ccfc1987
-
Posts
61 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by ccfc1987
-
-
Hey Gringo, thank you for the reply!
As a heads up I have had no choice bu to download and run the programs in Safe Mode with Netowrking.
Below are the two logs you require:
FRST:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-02-2014 02
Ran by Conor (administrator) on Conor-PC on 27-02-2014 16:04:19
Running from C:\Users\Conor\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Quest Software) C:\windows\SysWOW64\pnssosvr.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [stage Remote] - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-28] ()
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [9577680 2012-11-07] (COMODO)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [tvncontrol] - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-01-20] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-30] (AVAST Software)
HKLM-x32\...\Run: [pnusbclitray] - pnusbclitray.exe
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [EKStatusMonitor] - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [Conime] - %windir%\system32\conime.exe
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-3498985405-2854093996-1078918590-1002\...\Run: [FileHippo.com] - C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA6A93B21087ECD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 10.192.192.1
Tcpip\..\Interfaces\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: [NameServer]208.67.222.123,208.67.220.123,10.192.192.1
Tcpip\..\Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}: [NameServer]208.67.222.123,208.67.220.123
Tcpip\..\Interfaces\{BA778979-A30E-4822-B18E-7E8FE2E428FD}: [NameServer]198.153.192.60,198.153.194.60
FireFox:
========
FF ProfilePath: C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\ue1pm6q0.default-1392630538753
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @acestream.net/acestreamplugin,version=2.1.5.3 - C:\Users\Conor\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Conor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-05-03]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-09-24]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-09-24]
==================== Services (Whitelisted) =================
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-08-06] (Advanced Micro Devices, Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-30] (AVAST Software)
S2 Cadence License Manager; C:\Cadence\LicenseManager\lmgrd.exe [1814352 2011-08-30] (Flexera Software, Inc.)
S2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2014-01-20] (Comodo Security Solutions, Inc.)
S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2828408 2012-11-07] (COMODO)
S2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-01-20] (Comodo Security Solutions, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
S2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2012-11-22] ()
S2 pnusbvirtualhubwssrv; C:\windows\system32\pnusbvirtualhubwssrv.exe [473600 2013-10-29] (Quest Software)
S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2014-01-22] (Trusteer Ltd.)
S2 BingDesktopUpdate; "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe" [X]
S2 lmgrd; "C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe" [X]
==================== Drivers (Whitelisted) ====================
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
S2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [78648 2014-01-30] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-10-22] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-22] ()
S1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1038072 2014-01-30] (AVAST Software)
S1 aswSP; C:\windows\system32\drivers\aswSP.sys [421704 2014-01-30] (AVAST Software)
S3 aswStm; C:\windows\system32\drivers\aswStm.sys [80184 2014-01-30] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-30] ()
S1 CFRMD; C:\Windows\SysWOW64\DRIVERS\CFRMD.sys [37976 2012-09-03] (Windows ® Win 7 DDK provider)
S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [584056 2012-11-07] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [38144 2012-11-07] (COMODO)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [94288 2012-11-07] (COMODO)
S2 pnpnptool; C:\windows\system32\Drivers\pnpnptool.sys [51736 2013-10-29] (Quest Software)
S3 pnusbd; C:\windows\system32\Drivers\pnusbd.sys [37272 2013-10-29] (Quest Software)
S1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-10-25] ()
S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [282712 2014-01-22] (Trusteer Ltd.)
S3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [233336 2014-01-31] (Trusteer Ltd.)
S0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [316312 2014-01-22] (Trusteer Ltd.)
S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [397848 2014-01-22] (Trusteer Ltd.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 KUSBusByTCPMasterBus; System32\Drivers\KUSBusByTCPMasterBus.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-27 15:51 - 2014-02-27 15:51 - 00000000 __SHD () C:\found.005
2014-02-27 15:34 - 2014-02-27 16:04 - 00015903 _____ () C:\Users\Conor\Desktop\FRST.txt
2014-02-27 15:34 - 2014-02-27 15:34 - 00000000 ____D () C:\FRST
2014-02-27 15:24 - 2014-02-27 15:24 - 02155520 _____ (Farbar) C:\Users\Conor\Desktop\FRST64.exe
2014-02-27 14:08 - 2014-02-27 14:08 - 00014414 _____ () C:\Users\Conor\Desktop\hijackthis.log
2014-02-27 14:07 - 2014-02-27 14:08 - 00000000 ____D () C:\Users\Conor\Desktop\Computer Repair
2014-02-27 13:53 - 2014-02-27 13:53 - 00028833 _____ () C:\ComboFix.txt
2014-02-27 13:22 - 2014-02-27 13:22 - 00000000 ____D () C:\found.004
2014-02-27 08:30 - 2014-02-27 15:31 - 00000840 _____ () C:\windows\setupact.log
2014-02-27 08:30 - 2014-02-27 08:30 - 00000000 _____ () C:\windows\setuperr.log
2014-02-27 08:29 - 2014-02-27 13:54 - 00005352 _____ () C:\windows\PFRO.log
2014-02-26 13:07 - 2014-02-26 13:07 - 00013344 ____N () C:\bootsqm.dat
2014-02-26 13:00 - 2014-02-26 13:00 - 00000000 ____D () C:\found.003
2014-02-26 08:21 - 2014-02-27 12:54 - 00000000 ____D () C:\7fcdf01e3cb87b5371c943805f224414
2014-02-25 20:02 - 2014-02-25 20:01 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-02-25 20:01 - 2014-02-25 20:01 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-02-25 20:01 - 2014-02-25 20:01 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-02-25 20:01 - 2014-02-25 20:01 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-25 20:01 - 2014-02-25 20:01 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-23 11:29 - 2014-02-27 12:53 - 00000000 ____D () C:\Users\Conor\Downloads\Billy Elliot 2000 1080p BDRip x264 AC3-KINGDOM
2014-02-23 11:24 - 2014-02-27 12:53 - 00000000 ____D () C:\Users\Conor\Downloads\Little.Fockers.DVDRip.XviD-DEFACED
2014-02-20 11:03 - 2014-02-23 11:29 - 00000000 ____D () C:\Users\Conor\Downloads\Gavin and Stacey (Complete Collection)
2014-02-15 23:46 - 2014-02-15 23:46 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-15 12:40 - 2014-02-27 12:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 03:54 - 2014-02-14 03:54 - 00462208 _____ () C:\windows\system32\FNTCACHE.DAT
2014-02-14 03:04 - 2013-12-21 09:53 - 00548864 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-02-14 03:04 - 2013-12-21 08:56 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-02-14 03:03 - 2014-02-06 11:30 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-14 03:03 - 2014-02-06 11:30 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-14 03:03 - 2014-02-06 11:07 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-14 03:03 - 2014-02-06 11:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-14 03:03 - 2014-02-06 10:57 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-14 03:03 - 2014-02-06 10:56 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-14 03:03 - 2014-02-06 10:52 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-14 03:03 - 2014-02-06 10:49 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-14 03:03 - 2014-02-06 10:32 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-14 03:03 - 2014-02-06 10:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-14 03:03 - 2014-02-06 10:17 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-14 03:03 - 2014-02-06 10:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-14 03:03 - 2014-02-06 10:00 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-14 03:03 - 2014-02-06 09:57 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-14 03:03 - 2014-02-06 09:52 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-14 03:03 - 2014-02-06 09:52 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-14 03:03 - 2014-02-06 09:49 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-14 03:03 - 2014-02-06 09:47 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-14 03:03 - 2014-02-06 09:25 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-14 03:03 - 2014-02-06 09:13 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-14 03:02 - 2014-02-06 12:16 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-14 03:02 - 2014-02-06 11:12 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-14 03:02 - 2014-02-06 10:48 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-14 03:02 - 2014-02-06 10:48 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-14 03:02 - 2014-02-06 10:38 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-14 03:02 - 2014-02-06 10:11 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-14 03:02 - 2014-02-06 09:57 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-14 03:02 - 2014-02-06 09:50 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-14 03:02 - 2014-02-06 09:46 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-14 03:02 - 2014-02-06 09:25 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-14 03:02 - 2014-02-06 09:24 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-14 03:02 - 2014-02-06 09:22 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-14 03:02 - 2014-02-06 09:09 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-14 03:02 - 2014-02-06 09:03 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-14 03:02 - 2014-02-06 08:55 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-14 03:02 - 2014-02-06 08:41 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-14 03:02 - 2014-02-06 08:40 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-14 03:02 - 2014-02-06 08:36 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-14 03:02 - 2014-02-06 08:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-13 09:41 - 2014-02-27 12:53 - 00000000 ____D () C:\Users\Conor\Downloads\Love Actually (2003)
2014-02-13 09:40 - 2014-02-16 22:14 - 00000000 ____D () C:\Users\Conor\Downloads\The Holiday (2006)
2014-02-13 09:27 - 2014-02-27 12:53 - 00000000 ____D () C:\Users\Conor\Downloads\Notting Hill (1999)
2014-02-13 09:27 - 2014-02-14 20:40 - 00000000 ____D () C:\Users\Conor\Downloads\What Women Want (2000)
2014-02-12 21:54 - 2013-12-31 23:05 - 00420008 _____ () C:\windows\SysWOW64\locale.nls
2014-02-12 21:54 - 2013-12-31 23:04 - 00420008 _____ () C:\windows\system32\locale.nls
2014-02-12 21:53 - 2013-12-24 23:09 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-02-12 21:53 - 2013-12-24 22:48 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-02-12 21:53 - 2013-12-06 02:30 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-02-12 21:53 - 2013-12-06 02:30 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-02-12 21:53 - 2013-12-06 02:02 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-02-12 21:53 - 2013-12-06 02:02 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-02-12 21:53 - 2013-12-04 02:27 - 00488448 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2014-02-12 21:53 - 2013-12-04 02:27 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2014-02-12 21:53 - 2013-12-04 02:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2014-02-12 21:53 - 2013-12-04 02:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2014-02-12 21:53 - 2013-12-04 02:26 - 00528384 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-02-12 21:53 - 2013-12-04 02:16 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2014-02-12 21:53 - 2013-12-04 02:16 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2014-02-12 21:53 - 2013-12-04 02:16 - 00553984 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2014-02-12 21:53 - 2013-12-04 02:16 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2014-02-12 21:53 - 2013-12-04 02:03 - 00428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc.dll
2014-02-12 21:53 - 2013-12-04 02:03 - 00423936 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_isv.dll
2014-02-12 21:53 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 21:53 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp.dll
2014-02-12 21:53 - 2013-12-04 02:02 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2014-02-12 21:53 - 2013-12-04 01:54 - 00594944 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_isv.exe
2014-02-12 21:53 - 2013-12-04 01:54 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate.exe
2014-02-12 21:53 - 2013-12-04 01:54 - 00510976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 21:53 - 2013-12-04 01:54 - 00508928 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 21:53 - 2013-11-26 08:16 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-02-12 21:53 - 2013-11-22 22:48 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-02-12 13:56 - 2014-02-12 13:56 - 00126520 _____ () C:\Users\Conor\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-03 16:13 - 2014-02-03 16:16 - 00000000 ____D () C:\Users\Conor\Downloads\Cloudy with a Chance of Meatballs 2 (2013)
2014-02-02 22:44 - 2014-02-02 22:44 - 00000000 ____D () C:\Users\Conor\Downloads\Cloudy with a Chance of Meatballs (2009)
2014-01-30 13:36 - 2014-02-27 13:31 - 00002214 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-30 13:36 - 2014-01-30 13:35 - 00080184 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-01-30 13:34 - 2014-01-30 13:34 - 00000873 _____ () C:\Users\Public\Desktop\VLC media player.lnk
==================== One Month Modified Files and Folders =======
2014-02-27 16:04 - 2014-02-27 15:34 - 00015903 _____ () C:\Users\Conor\Desktop\FRST.txt
2014-02-27 16:02 - 2009-07-14 05:13 - 00786622 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-27 15:51 - 2014-02-27 15:51 - 00000000 __SHD () C:\found.005
2014-02-27 15:34 - 2014-02-27 15:34 - 00000000 ____D () C:\FRST
2014-02-27 15:34 - 2012-08-01 14:44 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-02-27 15:34 - 2011-11-27 21:23 - 01621939 _____ () C:\windows\WindowsUpdate.log
2014-02-27 15:32 - 2013-11-19 14:25 - 00000892 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-27 15:32 - 2013-10-16 06:59 - 00000000 ____D () C:\ProgramData\Kodak
2014-02-27 15:32 - 2011-11-27 23:18 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-02-27 15:32 - 2011-11-27 23:18 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-02-27 15:32 - 2011-11-27 23:07 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-02-27 15:31 - 2014-02-27 08:30 - 00000840 _____ () C:\windows\setupact.log
2014-02-27 15:31 - 2009-07-14 05:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-27 15:24 - 2014-02-27 15:24 - 02155520 _____ (Farbar) C:\Users\Conor\Desktop\FRST64.exe
2014-02-27 15:14 - 2009-07-14 04:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-27 15:14 - 2009-07-14 04:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-27 15:12 - 2012-08-19 21:03 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-02-27 14:08 - 2014-02-27 14:08 - 00014414 _____ () C:\Users\Conor\Desktop\hijackthis.log
2014-02-27 14:08 - 2014-02-27 14:07 - 00000000 ____D () C:\Users\Conor\Desktop\Computer Repair
2014-02-27 13:59 - 2013-11-19 14:25 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-27 13:54 - 2014-02-27 08:29 - 00005352 _____ () C:\windows\PFRO.log
2014-02-27 13:53 - 2014-02-27 13:53 - 00028833 _____ () C:\ComboFix.txt
2014-02-27 13:53 - 2013-06-01 10:34 - 00000000 ____D () C:\Qoobox
2014-02-27 13:48 - 2009-07-14 02:34 - 00000215 _____ () C:\windows\system.ini
2014-02-27 13:31 - 2014-01-30 13:36 - 00002214 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-27 13:22 - 2014-02-27 13:22 - 00000000 ____D () C:\found.004
2014-02-27 12:54 - 2014-02-26 08:21 - 00000000 ____D () C:\7fcdf01e3cb87b5371c943805f224414
2014-02-27 12:54 - 2014-02-15 12:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-27 12:54 - 2013-12-12 23:46 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-02-27 12:54 - 2013-06-01 16:15 - 00000000 ____D () C:\Program Files\My Dell
2014-02-27 12:53 - 2014-02-23 11:29 - 00000000 ____D () C:\Users\Conor\Downloads\Billy Elliot 2000 1080p BDRip x264 AC3-KINGDOM
2014-02-27 12:53 - 2014-02-23 11:24 - 00000000 ____D () C:\Users\Conor\Downloads\Little.Fockers.DVDRip.XviD-DEFACED
2014-02-27 12:53 - 2014-02-13 09:41 - 00000000 ____D () C:\Users\Conor\Downloads\Love Actually (2003)
2014-02-27 12:53 - 2014-02-13 09:27 - 00000000 ____D () C:\Users\Conor\Downloads\Notting Hill (1999)
2014-02-27 12:53 - 2014-01-15 18:07 - 00000000 ____D () C:\Users\Conor\Downloads\National Lampoons Vacation (1983)
2014-02-27 12:53 - 2014-01-04 21:16 - 00000000 ____D () C:\Users\Conor\Downloads\The Damned United
2014-02-27 12:53 - 2014-01-04 13:57 - 00000000 ____D () C:\Users\Conor\Downloads\An Idiot Abroad
2014-02-27 12:53 - 2013-11-16 13:09 - 00000000 ____D () C:\Users\Conor\Downloads\Max and Paddys' Road to Nowhere (Complete Collection)
2014-02-27 12:53 - 2013-06-24 12:04 - 00000000 ____D () C:\Users\Conor\AppData\Roaming\BitTorrent
2014-02-27 12:53 - 2013-05-18 10:25 - 00000000 ____D () C:\Users\Conor\Desktop\Virus Scans (Run Weekly!)
