397 indexes. 0 KB in bad sectors. 492611 KB in use by the system. 65536 KB occupied by the log file. 409366568 KB available on disk. 4096 bytes in each allocation unit. 118230533 total allocation units on disk. 102341642 allocation units available on disk. Internal Info: 00 b5 05 00 1c de 02 00 89 3d 05 00 00 00 00 00 .........=...... b5 08 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 ....:........... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Windows has finished checking your disk. Please wait while your computer restarts. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" /> <EventID Qualifiers="16384">1001</EventID> <Version>0</Version> <Level>4</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2013-04-29T19:02:16.000000000Z" /> <EventRecordID>46739</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>Conor-PC</Computer> <Security /> </System> <EventData> <Data> Checking file system on C: The type of the file system is NTFS. Volume label is OS. One of your disks needs to be checked for consistency. You may cancel the disk check, but it is strongly recommended that you continue. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 3)... Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0xe73d1 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0xf76d is already in use. Deleting corrupt attribute record (128, "") from file record segment 63341. Attribute record of type 0x80 and instance tag 0x3 is cross linked starting at 0x1e006f for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x3 in file 0x12078 is already in use. Deleting corrupt attribute record (128, "") from file record segment 73848. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x1547f4 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x1c422 is already in use. Deleting corrupt attribute record (128, "") from file record segment 115746. Attribute record of type 0x80 and instance tag 0x3 is cross linked starting at 0x157849 for possibly 0x3 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x3 in file 0x202ee is already in use. Deleting corrupt attribute record (128, "") from file record segment 131822. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x15759d for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x22e10 is already in use. Deleting corrupt attribute record (128, "") from file record segment 142864. Attribute record of type 0x80 and instance tag 0x3 is cross linked starting at 0x1e0669 for possibly 0x3 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x3 in file 0x23312 is already in use. Deleting corrupt attribute record (128, "") from file record segment 144146. Attribute record of type 0x80 and instance tag 0x4 is cross linked starting at 0x25b621 for possibly 0x1 clusters. Some clusters occupied by attribute of type 0x80 and instance tag 0x4 in file 0x26bfa is already in use. Deleting corrupt attribute record (128, "") from file record segment 158714. The attribute of type 0x80 and instance tag 0x0 in file 0x2b847 has allocated length of 0x3a5000 instead of 0x3a3000. Deleted corrupt attribute list entry with type code 128 in file 178247. Unable to locate attribute with instance tag 0x0 and segment reference 0x4400000000f333. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 62259. Unable to locate attribute with instance tag 0x0 and segment reference 0x64000000025322. The expected attribute type is 0x80. Deleting corrupt attribute record (128, "") from file record segment 152354. 374016 file records processed. File verification completed. Deleting orphan file record segment 62259. Deleting orphan file record segment 152354. 365 large file records processed. 0 bad file records processed. 0 EA records processed. 58 reparse records processed. CHKDSK is verifying indexes (stage 2 of 3)... The object id index entry in file 0x19 points to file 0x1fe83 but the file has no object id in it. Deleting an index entry from index $O of file 25. The object id index entry in file 0x19 points to file 0x1feab but the file has no object id in it. Deleting an index entry from index $O of file 25. The object id in file 0x1c237 does not appear in the object id index in file 0x19. Inserting an index entry into index $O of file 25. The object id in file 0x1cb2d does not appear in the object id index in file 0x19. Inserting an index entry into index $O of file 25. Unable to locate the file name attribute of index entry ~$Letter.docx of index $I30 with parent 0x1fe in file 0x230b5. Deleting index entry ~$Letter.docx in index $I30 of file 510. Unable to locate the file name attribute of index entry ~$LETT~1.DO~ of index $I30 with parent 0x1fe in file 0x230b5. Deleting index entry ~$LETT~1.DO~ in index $I30 of file 510. Unable to locate the file name attribute of index entry Letter.lnk of index $I30 with parent 0x20d in file 0x22e2d. Deleting index entry Letter.lnk in index $I30 of file 525. 434804 index entries processed. Index verification completed. CHKDSK is scanning unindexed files for reconnect to their original directory. Recovering orphaned file prefs.js (46173) into directory file 61099. Recovering orphaned file TEMPFI~1.TMP (74711) into directory file 147916. Recovering orphaned file Temp File.tmp (74711) into directory file 147916. Recovering orphaned file C96359~1.DMP (115314) into directory file 71778. Recovering orphaned file c9635914-acee-47cf-85f6-fcd391205a94.dmp (115314) into directory file 71778. Recovering orphaned file MOZILL~1.LNK (117549) into directory file 167324. Recovering orphaned file Mozilla Firefox.lnk (117549) into directory file 167324. Recovering orphaned file LOCALS~1.RDF (142864) into directory file 61099. Recovering orphaned file localstore.rdf (142864) into directory file 61099. Recovering orphaned file {7781B~1 (143723) into directory file 3047. Recovering orphaned file {7781bee5-2ad4-43b9-9a37-8e49daefebfa} (143723) into directory file 3047. 12 unindexed files scanned. CHKDSK is recovering remaining unindexed files. 6 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 3)... 374016 file SDs/SIDs processed. Cleaning up 538 unused index entries from index $SII of file 0x9. Cleaning up 538 unused index entries from index $SDH of file 0x9. Cleaning up 538 unused security descriptors. Security descriptor verification completed. Inserting data attribute into file 63341. Inserting data attribute into file 73848. Inserting data attribute into file 115746. Inserting data attribute into file 131822. Inserting data attribute into file 142864. Inserting data attribute into file 144146. Inserting data attribute into file 158714. Inserting data attribute into file 178247. 30403 data files processed. CHKDSK is verifying Usn Journal... 37735448 USN bytes processed. Usn Journal verification completed. Correcting errors in the master file table's (MFT) BITMAP attribute. Correcting errors in the Volume Bitmap. Windows has made corrections to the file system. 472922135 KB total disk space. 62973084 KB in 157518 files. 89872 KB in 30397 indexes. 0 KB in bad sectors. 492611 KB in use by the system. 65536 KB occupied by the log file. 409366568 KB available on disk. 4096 bytes in each allocation unit. 118230533 total allocation units on disk. 102341642 allocation units available on disk. Internal Info: 00 b5 05 00 1c de 02 00 89 3d 05 00 00 00 00 00 .........=...... b5 08 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 ....:........... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Windows has finished checking your disk. Please wait while your computer restarts. </Data> </EventData> </Event>
- October 29, 2013
- 14 replies
Help! Reasonably fast Laptop really slow from no where