2014-02-27 12:53 - 2013-05-05 08:38 - 00000000 ____D () C:\Users\Conor\AppData\Roaming\vlc
2014-02-27 12:53 - 2012-08-19 21:03 - 00000000 ____D () C:\windows\system32\Macromed
2014-02-27 12:53 - 2012-08-13 20:28 - 00000000 ____D () C:\windows\erdnt
2014-02-27 12:53 - 2012-03-11 14:20 - 00000000 ____D () C:\Users\Conor
2014-02-27 12:53 - 2011-11-27 23:13 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-02-27 12:53 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\rescache
2014-02-27 12:53 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\registration
2014-02-27 12:53 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\AppCompat
2014-02-27 08:34 - 2011-11-27 22:39 - 00000000 ____D () C:\ProgramData\Sonic
2014-02-27 08:30 - 2014-02-27 08:30 - 00000000 _____ () C:\windows\setuperr.log
2014-02-27 08:28 - 2013-08-25 10:01 - 00000000 ____D () C:\AdwCleaner
2014-02-26 13:07 - 2014-02-26 13:07 - 00013344 ____N () C:\bootsqm.dat
2014-02-26 13:00 - 2014-02-26 13:00 - 00000000 ____D () C:\found.003
2014-02-26 12:30 - 2009-07-14 05:08 - 00032608 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-02-26 11:29 - 2011-11-27 21:44 - 00770932 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-02-25 20:19 - 2013-10-22 12:46 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-25 20:01 - 2014-02-25 20:02 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-02-25 20:01 - 2014-02-25 20:01 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-02-25 20:01 - 2014-02-25 20:01 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-02-25 20:01 - 2014-02-25 20:01 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-25 20:01 - 2014-02-25 20:01 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-23 18:23 - 2013-06-01 17:59 - 00003440 _____ () C:\windows\System32\Tasks\PCDEventLauncherTask
2014-02-23 11:29 - 2014-02-20 11:03 - 00000000 ____D () C:\Users\Conor\Downloads\Gavin and Stacey (Complete Collection)
2014-02-23 11:29 - 2014-01-09 21:31 - 00000000 ____D () C:\Users\Conor\Downloads\Cast Away (2000)
2014-02-23 11:22 - 2013-12-18 22:43 - 00000000 ____D () C:\Users\Conor\Downloads\Anchorman The Legend Of Ron Burgundy (2004)
2014-02-21 22:00 - 2012-03-22 16:50 - 00000000 ____D () C:\ProgramData\PCDr
2014-02-21 19:37 - 2012-03-11 14:25 - 00000000 ____D () C:\Users\Conor\Desktop\BEng Electronic Engineering
2014-02-21 10:23 - 2012-08-19 21:03 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 10:22 - 2012-08-19 21:03 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 10:22 - 2012-08-19 21:03 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 09:08 - 2012-08-14 18:32 - 00000000 ____D () C:\windows\Minidump
2014-02-19 17:15 - 2013-10-21 16:10 - 00000236 _____ () C:\Users\Conor\quartus2.ini
2014-02-19 16:19 - 2013-11-08 13:12 - 00036352 ___SH () C:\Users\Conor\Thumbs.db
2014-02-17 00:08 - 2013-05-03 12:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-16 23:38 - 2013-08-14 21:07 - 00000000 ____D () C:\windows\system32\MRT
2014-02-16 23:32 - 2012-08-01 22:05 - 88567024 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-02-16 22:14 - 2014-02-13 09:40 - 00000000 ____D () C:\Users\Conor\Downloads\The Holiday (2006)
2014-02-15 23:46 - 2014-02-15 23:46 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-14 20:40 - 2014-02-13 09:27 - 00000000 ____D () C:\Users\Conor\Downloads\What Women Want (2000)
2014-02-14 03:54 - 2014-02-14 03:54 - 00462208 _____ () C:\windows\system32\FNTCACHE.DAT
2014-02-12 21:15 - 2013-09-28 10:58 - 00000000 ____D () C:\_acestream_cache_
2014-02-12 21:15 - 2013-09-14 16:39 - 00000000 ____D () C:\Users\Conor\AppData\Roaming\.ACEStream
2014-02-12 13:56 - 2014-02-12 13:56 - 00126520 _____ () C:\Users\Conor\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-07 09:54 - 2013-11-19 14:25 - 00003892 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-07 09:54 - 2013-11-19 14:25 - 00003640 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-06 12:16 - 2014-02-14 03:02 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-06 11:30 - 2014-02-14 03:03 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-06 11:30 - 2014-02-14 03:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-06 11:12 - 2014-02-14 03:02 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-06 11:07 - 2014-02-14 03:03 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-06 11:06 - 2014-02-14 03:03 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-14 03:03 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-06 10:56 - 2014-02-14 03:03 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-06 10:52 - 2014-02-14 03:03 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-06 10:49 - 2014-02-14 03:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-06 10:48 - 2014-02-14 03:02 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-06 10:48 - 2014-02-14 03:02 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-06 10:38 - 2014-02-14 03:02 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-06 10:32 - 2014-02-14 03:03 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-06 10:20 - 2014-02-14 03:03 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-06 10:17 - 2014-02-14 03:03 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-06 10:11 - 2014-02-14 03:02 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-06 10:01 - 2014-02-14 03:03 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-06 10:00 - 2014-02-14 03:03 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-06 09:57 - 2014-02-14 03:03 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-06 09:57 - 2014-02-14 03:02 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-06 09:52 - 2014-02-14 03:03 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-06 09:52 - 2014-02-14 03:03 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-06 09:50 - 2014-02-14 03:02 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-06 09:49 - 2014-02-14 03:03 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-06 09:47 - 2014-02-14 03:03 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-06 09:46 - 2014-02-14 03:02 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-06 09:25 - 2014-02-14 03:03 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-06 09:25 - 2014-02-14 03:02 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-06 09:24 - 2014-02-14 03:02 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-06 09:22 - 2014-02-14 03:02 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-06 09:13 - 2014-02-14 03:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-06 09:09 - 2014-02-14 03:02 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-06 09:03 - 2014-02-14 03:02 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-06 08:55 - 2014-02-14 03:02 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-06 08:41 - 2014-02-14 03:02 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-06 08:40 - 2014-02-14 03:02 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-06 08:36 - 2014-02-14 03:02 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-06 08:34 - 2014-02-14 03:02 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-03 16:16 - 2014-02-03 16:13 - 00000000 ____D () C:\Users\Conor\Downloads\Cloudy with a Chance of Meatballs 2 (2013)
2014-02-02 22:44 - 2014-02-02 22:44 - 00000000 ____D () C:\Users\Conor\Downloads\Cloudy with a Chance of Meatballs (2009)
2014-01-30 13:35 - 2014-01-30 13:36 - 00080184 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-01-30 13:35 - 2013-04-20 10:23 - 00207904 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-01-30 13:35 - 2012-05-03 13:07 - 01038072 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-01-30 13:35 - 2012-05-03 13:07 - 00421704 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-01-30 13:35 - 2012-05-03 13:07 - 00334136 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-01-30 13:35 - 2012-05-03 13:07 - 00078648 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-01-30 13:35 - 2012-05-03 13:06 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-01-30 13:34 - 2014-01-30 13:34 - 00000873 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-01-30 13:32 - 2013-04-20 10:14 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-01-30 13:32 - 2012-08-09 22:20 - 00000000 ____D () C:\Program Files\CCleaner
Files to move or delete:
====================
C:\Users\Conor\aio_install.exe
Some content of TEMP:
====================
C:\Users\Conor\AppData\Local\Temp\bk2xdl0e.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-19 18:02
==================== End Of Log ============================Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2014 02
Ran by Conor at 2014-02-27 16:05:53
Running from C:\Users\Conor\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Defense+ (Disabled - Up to date) {FEEA52D5-051E-08DD-07EF-2F009097607D}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: COMODO Firewall (Enabled) {7DB03214-694B-060B-1600-BD4715C36DBB}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
Ace Stream Media 2.1.5.3 (HKCU\...\AceStream) (Version: 2.1.5.3 - Ace Stream Media)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Fuel (Version: 2011.0806.105.31 - AMD) Hidden
AMD Media Foundation Decoders (Version: 1.0.60805.2350 - ATI Technologies Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0806.105.31 - ATI) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.10806 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{8F56EA58-DCEE-8262-12AC-5C7ED4B3FE01}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version: - Audacity Team)
Auslogics BoostSpeed (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 5.3 - Auslogics Software Pty Ltd)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2013 - Avast Software)
Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
Battlefield 2 (HKLM-x32\...\{A8DBF55D-73C0-4E37-A10E-365BFBB14119}) (Version: 1.5.0.0 - Electronic Arts)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BitTorrent (HKCU\...\BitTorrent) (Version: 7.8.2.30182 - BitTorrent Inc.)
BlackBerry Desktop Software 7.0 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.0.0.59 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.0 (x32 Version: 7.0.0.59 - Research In Motion Ltd.) Hidden
BlackBerry Device Software Updater (HKLM-x32\...\{38676C9C-270F-43D1-926A-E45DE8820A6B}) (Version: 7.1.0.34 - Research In Motion Ltd)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
C4200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
c4200_Help (x32 Version: 82.0.210.000 - Hewlett-Packard) Hidden
Cadence License Manager 12.01 (HKLM-x32\...\{2A83C3BE-15D0-4AFD-8F23-FD7B6E5BBD97}) (Version: 12.01.0000 - Cadence Design Systems)
Cadence SPB/OrCAD 16.6 (HKCU\...\{4CA5F148-A11D-4D37-A2D3-CCFC671F113C}) (Version: 16.60.000 - Cadence Design Systems, Inc.)
CADopia IntelliCAD 4 (x32 Version: 4.00.0000 - CADopia) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0806.105.31 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0806.105.31 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0806.105.31 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0806.105.31 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0806.0104.31 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0806.0104.31 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0806.0104.31 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0806.0104.31 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0806.0104.31 - ATI) Hidden
CCC Help English (x32 Version: 2011.0806.0104.31 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0806.0104.31 - ATI) Hidden
CCC Help French (x32 Version: 2011.0806.0104.31 - ATI) Hidden
CCC Help German (x32 Version: 2011.0806.0104.31 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0806.0104.31 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0806.0104.31 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0806.0104.31 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0806.0104.31 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0806.0104.31 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0806.0104.31 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0806.0104.31 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0806.0104.31 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0806.0104.31 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0806.0104.31 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0806.0104.31 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0806.0104.31 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0806.0104.31 - ATI) Hidden
ccc-utility64 (Version: 2011.0806.105.31 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
center (x32 Version: 7.7.2.0 - Eastman Kodak Company) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
COMODO Internet Security (HKLM\...\{E62381A7-B1C1-4121-8262-84D38C77786C}) (Version: 5.12.55693.2551 - COMODO Security Solutions Inc.)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
CopyTrans Suite Remove Only (HKCU\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
Crystal Reports 2008 Runtime (HKLM-x32\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.0.0.683 - Business Objects)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version: - Microsoft)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1207.101.225 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.100.82.88 - Dell Inc.)
Escape Whisper Valley (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
essentials (x32 Version: 7.7.2.0 - Eastman Kodak Company) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
FIFA 14 Demo (HKLM-x32\...\{7A6577E7-F341-430F-9173-91E14E2DE270}) (Version: 1.0.0.0 - Electronic Arts)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.2.413 - Foxit Corporation)
GeekBuddy (HKLM-x32\...\{3BD70150-9D30-488F-8CA7-CE99EF8324CC}) (Version: 4.10.86 - Comodo Security Solutions Inc)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
GTAIII (HKLM-x32\...\{92B94569-6683-4617-8C54-EB27A1B51B30}) (Version: - )
High-Definition Video Playback (x32 Version: 11.1.11100.4.196 - Nero AG) Hidden
HI-TECH C Compiler for the PIC10/12/16 MCUs V9.83PL0 (HKLM-x32\...\PICC 9.83) (Version: 9.83 - HI-TECH Software)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1 (HKLM\...\{14BC5667-22B0-4DC4-8205-597053BBDDC9}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java 6 Update 27 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416027FF}) (Version: 6.0.270 - Oracle)
Jewel Quest (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.7.6.0 - Eastman Kodak Company)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Luxor (x32 Version: 2.2.0.95 - WildTangent) Hidden
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
MATLAB R2011b (HKLM\...\Matlab R2011b) (Version: 7.13 - The MathWorks, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Media Player Codec Pack 4.2.9 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.2.9 - Media Player Codec Pack)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.13000.0.11 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20000.9.12 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Origin (HKLM-x32\...\Origin) (Version: 9.0.15.65 - Electronic Arts, Inc.)
PDFill FREE PDF Tools (HKLM\...\{735A3951-E139-4E4A-AFAE-BA25E9FF5E6A}) (Version: 10.0 - PlotSoft LLC)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
PS_AIO_Software_min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Quartus II 9.1sp2 Web Edition (HKLM-x32\...\{4A8CFC2B-2E30-4D00-98A5-A9D32E747C28}) (Version: 9.1sp2 - Altera Corporation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
Rapport (Version: 3.5.1205.20 - Trusteer) Hidden
Rapport (x32 Version: 3.5.1304.46 - Trusteer) Hidden
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Samantha Swift (x32 Version: 2.2.0.95 - WildTangent) Hidden
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Sentinel Protection Installer 7.1.0 (HKLM\...\{4C1A3B65-E284-4F04-822F-3774E0CEEF67}) (Version: 7.1.0 - Safenet Inc,)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SopCast 3.8.3 (HKLM-x32\...\SopCast) (Version: 3.8.3 - www.sopcast.com)
Sopcast Toolbar (HKLM-x32\...\{53504356-3700-A76A-76A7-A758B70C0300}) (Version: 12.3.0.840 - APN, LLC)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
StreamTorrent 1.0 (HKLM-x32\...\StreamTorrent 1.0) (Version: - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.15400 - Nero AG)
SyncUP (x32 Version: 1.12.11200.10.102 - Nero AG) Hidden
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
TomTom HOME (HKLM-x32\...\{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}) (Version: 2.9.3 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1304.46 - Trusteer)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.0.0.0 - Azureus Software, Inc.)
vWorkspace Connector for Web Access (HKLM-x32\...\{2F592C28-8F7C-414E-A07A-74FDE6726857}) (Version: 7.6.0.845 - Quest Software)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wedding Dash - Ready, Aim, Love! (x32 Version: 2.2.0.95 - WildTangent) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7600 - Broadcom Corporation)
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Dell Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
WinPatrol (HKLM\...\{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}) (Version: 28.1.2013.0 - BillP Studios)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
==================== Restore Points =========================
19-02-2014 16:37:45 ComboFix created restore point
21-02-2014 19:36:55 Windows Update
25-02-2014 19:59:59 Installed Java 7 Update 51
26-02-2014 08:18:27 Windows Update
==================== Hosts content: ==========================
2013-12-14 09:19 - 2014-02-27 13:48 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {10206171-14D5-4AEE-8AAB-B6074EDEC5BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-19] (Google Inc.)
Task: {10D2B73B-2CBD-429D-9CD0-86F50F8F36CE} - System32\Tasks\{2ECB3BD1-BD37-42E6-98D6-462EE6ABB7E0} => Firefox.exe http://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?source=lightinstaller&page=tsProgressBar
Task: {182BBCCE-23DB-42A4-85A4-D6B3DFE7DA82} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {64C5F6BE-3EB2-4BC7-A653-F45CB65B26B2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-30] (AVAST Software)
Task: {690A627B-0F35-4D83-9BE3-B4B873183491} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {7CA52196-F12E-4CDF-9C6E-FCEF1BA8D915} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {8AC844BE-B3B8-4C1C-9F0F-3F79C0A6C3EB} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {96DD64D5-4EA1-41ED-B9A7-455FF4BDEC09} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-19] (Google Inc.)
Task: {B3BE9A92-66FD-4D0C-AECF-6748B9F20270} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {C7C079D3-25D3-4245-895F-490058D0EEC1} - System32\Tasks\PCDoctorBackgroundMonitorTask-Retry => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {ED50FAAC-292C-4308-9253-C3172385B93A} - System32\Tasks\{DEAA5464-99A2-4B36-874C-8DAC1FF7098F} => Firefox.exe http://ui.skype.com/ui/0/5.8.0.158.259/en/go/help.faq.installer?source=lightinstaller&LastError=1618
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-02-15 12:40 - 2014-02-15 12:40 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:07BF512B
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\32508145.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\32572666.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\45852858.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\81940613.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\85319584.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\90348415.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\32508145.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\32572666.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\45852858.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\81940613.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\85319584.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\90348415.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: AceStream => C:\Users\Conor\AppData\Roaming\ACEStream\engine\ace_engine.exe
MSCONFIG\startupreg: WinPatrol => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: RapportKE64
Description: RapportKE64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RapportKE64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: aswVmm
Description: aswVmm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: aswRvrt
Description: aswRvrt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/27/2014 04:00:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/27/2014 03:33:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/27/2014 03:32:20 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 16 15.193.192.10.in-addr.arpa. PTR Conor-PC.local.
Error: (02/27/2014 03:32:20 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.192.193.15:5353 18 15.193.192.10.in-addr.arpa. PTR Conor-PC-2.local.
Error: (02/27/2014 03:22:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/27/2014 03:17:58 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 16 15.193.192.10.in-addr.arpa. PTR Conor-PC.local.
Error: (02/27/2014 03:17:58 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.192.193.15:5353 18 15.193.192.10.in-addr.arpa. PTR Conor-PC-2.local.
Error: (02/27/2014 03:04:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/27/2014 02:35:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/27/2014 02:34:13 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 16 15.193.192.10.in-addr.arpa. PTR Conor-PC.local.
System errors:
=============
Error: (02/27/2014 04:00:56 PM) (Source: DCOM) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}
Error: (02/27/2014 04:00:06 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068
Error: (02/27/2014 04:00:05 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (02/27/2014 04:00:05 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (02/27/2014 04:00:05 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (02/27/2014 04:00:04 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (02/27/2014 04:00:04 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (02/27/2014 04:00:04 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (02/27/2014 04:00:04 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (02/27/2014 04:00:04 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Microsoft Office Sessions:
=========================
Error: (02/27/2014 04:00:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/27/2014 03:33:45 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/27/2014 03:32:20 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 16 15.193.192.10.in-addr.arpa. PTR Conor-PC.local.
Error: (02/27/2014 03:32:20 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 10.192.193.15:5353 18 15.193.192.10.in-addr.arpa. PTR Conor-PC-2.local.
Error: (02/27/2014 03:22:24 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/27/2014 03:17:58 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 16 15.193.192.10.in-addr.arpa. PTR Conor-PC.local.
Error: (02/27/2014 03:17:58 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 10.192.193.15:5353 18 15.193.192.10.in-addr.arpa. PTR Conor-PC-2.local.
Error: (02/27/2014 03:04:32 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/27/2014 02:35:28 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/27/2014 02:34:13 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 16 15.193.192.10.in-addr.arpa. PTR Conor-PC.local.
CodeIntegrity Errors:
===================================
Date: 2014-02-27 13:48:01.950
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-02-27 13:48:01.528
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-02-27 13:48:01.107
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-02-27 13:48:00.686
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-02-19 17:19:39.843
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-02-19 17:19:39.297
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-02-19 17:19:38.735
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-02-19 17:19:38.174
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-12-24 20:45:41.708
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-12-24 20:45:40.663
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Percentage of memory in use: 21%
Total physical RAM: 3692.02 MB
Available physical RAM: 2894.68 MB
Total Pagefile: 7382.22 MB
Available Pagefile: 6633.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:260.52 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: BAFC8161)
Partition: GPT Partition Type.
==================== End Of Log ============================ -
Hey guys,
No idea what has happened to my laptop. I switched it on last night and theproblems started! It runs fine for about five minutes an then whenever I run Firefox/other programs it keeps crashing.
Also whenever I reboot the system keeps wanting to check my hard drive for consistency which I have only seen probaly twice in the two years Ive had my laptop.I have ma
naged to run HJT so I have attached the log but DDS wouldn't complete; I left for a good half an hour and nothing!
Could anybody help please, I am really desperate! I will probably have to download any programs off another computer and run in safe mode so hopefully that will not affect the process.
Thanks in advance!
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 14:08:34, on 27/02/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
FIREFOX: 27.0.1 (en-US)
Boot mode: Normal
Running processes:
C:\windows\SysWOW64\pnssosvr.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\SysWOW64\PNUSBCLITRAY.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
C:\Windows\SysWOW64\PNTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Users\Conor\Desktop\Computer Repair\HijackThis.exe
C:\windows\SysWOW64\DllHost.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [pnusbclitray] pnusbclitray.exe
O4 - HKLM\..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: CodecPackUpdateChecker.lnk = C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
O4 - Global Startup: Start GeekBuddy.lnk = C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 208.67.222.123,208.67.220.123,10.192.192.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}: NameServer = 208.67.222.123,208.67.220.123
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA778979-A30E-4822-B18E-7E8FE2E428FD}: NameServer = 198.153.192.60,198.153.194.60
O17 - HKLM\System\CS1\Services\Tcpip\..\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 208.67.222.123,208.67.220.123,10.192.192.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 208.67.222.123,208.67.220.123,10.192.192.1
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bing Desktop Update service (BingDesktopUpdate) - Unknown owner - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Cadence License Manager - Flexera Software, Inc. - C:\Cadence\LicenseManager\lmgrd.exe
O23 - Service: COMODO LPS Launcher (CLPSLauncher) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GeekBuddyRSP Server (GeekBuddyRSP) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
O23 - Service: Kodak AiO Status Monitor Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
O23 - Service: Flexlm (lmgrd) - Unknown owner - C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: Quest USB Hub Client Service (pnusbvirtualhubwssrv) - Unknown owner - C:\windows\system32\pnusbvirtualhubwssrv.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 14412 bytes
-
AdwCleaner Log:
# AdwCleaner v3.010 - Report created 31/10/2013 at 11:17:05
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Conor - Conor-PC
# Running from : C:\Users\Conor\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\Conor\AppData\Roaming\thinstall
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16720
-\\ Mozilla Firefox v24.0 (en-US)
[ File : C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\98llgyia.default-1382598762311\prefs.js ]
[ File : C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\aemi6jha.default-1358357058997\prefs.js ]
[ File : C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]
*************************
AdwCleaner[R0].txt - [1751 octets] - [31/10/2013 11:17:05]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1811 octets] ##########
SecurityCheck Log
Results of screen317's Security Check version 0.99.76
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
Malwarebytes Anti-Malware version 1.75.0.1300
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.9.900.117
Mozilla Firefox (24.0)
````````Process Check: objlist.exe by Laurent````````
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 8%
````````````````````End of Log``````````````````````
-
Can you please list software that is cracked please so I can remove?
I have deleted the KMS Emulator and AutoKMS because I know for a fact that is a crack.
-
MBAM Log:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.10.29.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Conor :: Conor-PC [administrator]
29/10/2013 18:33:02
mbam-log-2013-10-29 (18-33-02).txt
Scan type: Full scan (C:\|D:\|E:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 536934
Time elapsed: 5 hour(s), 7 minute(s), 14 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Users\Conor\AppData\Roaming\Auslogics\Rescue\Boost Speed\130808194733583.rsc (PUP.Optional.OneClickDownloader.A) -> Quarantined and deleted successfully.
C:\Users\Conor\AppData\Roaming\Auslogics\Rescue\Boost Speed\131028113319671.rsc (PUP.Optional.OneClickDownloader.A) -> Quarantined and deleted successfully.
C:\Users\Conor\AppData\Roaming\Thinstall\MATLAB R2007b\4000003900003i\matlab.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
(end)ESET Log:
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Backup\DSLUpdate\hstart.exe.bak a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Backup\DSLUpdate\hstart.exe.bk1 a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Users\Conor\AppData\Roaming\Auslogics\Rescue\Boost Speed\130825111737855.rsc a variant of Win32/Bundled.Toolbar.Ask.D application
C:\Users\Conor\AppData\Roaming\Auslogics\Rescue\Boost Speed\131018172051034.rsc Win32/InstalleRex.K application
C:\Windows\KMSEmulator.exe Win32/HackKMS.A application
C:\Windows\AutoKMS\AutoKMS.exe MSIL/HackKMS.A application
-
Hi.
The message I got was:
'Windows Resource Protection did not find any integrity violations.'
-
Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 29/04/2013 20:02:16
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Conor-PC
Description:
Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.
One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
CHKDSK is verifying files (stage 1 of 3)...
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0xe73d1 for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0xf76d is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 63341.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x1e006f for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x12078 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 73848.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x1547f4 for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x1c422 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 115746.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x157849 for possibly 0x3 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x202ee is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 131822.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x15759d for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x22e10 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 142864.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x1e0669 for possibly 0x3 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x23312 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 144146.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x25b621 for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x26bfa is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 158714.
The attribute of type 0x80 and instance tag 0x0 in file 0x2b847
has allocated length of 0x3a5000 instead of 0x3a3000.
Deleted corrupt attribute list entry
with type code 128 in file 178247.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x4400000000f333. The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 62259.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x64000000025322. The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 152354.
374016 file records processed.
File verification completed.
Deleting orphan file record segment 62259.
Deleting orphan file record segment 152354.
365 large file records processed.
0 bad file records processed.
0 EA records processed.
58 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 3)...
The object id index entry in file 0x19 points to file 0x1fe83
but the file has no object id in it.
Deleting an index entry from index $O of file 25.
The object id index entry in file 0x19 points to file 0x1feab
but the file has no object id in it.
Deleting an index entry from index $O of file 25.
The object id in file 0x1c237 does not appear in the object
id index in file 0x19.
Inserting an index entry into index $O of file 25.
The object id in file 0x1cb2d does not appear in the object
id index in file 0x19.
Inserting an index entry into index $O of file 25.
Unable to locate the file name attribute of index entry ~$Letter.docx
of index $I30 with parent 0x1fe in file 0x230b5.
Deleting index entry ~$Letter.docx in index $I30 of file 510.
Unable to locate the file name attribute of index entry ~$LETT~1.DO~
of index $I30 with parent 0x1fe in file 0x230b5.
Deleting index entry ~$LETT~1.DO~ in index $I30 of file 510.
Unable to locate the file name attribute of index entry Letter.lnk
of index $I30 with parent 0x20d in file 0x22e2d.
Deleting index entry Letter.lnk in index $I30 of file 525.
434804 index entries processed.
Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file prefs.js (46173) into directory file 61099.
Recovering orphaned file TEMPFI~1.TMP (74711) into directory file 147916.
Recovering orphaned file Temp File.tmp (74711) into directory file 147916.
Recovering orphaned file C96359~1.DMP (115314) into directory file 71778.
Recovering orphaned file c9635914-acee-47cf-85f6-fcd391205a94.dmp (115314) into directory file 71778.
Recovering orphaned file MOZILL~1.LNK (117549) into directory file 167324.
Recovering orphaned file Mozilla Firefox.lnk (117549) into directory file 167324.
Recovering orphaned file LOCALS~1.RDF (142864) into directory file 61099.
Recovering orphaned file localstore.rdf (142864) into directory file 61099.
Recovering orphaned file {7781B~1 (143723) into directory file 3047.
Recovering orphaned file {7781bee5-2ad4-43b9-9a37-8e49daefebfa} (143723) into directory file 3047.
12 unindexed files scanned.
CHKDSK is recovering remaining unindexed files.
6 unindexed files recovered.
CHKDSK is verifying security descriptors (stage 3 of 3)...
374016 file SDs/SIDs processed.
Cleaning up 538 unused index entries from index $SII of file 0x9.
Cleaning up 538 unused index entries from index $SDH of file 0x9.
Cleaning up 538 unused security descriptors.
Security descriptor verification completed.
Inserting data attribute into file 63341.
Inserting data attribute into file 73848.
Inserting data attribute into file 115746.
Inserting data attribute into file 131822.
Inserting data attribute into file 142864.
Inserting data attribute into file 144146.
Inserting data attribute into file 158714.
Inserting data attribute into file 178247.
30403 data files processed.
CHKDSK is verifying Usn Journal...
37735448 USN bytes processed.
Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.
472922135 KB total disk space.
62973084 KB in 157518 files.
89872 KB in 30397 indexes.
0 KB in bad sectors.
492611 KB in use by the system.
65536 KB occupied by the log file.
409366568 KB available on disk.
4096 bytes in each allocation unit.
118230533 total allocation units on disk.
102341642 allocation units available on disk.
Internal Info:
00 b5 05 00 1c de 02 00 89 3d 05 00 00 00 00 00 .........=......
b5 08 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 ....:...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Windows has finished checking your disk.
Please wait while your computer restarts.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-04-29T19:02:16.000000000Z" />
<EventRecordID>46739</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Conor-PC</Computer>
<Security />
</System>
<EventData>
<Data>
Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.
One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
CHKDSK is verifying files (stage 1 of 3)...
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0xe73d1 for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0xf76d is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 63341.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x1e006f for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x12078 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 73848.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x1547f4 for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x1c422 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 115746.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x157849 for possibly 0x3 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x202ee is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 131822.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x15759d for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x22e10 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 142864.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x1e0669 for possibly 0x3 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x23312 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 144146.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x25b621 for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x26bfa is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 158714.
The attribute of type 0x80 and instance tag 0x0 in file 0x2b847
has allocated length of 0x3a5000 instead of 0x3a3000.
Deleted corrupt attribute list entry
with type code 128 in file 178247.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x4400000000f333. The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 62259.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x64000000025322. The expected attribute type is 0x80.
Deleting corrupt attribute record (128, "")
from file record segment 152354.
374016 file records processed.
File verification completed.
Deleting orphan file record segment 62259.
Deleting orphan file record segment 152354.
365 large file records processed.
0 bad file records processed.
0 EA records processed.
58 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 3)...
The object id index entry in file 0x19 points to file 0x1fe83
but the file has no object id in it.
Deleting an index entry from index $O of file 25.
The object id index entry in file 0x19 points to file 0x1feab
but the file has no object id in it.
Deleting an index entry from index $O of file 25.