ccfc1987 replied to ccfc1987's topic in Resolved Malware Removal Logs

Hi thanks for the response Please find log attached. ark.txt.txt
- October 28, 2013
- 14 replies
Help! Reasonably fast Laptop really slow from no where

ccfc1987 posted a topic in Resolved Malware Removal Logs

Hi, As the titlle says my laptop has gone from consistant to very slow in the space of a day. I have ran MBAM and it detected no viruses. All firwaals (Comodo) and AntiVirus (Avast) are constantly updated. Please help me, would really appreciate it! Hope the logs attached help too. Thank you in advance attach.txt dds.txt
- October 28, 2013
- 14 replies
Extremely slow computer out of nowhere :(

ccfc1987 replied to ccfc1987's topic in Resolved Malware Removal Logs

Brilliant! Thank you so much for your time Have installed WinPatrol as well Thanks again!
- May 6, 2013
- 20 replies
Extremely slow computer out of nowhere :(

ccfc1987 replied to ccfc1987's topic in Resolved Malware Removal Logs

Wow, that took a while! C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnIC.dll a variant of Win32/Bundled.Toolbar.Ask application C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask application C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Backup\DSLUpdate\hstart.exe.bak a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Backup\DSLUpdate\hstart.exe.bk1 a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application C:\Users\Conor\AppData\Local\Temp\is-RMSK9.tmp\OCSetupHlp.dll Win32/OpenCandy application C:\Users\Conor\Downloads\InstallTheWebBlockerzip\TheWebBlocker.exe a variant of Win32/Somoto.A application C:\Windows\KMSEmulator.exe a variant of Win32/HackKMS.A application C:\Windows\AutoKMS\AutoKMS.exe a variant of Win32/HackKMS.B application
- May 4, 2013
- 20 replies
Extremely slow computer out of nowhere :(

ccfc1987 replied to ccfc1987's topic in Resolved Malware Removal Logs

Looking much better to me Do you feel it is all clean now? MBAB Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.03.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Conor :: CONOR-PC [administrator] 03/05/2013 15:00:33 mbam-log-2013-05-03 (15-00-33).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 223235 Time elapsed: 9 minute(s), 13 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) HJT Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:14:46, on 03/05/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16476) Boot mode: Normal Running processes: C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\TRENDnet\MFP Server\Control Center.exe C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\windows\SysWOW64\RunDll32.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe C:\Users\Conor\Desktop\HijackThis.exe C:\windows\SysWOW64\DllHost.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [Control Center] C:\Program Files (x86)\TRENDnet\MFP Server\Control Center.exe -mini O4 - HKLM\..\Run: [gbrspcontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Start GeekBuddy.lnk = C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Conor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CCS\Services\Tcpip\..\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}: NameServer = 208.67.222.123,208.67.220.123 O17 - HKLM\System\CS1\Services\Tcpip\..\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CS2\Services\Tcpip\..\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 8.26.56.26,156.154.70.22 O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: COMODO LPS Launcher (CLPSLauncher) - Comodo Security Solutions Inc. - C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: GeekBuddyRSP Service (GeekBuddyRSP) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: RoxMediaDB12OEM - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11916 bytes
- May 3, 2013
- 20 replies
Extremely slow computer out of nowhere :(

ccfc1987 replied to ccfc1987's topic in Resolved Malware Removal Logs

Seems to be OK I've attached fresh logs for you below anyway just in case you find anything else attach.txt dds.txt hijackthis.log
- May 3, 2013
- 20 replies
Extremely slow computer out of nowhere :(

ccfc1987 replied to ccfc1987's topic in Resolved Malware Removal Logs

I tried that but still not helping Keeps 'Not esponding' then I have to end the process... Anything else we can try? Thanks your your help so far!
- May 2, 2013
- 20 replies

Sign In

ccfc1987

Posts

Joined

Last visited

Reputation

Help! What has happened to my system? I cant even run DDS!

Help! What has happened to my system? I cant even run DDS!

Help! What has happened to my system? I cant even run DDS!

Help! Reasonably fast Laptop really slow from no where

Help! Reasonably fast Laptop really slow from no where

Help! Reasonably fast Laptop really slow from no where

Help! Reasonably fast Laptop really slow from no where

Help! Reasonably fast Laptop really slow from no where

Help! Reasonably fast Laptop really slow from no where

Help! Reasonably fast Laptop really slow from no where

Extremely slow computer out of nowhere :(

Extremely slow computer out of nowhere :(

Extremely slow computer out of nowhere :(

Extremely slow computer out of nowhere :(

Extremely slow computer out of nowhere :(

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information