The object id in file 0x1c237 does not appear in the object
id index in file 0x19.
Inserting an index entry into index $O of file 25.
The object id in file 0x1cb2d does not appear in the object
id index in file 0x19.
Inserting an index entry into index $O of file 25.
Unable to locate the file name attribute of index entry ~$Letter.docx
of index $I30 with parent 0x1fe in file 0x230b5.
Deleting index entry ~$Letter.docx in index $I30 of file 510.
Unable to locate the file name attribute of index entry ~$LETT~1.DO~
of index $I30 with parent 0x1fe in file 0x230b5.
Deleting index entry ~$LETT~1.DO~ in index $I30 of file 510.
Unable to locate the file name attribute of index entry Letter.lnk
of index $I30 with parent 0x20d in file 0x22e2d.
Deleting index entry Letter.lnk in index $I30 of file 525.
434804 index entries processed.
Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file prefs.js (46173) into directory file 61099.
Recovering orphaned file TEMPFI~1.TMP (74711) into directory file 147916.
Recovering orphaned file Temp File.tmp (74711) into directory file 147916.
Recovering orphaned file C96359~1.DMP (115314) into directory file 71778.
Recovering orphaned file c9635914-acee-47cf-85f6-fcd391205a94.dmp (115314) into directory file 71778.
Recovering orphaned file MOZILL~1.LNK (117549) into directory file 167324.
Recovering orphaned file Mozilla Firefox.lnk (117549) into directory file 167324.
Recovering orphaned file LOCALS~1.RDF (142864) into directory file 61099.
Recovering orphaned file localstore.rdf (142864) into directory file 61099.
Recovering orphaned file {7781B~1 (143723) into directory file 3047.
Recovering orphaned file {7781bee5-2ad4-43b9-9a37-8e49daefebfa} (143723) into directory file 3047.
12 unindexed files scanned.
CHKDSK is recovering remaining unindexed files.
6 unindexed files recovered.
CHKDSK is verifying security descriptors (stage 3 of 3)...
374016 file SDs/SIDs processed.
Cleaning up 538 unused index entries from index $SII of file 0x9.
Cleaning up 538 unused index entries from index $SDH of file 0x9.
Cleaning up 538 unused security descriptors.
Security descriptor verification completed.
Inserting data attribute into file 63341.
Inserting data attribute into file 73848.
Inserting data attribute into file 115746.
Inserting data attribute into file 131822.
Inserting data attribute into file 142864.
Inserting data attribute into file 144146.
Inserting data attribute into file 158714.
Inserting data attribute into file 178247.
30403 data files processed.
CHKDSK is verifying Usn Journal...
37735448 USN bytes processed.
Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.
472922135 KB total disk space.
62973084 KB in 157518 files.
89872 KB in 30397 indexes.
0 KB in bad sectors.
492611 KB in use by the system.
65536 KB occupied by the log file.
409366568 KB available on disk.
4096 bytes in each allocation unit.
118230533 total allocation units on disk.
102341642 allocation units available on disk.
Internal Info:
00 b5 05 00 1c de 02 00 89 3d 05 00 00 00 00 00 .........=......
b5 08 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 ....:...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event> -
-
Hi,
As the titlle says my laptop has gone from consistant to very slow in the space of a day. I have ran MBAM and it detected no viruses. All firwaals (Comodo) and AntiVirus (Avast) are constantly updated.
Please help me, would really appreciate it!
Hope the logs attached help too.
Thank you in advance
-
Brilliant! Thank you so much for your time
Have installed WinPatrol as well
Thanks again!
-
Wow, that took a while!
C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnIC.dll a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Backup\DSLUpdate\hstart.exe.bak a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Backup\DSLUpdate\hstart.exe.bk1 a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Users\Conor\AppData\Local\Temp\is-RMSK9.tmp\OCSetupHlp.dll Win32/OpenCandy application
C:\Users\Conor\Downloads\InstallTheWebBlockerzip\TheWebBlocker.exe a variant of Win32/Somoto.A application
C:\Windows\KMSEmulator.exe a variant of Win32/HackKMS.A application
C:\Windows\AutoKMS\AutoKMS.exe a variant of Win32/HackKMS.B application
-
Looking much better to me
Do you feel it is all clean now?MBAB
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.05.03.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Conor :: CONOR-PC [administrator]
03/05/2013 15:00:33
mbam-log-2013-05-03 (15-00-33).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223235
Time elapsed: 9 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
HJT
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:14:46, on 03/05/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\TRENDnet\MFP Server\Control Center.exe
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
C:\Users\Conor\Desktop\HijackThis.exe
C:\windows\SysWOW64\DllHost.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Control Center] C:\Program Files (x86)\TRENDnet\MFP Server\Control Center.exe -mini
O4 - HKLM\..\Run: [gbrspcontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Start GeekBuddy.lnk = C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Conor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}: NameServer = 208.67.222.123,208.67.220.123
O17 - HKLM\System\CS1\Services\Tcpip\..\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 8.26.56.26,156.154.70.22
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: COMODO LPS Launcher (CLPSLauncher) - Comodo Security Solutions Inc. - C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GeekBuddyRSP Service (GeekBuddyRSP) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11916 bytes
-
Seems to be OK
I've attached fresh logs for you below anyway just in case you find anything else
-
I tried that but still not helping
Keeps 'Not esponding' then I have to end the process... Anything else we can try?Thanks your your help so far!
-
Computer perfomance much better
however its mainly my browser now thats slow Even tried usin gthe Firefox Repair tool but didnt fix it it's just generally slow!ComboFix 13-05-01.03 - Conor 01/05/2013 19:00:55.10.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3692.2185 [GMT 1:00]
Running from: C:\Users\Conor\Desktop\ComboFix.exe
Command switches used :: C:\Users\Conor\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
---- Previous Run -------
C:\ProgramData\PCDr\6032\AddOnDownloaded\32ac3173-77bd-4ec6-9638-94e174508c22.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\330761e0-2594-472d-8455-796592cf88dc.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\7dd123b0-30e9-4f67-b7e2-20e7374cbb87.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\88bde4bf-b24d-4cb6-92ef-eb02d3276f09.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\96c23f75-9f21-4ef8-a3c8-1a554b815309.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\9cdc7b97-c1d2-495c-8b7f-12fd3c7e14b8.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\be661974-a339-4e9a-bea4-bda0af68ba7f.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\ca35a61e-780d-401f-891e-22b67162d061.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\ca39d363-7f7b-442f-9d1a-7cf8e06b7b08.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\d04640e7-f772-4909-8f8e-f8294ff0752f.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\d2597799-52b1-4a68-9280-897ad5c0c18e.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\fb803e34-29ed-4941-a7b3-4074ca51286c.dll
C:\Users\Conor\AppData\Roaming\BabMaint.exe
((((((((((((((((((((((((( Files Created from 2013-04-01 to 2013-05-01 )))))))))))))))))))))))))))))))
2013-05-01 18:20:17 . 2013-05-01 18:20:17 -------- d-----w- C:\Users\Public\AppData\Local\temp
2013-05-01 18:20:17 . 2013-05-01 18:20:17 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-04-30 17:48:57 . 2013-04-10 03:46:09 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DA0DC9EA-3976-41B7-A2B7-62B522770951}\mpengine.dll
2013-04-29 18:56:28 . 2013-04-29 18:56:28 -------- d-----w- C:\found.002
2013-04-28 21:29:30 . 2013-04-28 21:29:41 -------- d-----w- C:\windows\snack
2013-04-28 21:17:10 . 2013-04-28 21:17:53 102 ----a-w- C:\windows\DeleteOnReboot.bat
2013-04-24 16:34:16 . 2013-04-12 14:45:08 1656680 ----a-w- C:\windows\system32\drivers\ntfs.sys
2013-04-21 16:36:13 . 2013-04-21 16:35:24 311200 ----a-w- C:\windows\system32\javaws.exe
2013-04-21 16:35:47 . 2013-04-21 16:35:28 108448 ----a-w- C:\windows\system32\WindowsAccessBridge-64.dll
2013-04-21 16:35:47 . 2013-04-21 16:35:24 188832 ----a-w- C:\windows\system32\javaw.exe
2013-04-21 16:35:47 . 2013-04-21 16:35:23 188320 ----a-w- C:\windows\system32\java.exe
2013-04-21 13:39:16 . 2013-04-21 13:39:16 -------- d-----w- C:\Program Files (x86)\Foxit Software
2013-04-20 10:32:23 . 2012-08-21 12:01:20 33240 ----a-w- C:\windows\system32\drivers\GEARAspiWDM.sys
2013-04-20 10:31:22 . 2013-04-20 10:31:22 -------- d-----w- C:\Program Files\iPod
2013-04-20 10:31:20 . 2013-04-20 10:32:21 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-04-20 10:31:20 . 2013-04-20 10:32:19 -------- d-----w- C:\Program Files\iTunes
2013-04-20 10:23:15 . 2013-03-06 22:33:21 178624 ----a-w- C:\windows\system32\drivers\aswVmm.sys
2013-04-20 10:23:14 . 2013-03-06 22:33:21 65336 ----a-w- C:\windows\system32\drivers\aswRvrt.sys
2013-04-20 10:17:30 . 2013-04-20 10:17:30 -------- d-----w- C:\Program Files\VideoLAN
2013-04-20 10:12:19 . 2013-04-20 10:12:19 -------- d-----w- C:\ProgramData\Licenses
2013-04-19 17:02:56 . 2013-04-19 17:02:56 56072 ----a-w- C:\windows\system32\certsentry.dll
2013-04-19 17:02:56 . 2013-04-19 17:02:56 47368 ----a-w- C:\windows\SysWow64\certsentry.dll
2013-04-18 20:34:57 . 2013-04-18 20:34:57 -------- d-----w- C:\Program Files (x86)\Common Files\COMODO
2013-04-10 15:22:38 . 2013-03-01 03:36:04 3153408 ----a-w- C:\windows\system32\win32k.sys
2013-04-10 15:22:31 . 2013-01-24 06:01:01 223752 ----a-w- C:\windows\system32\drivers\fvevol.sys
2013-04-10 15:22:20 . 2013-03-19 06:04:06 5550424 ----a-w- C:\windows\system32\ntoskrnl.exe
2013-04-10 15:22:17 . 2013-03-19 05:04:10 3913560 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-04-10 15:22:15 . 2013-03-19 05:04:13 3968856 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 15:22:14 . 2013-03-19 03:06:33 112640 ----a-w- C:\windows\system32\smss.exe
2013-04-10 15:22:13 . 2013-03-19 05:46:56 43520 ----a-w- C:\windows\system32\csrsrv.dll
2013-04-10 15:22:11 . 2013-03-19 04:47:50 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll
2013-04-07 18:14:18 . 2013-04-07 18:14:18 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2013-04-07 18:14:18 . 2013-04-07 18:14:18 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2013-04-07 18:14:18 . 2013-04-07 18:14:18 1448448 ----a-w- C:\windows\system32\lsasrv.dll
2013-04-07 18:14:17 . 2013-04-07 18:14:17 458712 ----a-w- C:\windows\system32\drivers\cng.sys
2013-04-07 18:14:17 . 2013-04-07 18:14:17 340992 ----a-w- C:\windows\system32\schannel.dll
2013-04-07 18:14:17 . 2013-04-07 18:14:17 247808 ----a-w- C:\windows\SysWow64\schannel.dll
2013-04-07 18:14:17 . 2013-04-07 18:14:17 154480 ----a-w- C:\windows\system32\drivers\ksecpkg.sys
2013-04-07 18:12:49 . 2013-04-07 18:12:49 514560 ----a-w- C:\windows\SysWow64\qdvd.dll
2013-04-07 18:12:49 . 2013-04-07 18:12:49 366592 ----a-w- C:\windows\system32\qdvd.dll
2013-04-07 17:56:18 . 2013-04-07 17:56:18 -------- d-----w- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-04-07 17:55:59 . 2013-04-07 18:01:21 -------- d-----w- C:\ProgramData\IObit
2013-04-07 17:55:54 . 2013-04-07 17:55:54 -------- d-----w- C:\Users\Conor\AppData\Roaming\IObit
2013-04-07 17:55:14 . 2013-04-07 17:55:14 -------- d-----w- C:\Program Files (x86)\IObit
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2013-05-01 17:21:52 . 2012-10-16 20:31:33 151552 ----a-w- C:\windows\KMSEmulator.exe
2013-04-21 16:35:22 . 2012-08-19 20:45:21 1092512 ----a-w- C:\windows\system32\npDeployJava1.dll
2013-04-21 16:35:22 . 2011-11-27 21:40:28 971680 ----a-w- C:\windows\system32\deployJava1.dll
2013-04-20 12:01:13 . 2012-08-19 21:03:11 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-20 12:01:13 . 2012-08-19 21:03:11 691592 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-04-11 17:24:23 . 2012-08-01 22:05:00 72702784 ----a-w- C:\windows\system32\MRT.exe
2013-04-05 21:56:20 . 2012-11-22 21:32:29 281152 ----a-w- C:\windows\SysWow64\PnkBstrB.xtr
2013-04-05 21:56:20 . 2012-11-22 21:16:57 281152 ----a-w- C:\windows\SysWow64\PnkBstrB.exe
2013-04-04 19:01:42 . 2012-11-22 21:16:57 281152 ----a-w- C:\windows\SysWow64\PnkBstrB.ex0
2013-04-04 13:50:32 . 2012-05-03 13:03:09 25928 ----a-w- C:\windows\system32\drivers\mbam.sys
2013-04-02 12:16:10 . 2012-07-05 11:05:08 236248 ----a-w- C:\windows\system32\drivers\RapportKE64.sys
2013-03-12 00:10:56 . 2010-11-21 03:27:21 282744 ------w- C:\windows\system32\MpSigStub.exe
2013-03-06 22:33:21 . 2012-05-03 13:07:34 377920 ----a-w- C:\windows\system32\drivers\aswSP.sys
2013-03-06 22:33:21 . 2012-05-03 13:07:32 70992 ----a-w- C:\windows\system32\drivers\aswRdr2.sys
2013-03-06 22:33:21 . 2012-05-03 13:07:32 68920 ----a-w- C:\windows\system32\drivers\aswTdi.sys
2013-03-06 22:33:21 . 2012-05-03 13:07:32 1025808 ----a-w- C:\windows\system32\drivers\aswSnx.sys
2013-03-06 22:33:20 . 2012-05-03 13:07:34 33400 ----a-w- C:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 22:33:20 . 2012-05-03 13:07:31 80816 ----a-w- C:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 22:32:51 . 2012-05-03 13:06:30 41664 ----a-w- C:\windows\avastSS.scr
2013-03-06 22:32:22 . 2012-05-03 13:07:31 287840 ----a-w- C:\windows\system32\aswBoot.exe
2013-02-12 05:45:24 . 2013-03-13 18:52:18 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 . 2013-03-13 18:52:19 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 . 2013-03-13 18:52:18 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 05:45:22 . 2013-03-13 18:52:17 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 04:48:31 . 2013-03-13 18:52:20 474112 ----a-w- C:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 . 2013-03-13 18:52:21 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll
2013-02-12 04:12:05 . 2013-03-15 13:37:29 19968 ----a-w- C:\windows\system32\drivers\usb8023.sys
-
Hey
stilll pretty slow I have to say MBAR
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.04.30.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Conor :: CONOR-PC [administrator]
30/04/2013 20:04:09
mbar-log-2013-04-30 (20-04-09).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 32077
Time elapsed: 19 minute(s), 32 second(s)
Memory Processes Detected: 0
(No malicious items detected)
-
Hey
Log is below, PC still running very slow though
ComboFix 13-04-28.01 - Conor 29/04/2013 19:28:03.9.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3692.2157 [GMT 1:00]
Running from: C:\Users\Conor\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\ProgramData\PCDr\6032\AddOnDownloaded\32ac3173-77bd-4ec6-9638-94e174508c22.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\330761e0-2594-472d-8455-796592cf88dc.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\7dd123b0-30e9-4f67-b7e2-20e7374cbb87.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\88bde4bf-b24d-4cb6-92ef-eb02d3276f09.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\96c23f75-9f21-4ef8-a3c8-1a554b815309.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\9cdc7b97-c1d2-495c-8b7f-12fd3c7e14b8.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\be661974-a339-4e9a-bea4-bda0af68ba7f.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\ca35a61e-780d-401f-891e-22b67162d061.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\ca39d363-7f7b-442f-9d1a-7cf8e06b7b08.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\d04640e7-f772-4909-8f8e-f8294ff0752f.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\d2597799-52b1-4a68-9280-897ad5c0c18e.dll
C:\ProgramData\PCDr\6032\AddOnDownloaded\fb803e34-29ed-4941-a7b3-4074ca51286c.dll
C:\Users\Conor\AppData\Roaming\BabMaint.exe
((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-29 )))))))))))))))))))))))))))))))
2013-04-29 18:56:28 . 2013-04-29 18:56:28 -------- d-----w- C:\found.002
2013-04-29 18:49:09 . 2013-04-29 18:49:09 -------- d-----w- C:\Users\Public\AppData\Local\temp
2013-04-29 18:49:09 . 2013-04-29 18:49:09 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-04-28 21:29:30 . 2013-04-28 21:29:41 -------- d-----w- C:\windows\snack
2013-04-28 21:17:10 . 2013-04-28 21:17:53 102 ----a-w- C:\windows\DeleteOnReboot.bat
2013-04-26 12:42:14 . 2013-04-10 03:46:09 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4180B4D2-A6B9-4FB2-AFD5-ED99EE363C37}\mpengine.dll
2013-04-24 16:34:16 . 2013-04-12 14:45:08 1656680 ----a-w- C:\windows\system32\drivers\ntfs.sys
2013-04-21 16:36:13 . 2013-04-21 16:35:24 311200 ----a-w- C:\windows\system32\javaws.exe
2013-04-21 16:35:47 . 2013-04-21 16:35:28 108448 ----a-w- C:\windows\system32\WindowsAccessBridge-64.dll
2013-04-21 16:35:47 . 2013-04-21 16:35:24 188832 ----a-w- C:\windows\system32\javaw.exe
2013-04-21 16:35:47 . 2013-04-21 16:35:23 188320 ----a-w- C:\windows\system32\java.exe
2013-04-21 13:39:16 . 2013-04-21 13:39:16 -------- d-----w- C:\Program Files (x86)\Foxit Software
2013-04-20 10:32:23 . 2012-08-21 12:01:20 33240 ----a-w- C:\windows\system32\drivers\GEARAspiWDM.sys
2013-04-20 10:31:22 . 2013-04-20 10:31:22 -------- d-----w- C:\Program Files\iPod
2013-04-20 10:31:20 . 2013-04-20 10:32:21 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-04-20 10:31:20 . 2013-04-20 10:32:19 -------- d-----w- C:\Program Files\iTunes
2013-04-20 10:23:15 . 2013-03-06 22:33:21 178624 ----a-w- C:\windows\system32\drivers\aswVmm.sys
2013-04-20 10:23:14 . 2013-03-06 22:33:21 65336 ----a-w- C:\windows\system32\drivers\aswRvrt.sys
2013-04-20 10:17:30 . 2013-04-20 10:17:30 -------- d-----w- C:\Program Files\VideoLAN
2013-04-20 10:12:19 . 2013-04-20 10:12:19 -------- d-----w- C:\ProgramData\Licenses
2013-04-19 17:02:56 . 2013-04-19 17:02:56 56072 ----a-w- C:\windows\system32\certsentry.dll
2013-04-19 17:02:56 . 2013-04-19 17:02:56 47368 ----a-w- C:\windows\SysWow64\certsentry.dll
2013-04-18 20:34:57 . 2013-04-18 20:34:57 -------- d-----w- C:\Program Files (x86)\Common Files\COMODO
2013-04-10 15:22:38 . 2013-03-01 03:36:04 3153408 ----a-w- C:\windows\system32\win32k.sys
2013-04-10 15:22:31 . 2013-01-24 06:01:01 223752 ----a-w- C:\windows\system32\drivers\fvevol.sys
2013-04-10 15:22:20 . 2013-03-19 06:04:06 5550424 ----a-w- C:\windows\system32\ntoskrnl.exe
2013-04-10 15:22:17 . 2013-03-19 05:04:10 3913560 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-04-10 15:22:15 . 2013-03-19 05:04:13 3968856 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 15:22:14 . 2013-03-19 03:06:33 112640 ----a-w- C:\windows\system32\smss.exe
2013-04-10 15:22:13 . 2013-03-19 05:46:56 43520 ----a-w- C:\windows\system32\csrsrv.dll
2013-04-10 15:22:11 . 2013-03-19 04:47:50 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll
2013-04-07 18:14:18 . 2013-04-07 18:14:18 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2013-04-07 18:14:18 . 2013-04-07 18:14:18 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2013-04-07 18:14:18 . 2013-04-07 18:14:18 1448448 ----a-w- C:\windows\system32\lsasrv.dll
2013-04-07 18:14:17 . 2013-04-07 18:14:17 458712 ----a-w- C:\windows\system32\drivers\cng.sys
2013-04-07 18:14:17 . 2013-04-07 18:14:17 340992 ----a-w- C:\windows\system32\schannel.dll
2013-04-07 18:14:17 . 2013-04-07 18:14:17 247808 ----a-w- C:\windows\SysWow64\schannel.dll
2013-04-07 18:14:17 . 2013-04-07 18:14:17 154480 ----a-w- C:\windows\system32\drivers\ksecpkg.sys
2013-04-07 18:12:49 . 2013-04-07 18:12:49 514560 ----a-w- C:\windows\SysWow64\qdvd.dll
2013-04-07 18:12:49 . 2013-04-07 18:12:49 366592 ----a-w- C:\windows\system32\qdvd.dll
2013-04-07 17:56:18 . 2013-04-07 17:56:18 -------- d-----w- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-04-07 17:55:59 . 2013-04-07 18:01:21 -------- d-----w- C:\ProgramData\IObit
2013-04-07 17:55:54 . 2013-04-07 17:55:54 -------- d-----w- C:\Users\Conor\AppData\Roaming\IObit
2013-04-07 17:55:14 . 2013-04-07 17:55:14 -------- d-----w- C:\Program Files (x86)\IObit
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2013-04-29 19:02:48 . 2012-10-16 20:31:33 151552 ----a-w- C:\windows\KMSEmulator.exe
2013-04-21 16:35:22 . 2012-08-19 20:45:21 1092512 ----a-w- C:\windows\system32\npDeployJava1.dll
2013-04-21 16:35:22 . 2011-11-27 21:40:28 971680 ----a-w- C:\windows\system32\deployJava1.dll
2013-04-20 12:01:13 . 2012-08-19 21:03:11 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-20 12:01:13 . 2012-08-19 21:03:11 691592 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-04-11 17:24:23 . 2012-08-01 22:05:00 72702784 ----a-w- C:\windows\system32\MRT.exe
2013-04-05 21:56:20 . 2012-11-22 21:32:29 281152 ----a-w- C:\windows\SysWow64\PnkBstrB.xtr
2013-04-05 21:56:20 . 2012-11-22 21:16:57 281152 ----a-w- C:\windows\SysWow64\PnkBstrB.exe
2013-04-04 19:01:42 . 2012-11-22 21:16:57 281152 ----a-w- C:\windows\SysWow64\PnkBstrB.ex0
2013-04-04 13:50:32 . 2012-05-03 13:03:09 25928 ----a-w- C:\windows\system32\drivers\mbam.sys
2013-04-02 12:16:10 . 2012-07-05 11:05:08 236248 ----a-w- C:\windows\system32\drivers\RapportKE64.sys
2013-03-12 00:10:56 . 2010-11-21 03:27:21 282744 ------w- C:\windows\system32\MpSigStub.exe
2013-03-06 22:33:21 . 2012-05-03 13:07:34 377920 ----a-w- C:\windows\system32\drivers\aswSP.sys
2013-03-06 22:33:21 . 2012-05-03 13:07:32 70992 ----a-w- C:\windows\system32\drivers\aswRdr2.sys
2013-03-06 22:33:21 . 2012-05-03 13:07:32 68920 ----a-w- C:\windows\system32\drivers\aswTdi.sys
2013-03-06 22:33:21 . 2012-05-03 13:07:32 1025808 ----a-w- C:\windows\system32\drivers\aswSnx.sys
2013-03-06 22:33:20 . 2012-05-03 13:07:34 33400 ----a-w- C:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 22:33:20 . 2012-05-03 13:07:31 80816 ----a-w- C:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 22:32:51 . 2012-05-03 13:06:30 41664 ----a-w- C:\windows\avastSS.scr
2013-03-06 22:32:22 . 2012-05-03 13:07:31 287840 ----a-w- C:\windows\system32\aswBoot.exe
2013-02-12 05:45:24 . 2013-03-13 18:52:18 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 . 2013-03-13 18:52:19 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 . 2013-03-13 18:52:18 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 05:45:22 . 2013-03-13 18:52:17 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 04:48:31 . 2013-03-13 18:52:20 474112 ----a-w- C:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 . 2013-03-13 18:52:21 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll
2013-02-12 04:12:05 . 2013-03-15 13:37:29 19968 ----a-w- C:\windows\system32\drivers\usb8023.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" [2012-11-23 08:22:04 307712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RIMBBLaunchAgent.exe"="C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 01:00:44 90448]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2013-03-06 22:32:44 4767304]
"Control Center"="C:\Program Files (x86)\TRENDnet\MFP Server\Control Center.exe" [2007-11-02 10:04:10 2477568]
"gbrspcontrol"="C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2013-04-17 12:27:24 1851088]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 12:08:14 59720]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 11:35:28 152392]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-1-13 1138464]
Start GeekBuddy.lnk - C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe [2013-4-17 49352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=C:\Windows\SysWOW64\guard32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
R1 CFRMD;CFRMD;C:\windows\system32\DRIVERS\CFRMD.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 20:27:14 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 11:34:18 219632]
R3 aswVmm;aswVmm; [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-09-16 16:19:44 1431888]
R3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 17:59:12 206072]
R3 KUSBusByTCP;KUSBusByTCP;C:\windows\system32\Drivers\KUSBusByTCP.sys [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-08-17 21:26:48 25584]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\system32\drivers\rdpvideominiport.sys [2013-04-07 18:15:48 19456]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 11:33:18 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 00:11:42 250984]
R3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys [2013-04-07 18:15:47 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys [2013-04-07 18:15:47 30208]
R3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 11:01:50 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe [2012-03-13 17:18:31 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 00:10:10 57184]
S0 amd_sata;amd_sata;C:\windows\system32\DRIVERS\amd_sata.sys [2011-06-16 22:08:24 79488]
S0 amd_xata;amd_xata;C:\windows\system32\DRIVERS\amd_xata.sys [2011-06-16 22:08:26 40064]
S0 aswRvrt;aswRvrt; [x]
S0 PxHlpa64;PxHlpa64;C:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 09:00:00 55856]
S0 RapportKE64;RapportKE64;C:\windows\System32\Drivers\RapportKE64.sys [2013-04-02 12:16:10 236248]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\windows\system32\DRIVERS\cmdguard.sys [2012-11-07 23:37:59 584056]
S1 cmdHlp;COMODO Internet Security Helper Driver;C:\windows\system32\DRIVERS\cmdhlp.sys [2012-11-07 23:38:00 38144]
S1 RapportCerberus_51755;RapportCerberus_51755;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys [2013-03-29 04:41:42 586072]
S1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-04-02 12:16:10 228600]
S1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-04-02 12:16:10 357272]
S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2009-03-03 10:42:58 89600]
S2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe [2011-08-06 07:44:20 204288]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-08-06 07:14:06 365568]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;C:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 22:33:20 80816]
S2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [2013-04-17 10:57:08 70344]
S2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-04-19 09:27:24 2074760]
S2 GeekBuddyRSP;GeekBuddyRSP Service;C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2013-04-17 12:27:24 1851088]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 15:32:36 687400]
S2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-04-02 12:15:56 1124184]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 15:05:46 1692480]
S2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-12-05 13:22:40 92632]
S2 Web Blocker Service URL;Web Blocker Service URL;C:\Program Files\Webstart Studios\Web Blocker\TWBService URL.exe [2010-09-13 00:55:20 24064]
S2 Web Blocker Service;Web Blocker Service;C:\Program Files\Webstart Studios\Web Blocker\TWBService.exe [2010-09-13 00:50:22 32768]
S3 amdiox64;AMD IO Driver;C:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 15:18:24 46136]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\system32\drivers\AtihdW76.sys [2011-03-30 22:46:46 114704]
S3 BTWAMPFL;BTWAMPFL;C:\windows\system32\DRIVERS\btwampfl.sys [2011-08-18 22:39:50 349736]
S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys [2011-08-18 22:39:52 39464]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 17:20:46 176096]
S3 KUSBusByTCPMasterBus;Master Bus of Kernel USB Software Bus by TCP;SysWOW64\Drivers\KUSBusByTCPMasterBus.sys [x]
S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [2013-03-03 17:28:21 175352]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-17 06:55:28 533096]
S3 usbfilter;AMD USB Filter Driver;C:\windows\system32\DRIVERS\usbfilter.sys [2010-11-29 12:50:38 44672]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - RAPPORTIASO
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-12 13:06:32 1642448 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
Contents of the 'Scheduled Tasks' folder
2013-04-29 C:\windows\Tasks\Adobe Flash Player Updater.job
- C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-19 21:03:12 . 2013-04-20 12:01:13]
2013-04-29 C:\windows\Tasks\AutoKMS.job
- C:\Windows\AutoKMS\AutoKMS.exe [2012-09-15 10:41:58 . 2012-09-15 10:41:58]
2013-04-29 C:\windows\Tasks\AutoKMSDaily.job
- C:\Windows\AutoKMS\AutoKMS.exe [2012-09-15 10:41:58 . 2012-09-15 10:41:58]
2013-04-29 C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-20 22:48:35 . 2012-11-20 22:47:55]
2013-04-29 C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-20 22:48:35 . 2012-11-20 22:47:55]
--------- X64 Entries -----------
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32:20 133840 ----a-w- C:\Program Files\AVAST Software\Avast\ashShA64.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2011-03-29 20:50:34 608112]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" [2011-05-27 19:06:16 1128448]
"Stage Remote"="C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 01:26:30 2022976]
"COMODO Internet Security"="C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 23:37:13 9577680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=C:\Windows\System32\guard64.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
------- Supplementary Scan -------
uStart Page = hxxp://www.google.com
uLocal Page = C:\windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\Conor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}\358455D2553535: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\f85bc5c8.default-1367010647689\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - ExtSQL: 2013-04-20 11:23; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: !HIDDEN! 2012-09-24 21:07; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
- - - - ORPHANS REMOVED - - - -
AddRemove-PunkBusterSvc - C:\windows\system32\pbsvc.exe
AddRemove-WT089446 - C:\Program Files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
-
Thank you for the help
logs are below:Security Check
Results of screen317's Security Check version 0.99.63
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 7
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.7.700.169
Mozilla Firefox (20.0.1)
Google Chrome 26.0.1410.43
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
windows defender MpCmdRun.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
AdwCleaner
# AdwCleaner v2.300 - Logfile created 04/28/2013 at 22:16:00
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Conor - CONOR-PC
# Boot Mode : Normal
# Running from : C:\Users\Conor\Desktop\adwcleaner.exe
# Option [Delete]
***** [services] *****
Stopped & Deleted : WajamUpdater
***** [Files / Folders] *****
Deleted on reboot : C:\Users\Conor\AppData\Roaming\Zynga
File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Folder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Program Files (x86)\Gophoto.it
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Program Files (x86)\Wajam
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Folder Deleted : C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Folder Deleted : C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Folder Deleted : C:\Users\Conor\AppData\Local\TempDir
Folder Deleted : C:\Users\Conor\AppData\Local\Wajam
Folder Deleted : C:\Users\Conor\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\Conor\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Conor\AppData\Roaming\Delta
Folder Deleted : C:\Users\Conor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
***** [Registry] *****
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16476
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=7C4E9439E5EA3A11 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=4423b668-d83b-4cac-88cf-2b98c24f5722&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=4423b668-d83b-4cac-88cf-2b98c24f5722&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
-\\ Mozilla Firefox v20.0.1 (en-US)
File : C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js
[OK] File is clean.
File : C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\f85bc5c8.default-1367010647689\prefs.js
[OK] File is clean.
-\\ Google Chrome v26.0.1410.64
File : C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted [l.2122] : homepage = "hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=7C4E9439E5EA3A11",
Deleted [l.2281] : urls_to_restore_on_startup = [ "hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntr[...]
*************************
AdwCleaner[R1].txt - [2404 octets] - [11/01/2013 16:09:53]
AdwCleaner[s1].txt - [5083 octets] - [13/10/2012 14:19:54]
AdwCleaner[s2].txt - [2504 octets] - [13/01/2013 23:03:14]
AdwCleaner[s3].txt - [10649 octets] - [28/04/2013 22:16:00]
########## EOF - C:\AdwCleaner[s3].txt - [10710 octets] ##########
Rogue Killer
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Conor [Admin rights]
Mode : Remove -- Date : 04/28/2013 22:32:55
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 6 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{4A92C260-D31D-47C8-8A74-6B120C7909E3} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{4A92C260-D31D-47C8-8A74-6B120C7909E3} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST950032 5AS SATA Disk Device +++++
--- User ---
[MBR] e1cf3956ef2f984ff195364e4f6062fc
[bSP] ee1fa6662c2a2d395c2bf5b13616a5b9 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_04282013_02d2232.txt >>
RKreport[1]_S_04282013_02d2230.txt ; RKreport[2]_D_04282013_02d2232.txt
-
Hi all
I am infected... again
Basically I browse on my laptop daily and it works like a charm (thank you for your help from last time!) and yesterday I've noticed its extremely slow so Ive come to the conclusion that it is now infected
Malwarebytes scan detected nothing.
Please help me! All logs attaced (includng the Malwarebytes log)
Thanks in advance
-
That was all the log said... no errors though
Ads have gone so it seems
PC running slow slightly though :/ is it 100% clear? -
ESET Scanner
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
TDS KIller:
20:20:20.0917 7036 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:20:22.0942 7036 ============================================================
20:20:22.0942 7036 Current date / time: 2013/01/16 20:20:22.0942
20:20:22.0942 7036 SystemInfo:
20:20:22.0942 7036
20:20:22.0942 7036 OS Version: 6.1.7601 ServicePack: 1.0
20:20:22.0942 7036 Product type: Workstation
20:20:22.0942 7036 ComputerName: CONOR-PC
20:20:22.0942 7036 UserName: Conor
20:20:22.0942 7036 Windows directory: C:\windows
20:20:22.0942 7036 System windows directory: C:\windows
20:20:22.0942 7036 Running under WOW64
20:20:22.0942 7036 Processor architecture: Intel x64
20:20:22.0942 7036 Number of processors: 2
20:20:22.0942 7036 Page size: 0x1000
20:20:22.0942 7036 Boot type: Normal boot
20:20:22.0942 7036 ============================================================
20:20:24.0924 7036 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:20:24.0971 7036 ============================================================
20:20:24.0971 7036 \Device\Harddisk0\DR0:
20:20:24.0986 7036 MBR partitions:
20:20:24.0986 7036 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
20:20:24.0986 7036 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030
20:20:24.0986 7036 ============================================================
20:20:25.0080 7036 C: <-> \Device\Harddisk0\DR0\Partition2
20:20:25.0080 7036 ============================================================
20:20:25.0080 7036 Initialize success
20:20:25.0080 7036 ============================================================
20:20:41.0742 4064 ============================================================
20:20:41.0742 4064 Scan started
20:20:41.0742 4064 Mode: Manual;
20:20:41.0742 4064 ============================================================
20:20:44.0503 4064 ================ Scan system memory ========================
20:20:44.0503 4064 System memory - ok
20:20:44.0503 4064 ================ Scan services =============================
20:20:44.0815 4064 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
20:20:44.0877 4064 1394ohci - ok
20:20:44.0908 4064 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
20:20:44.0924 4064 ACPI - ok
20:20:44.0971 4064 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
20:20:44.0986 4064 AcpiPmi - ok
20:20:45.0189 4064 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:20:45.0205 4064 AdobeFlashPlayerUpdateSvc - ok
20:20:45.0252 4064 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
20:20:45.0283 4064 adp94xx - ok
20:20:45.0330 4064 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
20:20:45.0345 4064 adpahci - ok
20:20:45.0376 4064 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
20:20:45.0376 4064 adpu320 - ok
20:20:45.0439 4064 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
20:20:45.0439 4064 AeLookupSvc - ok
20:20:45.0532 4064 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
20:20:45.0548 4064 AESTFilters - ok
20:20:45.0610 4064 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
20:20:45.0642 4064 AFD - ok
20:20:45.0688 4064 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
20:20:45.0704 4064 agp440 - ok
20:20:45.0751 4064 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
20:20:45.0751 4064 ALG - ok
20:20:45.0813 4064 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
20:20:45.0813 4064 aliide - ok
20:20:45.0876 4064 [ 7922823AB3210517660712ED01B8A2B5 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
20:20:45.0891 4064 AMD External Events Utility - ok
20:20:45.0985 4064 AMD FUEL Service - ok
20:20:46.0016 4064 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
20:20:46.0032 4064 amdide - ok
20:20:46.0063 4064 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\windows\system32\DRIVERS\amdiox64.sys
20:20:46.0063 4064 amdiox64 - ok
20:20:46.0094 4064 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
20:20:46.0094 4064 AmdK8 - ok
20:20:46.0702 4064 [ B3FE665C2D7DDE331BB05E0FD2292457 ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
20:20:47.0030 4064 amdkmdag - ok
20:20:47.0108 4064 [ 6264A490E9E825185895E8FF290545C8 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
20:20:47.0124 4064 amdkmdap - ok
20:20:47.0170 4064 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
20:20:47.0170 4064 AmdPPM - ok
20:20:47.0217 4064 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
20:20:47.0217 4064 amdsata - ok
20:20:47.0264 4064 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
20:20:47.0280 4064 amdsbs - ok
20:20:47.0311 4064 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
20:20:47.0311 4064 amdxata - ok
20:20:47.0358 4064 [ BB4FE7889DB9CBBE61A308E99697F53C ] amd_sata C:\windows\system32\DRIVERS\amd_sata.sys
20:20:47.0358 4064 amd_sata - ok
20:20:47.0389 4064 [ 5631CBA53F1CBEA3F9E88348E6723391 ] amd_xata C:\windows\system32\DRIVERS\amd_xata.sys
20:20:47.0389 4064 amd_xata - ok
20:20:47.0467 4064 [ 6690E42CED5D067233ABAD42DA141213 ] ApfiltrService C:\windows\system32\DRIVERS\Apfiltr.sys
20:20:47.0482 4064 ApfiltrService - ok
20:20:47.0607 4064 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
20:20:47.0623 4064 AppID - ok
20:20:47.0716 4064 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
20:20:47.0716 4064 AppIDSvc - ok
20:20:47.0795 4064 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
20:20:47.0795 4064 Appinfo - ok
20:20:47.0936 4064 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:20:47.0951 4064 Apple Mobile Device - ok
20:20:48.0029 4064 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
20:20:48.0045 4064 arc - ok
20:20:48.0107 4064 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
20:20:48.0123 4064 arcsas - ok
20:20:48.0263 4064 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:20:48.0295 4064 aspnet_state - ok
20:20:48.0341 4064 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\windows\system32\drivers\aswFsBlk.sys
20:20:48.0341 4064 aswFsBlk - ok
20:20:48.0388 4064 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys
20:20:48.0404 4064 aswMonFlt - ok
20:20:48.0435 4064 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\windows\System32\Drivers\aswrdr2.sys
20:20:48.0451 4064 aswRdr - ok
20:20:48.0529 4064 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\windows\system32\drivers\aswSnx.sys
20:20:48.0560 4064 aswSnx - ok
20:20:48.0591 4064 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\windows\system32\drivers\aswSP.sys
20:20:48.0607 4064 aswSP - ok
20:20:48.0653 4064 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\windows\system32\drivers\aswTdi.sys
20:20:48.0669 4064 aswTdi - ok
20:20:48.0731 4064 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
20:20:48.0747 4064 AsyncMac - ok
20:20:48.0809 4064 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
20:20:48.0809 4064 atapi - ok
20:20:48.0903 4064 [ CBD14F698DEF12EE3557604B726CB8EB ] AtiHDAudioService C:\windows\system32\drivers\AtihdW76.sys
20:20:48.0903 4064 AtiHDAudioService - ok
20:20:48.0965 4064 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
20:20:49.0012 4064 AudioEndpointBuilder - ok
20:20:49.0075 4064 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
20:20:49.0090 4064 AudioSrv - ok
20:20:49.0231 4064 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:20:49.0231 4064 avast! Antivirus - ok
20:20:49.0355 4064 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
20:20:49.0355 4064 AxInstSV - ok
20:20:49.0496 4064 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
20:20:49.0511 4064 b06bdrv - ok
20:20:49.0636 4064 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
20:20:49.0652 4064 b57nd60a - ok
20:20:50.0401 4064 [ 783F1C7ED6B39454A8D1028D4F30768D ] BCM43XX C:\windows\system32\DRIVERS\bcmwl664.sys
20:20:50.0557 4064 BCM43XX - ok
20:20:50.0619 4064 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
20:20:50.0635 4064 BDESVC - ok
20:20:50.0666 4064 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
20:20:50.0666 4064 Beep - ok
20:20:50.0744 4064 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
20:20:50.0775 4064 BFE - ok
20:20:50.0869 4064 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
20:20:50.0915 4064 BITS - ok
20:20:50.0962 4064 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
20:20:50.0978 4064 blbdrive - ok
20:20:51.0056 4064 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:20:51.0087 4064 Bonjour Service - ok
20:20:51.0212 4064 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
20:20:51.0227 4064 bowser - ok
20:20:51.0290 4064 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
20:20:51.0290 4064 BrFiltLo - ok
20:20:51.0321 4064 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
20:20:51.0337 4064 BrFiltUp - ok
20:20:51.0368 4064 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
20:20:51.0368 4064 BridgeMP - ok
20:20:51.0446 4064 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
20:20:51.0477 4064 Browser - ok
20:20:51.0555 4064 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
20:20:51.0586 4064 Brserid - ok
20:20:51.0617 4064 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
20:20:51.0633 4064 BrSerWdm - ok
20:20:51.0711 4064 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
20:20:51.0711 4064 BrUsbMdm - ok
20:20:51.0758 4064 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
20:20:51.0758 4064 BrUsbSer - ok
20:20:51.0820 4064 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
20:20:51.0820 4064 BthEnum - ok
20:20:51.0867 4064 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
20:20:51.0867 4064 BTHMODEM - ok
20:20:51.0914 4064 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
20:20:51.0945 4064 BthPan - ok
20:20:52.0023 4064 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
20:20:52.0085 4064 BTHPORT - ok
20:20:52.0132 4064 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
20:20:52.0148 4064 bthserv - ok
20:20:52.0273 4064 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
20:20:52.0273 4064 BTHUSB - ok
20:20:52.0382 4064 [ A0DFB69ADE3444C78B17636FCF28E898 ] BTWAMPFL C:\windows\system32\DRIVERS\btwampfl.sys
20:20:52.0382 4064 BTWAMPFL - ok
20:20:52.0429 4064 [ F6135859A582A7294BA7A3336E08BAA1 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
20:20:52.0444 4064 btwaudio - ok
20:20:52.0475 4064 [ 3DEF2370E414B4E299673558BA171A51 ] btwavdt C:\windows\system32\DRIVERS\btwavdt.sys
20:20:52.0475 4064 btwavdt - ok
20:20:52.0585 4064 [ B7DEA77EE893806859072274EE8EC8FC ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
20:20:52.0631 4064 btwdins - ok
20:20:52.0678 4064 [ 9AD0FA253ED531D39FB2D74FE12A5FA9 ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
20:20:52.0694 4064 btwl2cap - ok
20:20:52.0725 4064 [ 9937E0E4DFC0030560A6DFE9D3A94B39 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
20:20:52.0741 4064 btwrchid - ok
20:20:52.0787 4064 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
20:20:52.0787 4064 cdfs - ok
20:20:52.0928 4064 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
20:20:52.0959 4064 cdrom - ok
20:20:53.0068 4064 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
20:20:53.0084 4064 CertPropSvc - ok
20:20:53.0131 4064 CFRMD - ok
20:20:53.0162 4064 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
20:20:53.0162 4064 circlass - ok
20:20:53.0240 4064 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
20:20:53.0302 4064 CLFS - ok
20:20:53.0521 4064 [ 5EFF2D9DC1D80C1934DE81321599C8DB ] CLPSLauncher C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe
20:20:53.0521 4064 CLPSLauncher - ok
20:20:53.0614 4064 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:20:53.0614 4064 clr_optimization_v2.0.50727_32 - ok
20:20:53.0692 4064 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:20:53.0708 4064 clr_optimization_v2.0.50727_64 - ok
20:20:53.0801 4064 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:20:53.0817 4064 clr_optimization_v4.0.30319_32 - ok
20:20:53.0879 4064 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:20:53.0911 4064 clr_optimization_v4.0.30319_64 - ok
20:20:53.0989 4064 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
20:20:53.0989 4064 CmBatt - ok
20:20:54.0176 4064 [ 65FB5097D9EE7E3A99E932CFA0E4B344 ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
20:20:54.0269 4064 cmdAgent - ok
20:20:54.0347 4064 [ 919ACCC22ABDC1C3CA68326C0E5DEAF9 ] cmdGuard C:\windows\system32\DRIVERS\cmdguard.sys
20:20:54.0379 4064 cmdGuard - ok
20:20:54.0441 4064 [ F8FECE0F1D44C4A58778083B00EEADAC ] cmdHlp C:\windows\system32\DRIVERS\cmdhlp.sys
20:20:54.0457 4064 cmdHlp - ok
20:20:54.0503 4064 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
20:20:54.0519 4064 cmdide - ok
20:20:54.0628 4064 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
20:20:54.0659 4064 CNG - ok
20:20:54.0753 4064 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
20:20:54.0753 4064 Compbatt - ok
20:20:54.0815 4064 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
20:20:54.0815 4064 CompositeBus - ok
20:20:54.0878 4064 COMSysApp - ok
20:20:54.0925 4064 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
20:20:54.0940 4064 crcdisk - ok
20:20:55.0049 4064 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
20:20:55.0065 4064 CryptSvc - ok
20:20:55.0159 4064 [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt C:\windows\system32\DRIVERS\CtClsFlt.sys
20:20:55.0174 4064 CtClsFlt - ok
20:20:55.0237 4064 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
20:20:55.0283 4064 DcomLaunch - ok
20:20:55.0361 4064 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
20:20:55.0377 4064 defragsvc - ok
20:20:55.0408 4064 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
20:20:55.0408 4064 DfsC - ok
20:20:55.0455 4064 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
20:20:55.0502 4064 Dhcp - ok
20:20:55.0549 4064 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
20:20:55.0549 4064 discache - ok
20:20:55.0627 4064 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
20:20:55.0642 4064 Disk - ok
20:20:55.0673 4064 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
20:20:55.0689 4064 Dnscache - ok
20:20:55.0798 4064 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
20:20:55.0829 4064 dot3svc - ok
20:20:55.0954 4064 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\windows\system32\DRIVERS\Dot4.sys
20:20:55.0954 4064 Dot4 - ok
20:20:56.0032 4064 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\windows\system32\DRIVERS\Dot4Prt.sys
20:20:56.0048 4064 Dot4Print - ok
20:20:56.0110 4064 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\windows\system32\DRIVERS\dot4usb.sys
20:20:56.0126 4064 dot4usb - ok
20:20:56.0219 4064 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
20:20:56.0235 4064 DPS - ok
20:20:56.0485 4064 [ C2A43D645FCC1DD154DF6CE029ED5C48 ] DragonUpdater C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
20:20:56.0531 4064 DragonUpdater - ok
20:20:56.0609 4064 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
20:20:56.0609 4064 drmkaud - ok
20:20:56.0719 4064 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
20:20:56.0765 4064 DXGKrnl - ok
20:20:56.0843 4064 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
20:20:56.0859 4064 EapHost - ok
20:20:57.0031 4064 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
20:20:57.0171 4064 ebdrv - ok
20:20:57.0249 4064 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
20:20:57.0265 4064 EFS - ok
20:20:57.0358 4064 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
20:20:57.0405 4064 ehRecvr - ok
20:20:57.0436 4064 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
20:20:57.0452 4064 ehSched - ok
20:20:57.0530 4064 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
20:20:57.0577 4064 elxstor - ok
20:20:57.0592 4064 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
20:20:57.0592 4064 ErrDev - ok
20:20:57.0686 4064 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
20:20:57.0717 4064 EventSystem - ok
20:20:57.0826 4064 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
20:20:57.0873 4064 exfat - ok
20:20:57.0920 4064 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
20:20:57.0951 4064 fastfat - ok
20:20:58.0045 4064 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
20:20:58.0076 4064 Fax - ok
20:20:58.0107 4064 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
20:20:58.0123 4064 fdc - ok
20:20:58.0169 4064 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
20:20:58.0169 4064 fdPHost - ok
20:20:58.0232 4064 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
20:20:58.0247 4064 FDResPub - ok
20:20:58.0294 4064 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
20:20:58.0294 4064 FileInfo - ok
20:20:58.0325 4064 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
20:20:58.0325 4064 Filetrace - ok
20:20:58.0513 4064 [ 5CEE6CD43AE5844C49300EA0B1E557EE ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
20:20:58.0559 4064 FLEXnet Licensing Service 64 - ok
20:20:58.0637 4064 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
20:20:58.0637 4064 flpydisk - ok
20:20:58.0684 4064 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
20:20:58.0700 4064 FltMgr - ok
20:20:58.0778 4064 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
20:20:58.0825 4064 FontCache - ok
20:20:58.0918 4064 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:20:58.0934 4064 FontCache3.0.0.0 - ok
20:20:58.0965 4064 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
20:20:58.0965 4064 FsDepends - ok
20:20:59.0043 4064 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
20:20:59.0059 4064 Fs_Rec - ok
20:20:59.0121 4064 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
20:20:59.0137 4064 fvevol - ok
20:20:59.0168 4064 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
20:20:59.0183 4064 gagp30kx - ok
20:20:59.0324 4064 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
20:20:59.0371 4064 GamesAppService - ok
20:20:59.0433 4064 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
20:20:59.0433 4064 GEARAspiWDM - ok
20:20:59.0589 4064 [ 24B6902AE2735C7C8ED6670E5E323EC9 ] GeekBuddyRSP C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe
20:20:59.0620 4064 GeekBuddyRSP - ok
20:20:59.0714 4064 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
20:20:59.0745 4064 gpsvc - ok
20:20:59.0885 4064 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:20:59.0885 4064 gupdate - ok
20:20:59.0901 4064 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:20:59.0901 4064 gupdatem - ok
20:20:59.0979 4064 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
20:20:59.0995 4064 hcw85cir - ok
20:21:00.0057 4064 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
20:21:00.0073 4064 HdAudAddService - ok
20:21:00.0119 4064 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
20:21:00.0135 4064 HDAudBus - ok
20:21:00.0166 4064 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
20:21:00.0182 4064 HidBatt - ok
20:21:00.0229 4064 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
20:21:00.0244 4064 HidBth - ok
20:21:00.0260 4064 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
20:21:00.0275 4064 HidIr - ok
20:21:00.0322 4064 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
20:21:00.0338 4064 hidserv - ok
20:21:00.0416 4064 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
20:21:00.0431 4064 HidUsb - ok
20:21:00.0478 4064 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
20:21:00.0509 4064 hkmsvc - ok
20:21:00.0541 4064 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
20:21:00.0572 4064 HomeGroupListener - ok
20:21:00.0619 4064 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
20:21:00.0650 4064 HomeGroupProvider - ok
20:21:00.0821 4064 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
20:21:00.0821 4064 hpqcxs08 - ok
20:21:00.0899 4064 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
20:21:00.0899 4064 hpqddsvc - ok
20:21:00.0931 4064 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
20:21:00.0946 4064 HpSAMD - ok
20:21:01.0009 4064 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
20:21:01.0040 4064 HTTP - ok
20:21:01.0071 4064 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
20:21:01.0071 4064 hwpolicy - ok
20:21:01.0133 4064 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
20:21:01.0180 4064 i8042prt - ok
20:21:01.0243 4064 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
20:21:01.0258 4064 iaStorV - ok
20:21:01.0352 4064 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:21:01.0367 4064 IDriverT - ok
20:21:01.0430 4064 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:21:01.0477 4064 idsvc - ok
20:21:01.0523 4064 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
20:21:01.0523 4064 iirsp - ok
20:21:01.0586 4064 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
20:21:01.0633 4064 IKEEXT - ok
20:21:01.0679 4064 [ C4E67D3037DC79E39D7136581A947F50 ] inspect C:\windows\system32\DRIVERS\inspect.sys
20:21:01.0695 4064 inspect - ok
20:21:01.0711 4064 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
20:21:01.0726 4064 intelide - ok
20:21:01.0757 4064 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\drivers\intelppm.sys
20:21:01.0773 4064 intelppm - ok
20:21:01.0835 4064 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
20:21:01.0835 4064 IPBusEnum - ok
20:21:01.0867 4064 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
20:21:01.0867 4064 IpFilterDriver - ok
20:21:01.0945 4064 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
20:21:01.0976 4064 iphlpsvc - ok
20:21:02.0038 4064 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
20:21:02.0038 4064 IPMIDRV - ok
20:21:02.0054 4064 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
20:21:02.0069 4064 IPNAT - ok
20:21:02.0179 4064 [ 755E4BA6DCE627A2683BB7640553C8D6 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:21:02.0225 4064 iPod Service - ok
20:21:02.0257 4064 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
20:21:02.0257 4064 IRENUM - ok
20:21:02.0319 4064 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
20:21:02.0350 4064 isapnp - ok
20:21:02.0381 4064 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
20:21:02.0397 4064 iScsiPrt - ok
20:21:02.0444 4064 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
20:21:02.0444 4064 kbdclass - ok
20:21:02.0506 4064 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
20:21:02.0506 4064 kbdhid - ok
20:21:02.0537 4064 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
20:21:02.0537 4064 KeyIso - ok
20:21:02.0584 4064 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
20:21:02.0600 4064 KSecDD - ok
20:21:02.0647 4064 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
20:21:02.0647 4064 KSecPkg - ok
20:21:02.0693 4064 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
20:21:02.0693 4064 ksthunk - ok
20:21:02.0756 4064 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
20:21:02.0787 4064 KtmRm - ok
20:21:02.0849 4064 KUSBusByTCP - ok
20:21:02.0990 4064 [ 384E82435A09A89C4E87A6B20AA9EE69 ] KUSBusByTCPMasterBus C:\windows\syswow64\Drivers\KUSBusByTCPMasterBus.sys
20:21:02.0990 4064 KUSBusByTCPMasterBus - ok
20:21:03.0068 4064 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
20:21:03.0099 4064 LanmanServer - ok
20:21:03.0146 4064 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
20:21:03.0177 4064 LanmanWorkstation - ok
20:21:03.0208 4064 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
20:21:03.0224 4064 lltdio - ok
20:21:03.0271 4064 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
20:21:03.0302 4064 lltdsvc - ok
20:21:03.0333 4064 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
20:21:03.0349 4064 lmhosts - ok
20:21:03.0411 4064 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
20:21:03.0411 4064 LSI_FC - ok
20:21:03.0458 4064 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
20:21:03.0473 4064 LSI_SAS - ok
20:21:03.0489 4064 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
20:21:03.0489 4064 LSI_SAS2 - ok
20:21:03.0520 4064 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
20:21:03.0536 4064 LSI_SCSI - ok
20:21:03.0583 4064 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
20:21:03.0583 4064 luafv - ok
20:21:03.0645 4064 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\windows\system32\DRIVERS\mcdbus.sys
20:21:03.0661 4064 mcdbus - ok
20:21:03.0692 4064 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
20:21:03.0723 4064 Mcx2Svc - ok
20:21:03.0770 4064 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
20:21:03.0785 4064 megasas - ok
20:21:03.0817 4064 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
20:21:03.0832 4064 MegaSR - ok
20:21:03.0910 4064 Microsoft SharePoint Workspace Audit Service - ok
20:21:03.0941 4064 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
20:21:03.0957 4064 MMCSS - ok
20:21:03.0973 4064 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
20:21:03.0988 4064 Modem - ok
20:21:04.0035 4064 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
20:21:04.0035 4064 monitor - ok
20:21:04.0082 4064 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
20:21:04.0113 4064 mouclass - ok
20:21:04.0160 4064 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
20:21:04.0160 4064 mouhid - ok
20:21:04.0191 4064 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
20:21:04.0207 4064 mountmgr - ok
20:21:04.0285 4064 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:21:04.0285 4064 MozillaMaintenance - ok
20:21:04.0331 4064 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
20:21:04.0347 4064 mpio - ok
20:21:04.0378 4064 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
20:21:04.0378 4064 mpsdrv - ok
20:21:04.0441 4064 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
20:21:04.0487 4064 MpsSvc - ok
20:21:04.0534 4064 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
20:21:04.0534 4064 MRxDAV - ok
20:21:04.0597 4064 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
20:21:04.0628 4064 mrxsmb - ok
20:21:04.0675 4064 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
20:21:04.0675 4064 mrxsmb10 - ok
20:21:04.0706 4064 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
20:21:04.0721 4064 mrxsmb20 - ok
20:21:04.0753 4064 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
20:21:04.0768 4064 msahci - ok
20:21:04.0784 4064 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
20:21:04.0799 4064 msdsm - ok
20:21:04.0831 4064 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
20:21:04.0862 4064 MSDTC - ok
20:21:04.0971 4064 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
20:21:04.0971 4064 Msfs - ok
20:21:05.0002 4064 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
20:21:05.0002 4064 mshidkmdf - ok
20:21:05.0049 4064 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
20:21:05.0065 4064 msisadrv - ok
20:21:05.0111 4064 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
20:21:05.0127 4064 MSiSCSI - ok
20:21:05.0143 4064 msiserver - ok
20:21:05.0189 4064 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
20:21:05.0189 4064 MSKSSRV - ok
20:21:05.0221 4064 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
20:21:05.0236 4064 MSPCLOCK - ok
20:21:05.0252 4064 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
20:21:05.0252 4064 MSPQM - ok
20:21:05.0299 4064 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
20:21:05.0314 4064 MsRPC - ok
20:21:05.0361 4064 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
20:21:05.0377 4064 mssmbios - ok
20:21:05.0408 4064 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
20:21:05.0408 4064 MSTEE - ok
20:21:05.0439 4064 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
20:21:05.0439 4064 MTConfig - ok
20:21:05.0501 4064 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
20:21:05.0501 4064 Mup - ok
20:21:05.0564 4064 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
20:21:05.0595 4064 napagent - ok
20:21:05.0673 4064 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
20:21:05.0673 4064 NativeWifiP - ok
20:21:05.0829 4064 [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
20:21:05.0860 4064 NAUpdate - ok
20:21:05.0985 4064 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
20:21:06.0063 4064 NDIS - ok
20:21:06.0157 4064 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
20:21:06.0172 4064 NdisCap - ok
20:21:06.0266 4064 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
20:21:06.0297 4064 NdisTapi - ok
20:21:06.0359 4064 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
20:21:06.0375 4064 Ndisuio - ok
20:21:06.0547 4064 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
20:21:06.0578 4064 NdisWan - ok
20:21:06.0625 4064 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
20:21:06.0640 4064 NDProxy - ok
20:21:06.0718 4064 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
20:21:06.0734 4064 Net Driver HPZ12 - ok
20:21:06.0812 4064 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
20:21:06.0827 4064 NetBIOS - ok
20:21:06.0874 4064 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
20:21:06.0890 4064 NetBT - ok
20:21:06.0937 4064 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
20:21:06.0937 4064 Netlogon - ok
20:21:06.0999 4064 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
20:21:07.0030 4064 Netman - ok
20:21:07.0139 4064 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:21:07.0171 4064 NetMsmqActivator - ok
20:21:07.0217 4064 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:21:07.0217 4064 NetPipeActivator - ok
20:21:07.0264 4064 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
20:21:07.0295 4064 netprofm - ok
20:21:07.0311 4064 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:21:07.0327 4064 NetTcpActivator - ok
20:21:07.0358 4064 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:21:07.0373 4064 NetTcpPortSharing - ok
20:21:07.0436 4064 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
20:21:07.0451 4064 nfrd960 - ok
20:21:07.0529 4064 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
20:21:07.0592 4064 NlaSvc - ok
20:21:07.0639 4064 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
20:21:07.0639 4064 Npfs - ok
20:21:07.0701 4064 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
20:21:07.0717 4064 nsi - ok
20:21:07.0763 4064 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
20:21:07.0763 4064 nsiproxy - ok
20:21:07.0904 4064 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
20:21:07.0966 4064 Ntfs - ok
20:21:07.0997 4064 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
20:21:07.0997 4064 Null - ok
20:21:08.0029 4064 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
20:21:08.0029 4064 nvraid - ok
20:21:08.0060 4064 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
20:21:08.0075 4064 nvstor - ok
20:21:08.0091 4064 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
20:21:08.0107 4064 nv_agp - ok
20:21:08.0138 4064 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
20:21:08.0138 4064 ohci1394 - ok
20:21:08.0216 4064 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:21:08.0216 4064 ose - ok
20:21:08.0450 4064 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:21:08.0606 4064 osppsvc - ok
20:21:08.0684 4064 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
20:21:08.0699 4064 p2pimsvc - ok
20:21:08.0746 4064 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
20:21:08.0777 4064 p2psvc - ok
20:21:08.0809 4064 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
20:21:08.0824 4064 Parport - ok
20:21:08.0871 4064 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
20:21:08.0871 4064 partmgr - ok
20:21:08.0918 4064 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
20:21:08.0933 4064 PcaSvc - ok
20:21:09.0027 4064 [ 4B5F5774FF1C577B9515FDD2B5C535C5 ] PCDSRVC{1E208CE0-FB7451FF-06020200}_0 c:\program files\dell support center\pcdsrvc_x64.pkms
20:21:09.0089 4064 PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - ok
20:21:09.0136 4064 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
20:21:09.0152 4064 pci - ok
20:21:09.0199 4064 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
20:21:09.0199 4064 pciide - ok
20:21:09.0230 4064 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
20:21:09.0230 4064 pcmcia - ok
20:21:09.0261 4064 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
20:21:09.0261 4064 pcw - ok
20:21:09.0308 4064 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
20:21:09.0339 4064 PEAUTH - ok
20:21:09.0448 4064 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
20:21:09.0464 4064 PerfHost - ok
20:21:09.0604 4064 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
20:21:09.0667 4064 pla - ok
20:21:09.0745 4064 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
20:21:09.0776 4064 PlugPlay - ok
20:21:09.0823 4064 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
20:21:09.0838 4064 Pml Driver HPZ12 - ok
20:21:09.0869 4064 PnkBstrA - ok
20:21:09.0916 4064 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
20:21:09.0932 4064 PNRPAutoReg - ok
20:21:09.0979 4064 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
20:21:09.0994 4064 PNRPsvc - ok
20:21:10.0041 4064 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
20:21:10.0072 4064 PolicyAgent - ok
20:21:10.0135 4064 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
20:21:10.0166 4064 Power - ok
20:21:10.0213 4064 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
20:21:10.0213 4064 PptpMiniport - ok
20:21:10.0259 4064 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
20:21:10.0259 4064 Processor - ok
20:21:10.0306 4064 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
20:21:10.0337 4064 ProfSvc - ok
20:21:10.0384 4064 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
20:21:10.0384 4064 ProtectedStorage - ok
20:21:10.0431 4064 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
20:21:10.0447 4064 Psched - ok
20:21:10.0509 4064 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys
20:21:10.0509 4064 PxHlpa64 - ok
20:21:10.0603 4064 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
20:21:10.0649 4064 ql2300 - ok
20:21:10.0681 4064 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
20:21:10.0681 4064 ql40xx - ok
20:21:10.0743 4064 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
20:21:10.0774 4064 QWAVE - ok
20:21:10.0790 4064 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
20:21:10.0805 4064 QWAVEdrv - ok
20:21:10.0961 4064 [ F98487B25828441B1C6488C642C2AC10 ] RapportCerberus_43926 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys
20:21:10.0993 4064 RapportCerberus_43926 - ok
20:21:11.0039 4064 [ EAE1BB44F17EB3F439367AAC6B829D55 ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
20:21:11.0055 4064 RapportEI64 - ok
20:21:11.0117 4064 [ 428ABD0B5D771284F393356C6729074F ] RapportKE64 C:\windows\system32\Drivers\RapportKE64.sys
20:21:11.0117 4064 RapportKE64 - ok
20:21:11.0227 4064 [ 35468625105F5B10FCF43E5D58659924 ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
20:21:11.0273 4064 RapportMgmtService - ok
20:21:11.0336 4064 [ 4CCFCED21C81C0C1D2BE6CB3ABF8A217 ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
20:21:11.0351 4064 RapportPG64 - ok
20:21:11.0383 4064 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
20:21:11.0383 4064 RasAcd - ok
20:21:11.0445 4064 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
20:21:11.0476 4064 RasAgileVpn - ok
20:21:11.0507 4064 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
20:21:11.0539 4064 RasAuto - ok
20:21:11.0570 4064 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
20:21:11.0585 4064 Rasl2tp - ok
20:21:11.0617 4064 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
20:21:11.0648 4064 RasMan - ok
20:21:11.0679 4064 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
20:21:11.0695 4064 RasPppoe - ok
20:21:11.0710 4064 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
20:21:11.0726 4064 RasSstp - ok
20:21:11.0773 4064 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
20:21:11.0788 4064 rdbss - ok
20:21:11.0835 4064 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
20:21:11.0835 4064 rdpbus - ok
20:21:11.0866 4064 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
20:21:11.0866 4064 RDPCDD - ok
20:21:11.0913 4064 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
20:21:11.0913 4064 RDPENCDD - ok
20:21:11.0960 4064 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
20:21:11.0975 4064 RDPREFMP - ok
20:21:12.0038 4064 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
20:21:12.0038 4064 RDPWD - ok
20:21:12.0100 4064 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
20:21:12.0116 4064 rdyboost - ok
20:21:12.0147 4064 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
20:21:12.0163 4064 RemoteAccess - ok
20:21:12.0209 4064 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
20:21:12.0256 4064 RemoteRegistry - ok
20:21:12.0319 4064 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
20:21:12.0319 4064 RFCOMM - ok
20:21:12.0381 4064 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\windows\system32\Drivers\RimUsb_AMD64.sys
20:21:12.0397 4064 RimUsb - ok
20:21:12.0459 4064 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\windows\system32\DRIVERS\RimSerial_AMD64.sys
20:21:12.0459 4064 RimVSerPort - ok
20:21:12.0490 4064 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\windows\system32\Drivers\RootMdm.sys
20:21:12.0506 4064 ROOTMODEM - ok
20:21:12.0615 4064 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
20:21:12.0677 4064 RoxMediaDB12OEM - ok
20:21:12.0724 4064 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
20:21:12.0740 4064 RoxWatch12 - ok
20:21:12.0802 4064 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
20:21:12.0833 4064 RpcEptMapper - ok
20:21:12.0865 4064 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
20:21:12.0880 4064 RpcLocator - ok
20:21:12.0943 4064 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\System32\rpcss.dll
20:21:12.0974 4064 RpcSs - ok
20:21:13.0052 4064 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
20:21:13.0067 4064 rspndr - ok
20:21:13.0130 4064 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
20:21:13.0145 4064 RSUSBSTOR - ok
20:21:13.0192 4064 [ E50CFB92986DCAB49DE93788FD695813 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
20:21:13.0223 4064 RTL8167 - ok
20:21:13.0255 4064 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
20:21:13.0270 4064 SamSs - ok
20:21:13.0317 4064 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
20:21:13.0333 4064 sbp2port - ok
20:21:13.0379 4064 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
20:21:13.0395 4064 SCardSvr - ok
20:21:13.0411 4064 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
20:21:13.0426 4064 scfilter - ok
20:21:13.0489 4064 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
20:21:13.0535 4064 Schedule - ok
20:21:13.0598 4064 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
20:21:13.0598 4064 SCPolicySvc - ok
20:21:13.0629 4064 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
20:21:13.0660 4064 SDRSVC - ok
20:21:13.0691 4064 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
20:21:13.0707 4064 secdrv - ok
20:21:13.0738 4064 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
20:21:13.0754 4064 seclogon - ok
20:21:13.0785 4064 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
20:21:13.0801 4064 SENS - ok
20:21:13.0847 4064 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
20:21:13.0863 4064 SensrSvc - ok
20:21:13.0894 4064 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
20:21:13.0910 4064 Serenum - ok
20:21:13.0925 4064 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
20:21:13.0941 4064 Serial - ok
20:21:13.0957 4064 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
20:21:13.0957 4064 sermouse - ok
20:21:14.0035 4064 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
20:21:14.0066 4064 SessionEnv - ok
20:21:14.0081 4064 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
20:21:14.0081 4064 sffdisk - ok
20:21:14.0097 4064 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
20:21:14.0113 4064 sffp_mmc - ok
20:21:14.0128 4064 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
20:21:14.0144 4064 sffp_sd - ok
20:21:14.0159 4064 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
20:21:14.0159 4064 sfloppy - ok
20:21:14.0284 4064 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
20:21:14.0331 4064 SftService - ok
20:21:14.0409 4064 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
20:21:14.0440 4064 SharedAccess - ok
20:21:14.0503 4064 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
20:21:14.0534 4064 ShellHWDetection - ok
20:21:14.0549 4064 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
20:21:14.0565 4064 SiSRaid2 - ok
20:21:14.0596 4064 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
20:21:14.0612 4064 SiSRaid4 - ok
20:21:14.0659 4064 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:21:14.0674 4064 SkypeUpdate - ok
20:21:14.0690 4064 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
20:21:14.0705 4064 Smb - ok
20:21:14.0768 4064 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
20:21:14.0783 4064 SNMPTRAP - ok
20:21:14.0830 4064 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
20:21:14.0830 4064 spldr - ok
20:21:14.0893 4064 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
20:21:14.0939 4064 Spooler - ok
20:21:15.0111 4064 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
20:21:15.0236 4064 sppsvc - ok
20:21:15.0298 4064 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
20:21:15.0314 4064 sppuinotify - ok
20:21:15.0376 4064 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
20:21:15.0407 4064 srv - ok
20:21:15.0454 4064 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
20:21:15.0470 4064 srv2 - ok
20:21:15.0501 4064 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
20:21:15.0517 4064 srvnet - ok
20:21:15.0563 4064 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
20:21:15.0595 4064 SSDPSRV - ok
20:21:15.0626 4064 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
20:21:15.0657 4064 SstpSvc - ok
20:21:15.0766 4064 [ A6B2EC3A2B6AD7C3F7B2F3495CADE4C0 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
20:21:15.0766 4064 STacSV - ok
20:21:15.0813 4064 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
20:21:15.0829 4064 stexstor - ok
20:21:15.0891 4064 [ EBA98394A7D58F7552C52192BD8FA7E6 ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys
20:21:15.0922 4064 STHDA - ok
20:21:15.0985 4064 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
20:21:16.0016 4064 stisvc - ok
20:21:16.0078 4064 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
20:21:16.0094 4064 stllssvr - ok
20:21:16.0141 4064 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
20:21:16.0141 4064 swenum - ok
20:21:16.0203 4064 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
20:21:16.0234 4064 swprv - ok
20:21:16.0312 4064 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
20:21:16.0390 4064 SysMain - ok
20:21:16.0437 4064 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
20:21:16.0453 4064 TabletInputService - ok
20:21:16.0484 4064 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
20:21:16.0531 4064 TapiSrv - ok
20:21:16.0546 4064 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
20:21:16.0577 4064 TBS - ok
20:21:16.0687 4064 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
20:21:16.0749 4064 Tcpip - ok
20:21:16.0874 4064 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
20:21:16.0905 4064 TCPIP6 - ok
20:21:16.0983 4064 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
20:21:16.0999 4064 tcpipreg - ok
20:21:17.0061 4064 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
20:21:17.0061 4064 TDPIPE - ok
20:21:17.0108 4064 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
20:21:17.0123 4064 TDTCP - ok
20:21:17.0155 4064 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
20:21:17.0170 4064 tdx - ok
20:21:17.0201 4064 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
20:21:17.0217 4064 TermDD - ok
20:21:17.0279 4064 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
20:21:17.0326 4064 TermService - ok
20:21:17.0357 4064 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
20:21:17.0389 4064 Themes - ok
20:21:17.0435 4064 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
20:21:17.0451 4064 THREADORDER - ok
20:21:17.0529 4064 [ E9CA6ED72EA9F56BD6E98C7042092A1C ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
20:21:17.0529 4064 TomTomHOMEService - ok
20:21:17.0607 4064 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
20:21:17.0623 4064 TrkWks - ok
20:21:17.0701 4064 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
20:21:17.0732 4064 TrustedInstaller - ok
20:21:17.0763 4064 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
20:21:17.0779 4064 tssecsrv - ok
20:21:17.0810 4064 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
20:21:17.0825 4064 TsUsbFlt - ok
20:21:17.0857 4064 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
20:21:17.0857 4064 TsUsbGD - ok
20:21:17.0919 4064 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
20:21:17.0919 4064 tunnel - ok
20:21:17.0981 4064 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
20:21:17.0997 4064 uagp35 - ok
20:21:18.0044 4064 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
20:21:18.0059 4064 udfs - ok
20:21:18.0122 4064 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
20:21:18.0153 4064 UI0Detect - ok
20:21:18.0169 4064 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
20:21:18.0184 4064 uliagpkx - ok
20:21:18.0248 4064 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
20:21:18.0248 4064 umbus - ok
20:21:18.0279 4064 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
20:21:18.0294 4064 UmPass - ok
20:21:18.0341 4064 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
20:21:18.0388 4064 upnphost - ok
20:21:18.0450 4064 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
20:21:18.0450 4064 USBAAPL64 - ok
20:21:18.0497 4064 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
20:21:18.0497 4064 usbccgp - ok
20:21:18.0560 4064 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
20:21:18.0560 4064 usbcir - ok
20:21:18.0622 4064 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
20:21:18.0622 4064 usbehci - ok
20:21:18.0669 4064 [ 76E2FFAD301490BA27B947C6507752FB ] usbfilter C:\windows\system32\DRIVERS\usbfilter.sys
20:21:18.0684 4064 usbfilter - ok
20:21:18.0747 4064 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
20:21:18.0778 4064 usbhub - ok
20:21:18.0809 4064 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
20:21:18.0809 4064 usbohci - ok
20:21:18.0856 4064 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
20:21:18.0872 4064 usbprint - ok
20:21:18.0950 4064 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
20:21:18.0950 4064 usbscan - ok
20:21:19.0012 4064 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
20:21:19.0012 4064 USBSTOR - ok
20:21:19.0043 4064 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
20:21:19.0043 4064 usbuhci - ok
20:21:19.0090 4064 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
20:21:19.0106 4064 usbvideo - ok
20:21:19.0137 4064 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
20:21:19.0168 4064 UxSms - ok
20:21:19.0199 4064 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
20:21:19.0199 4064 VaultSvc - ok
20:21:19.0246 4064 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
20:21:19.0262 4064 vdrvroot - ok
20:21:19.0324 4064 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
20:21:19.0371 4064 vds - ok
20:21:19.0402 4064 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
20:21:19.0402 4064 vga - ok
20:21:19.0433 4064 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
20:21:19.0449 4064 VgaSave - ok
20:21:19.0464 4064 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
20:21:19.0480 4064 vhdmp - ok
20:21:19.0511 4064 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
20:21:19.0527 4064 viaide - ok
20:21:19.0574 4064 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
20:21:19.0574 4064 volmgr - ok
20:21:19.0620 4064 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
20:21:19.0636 4064 volmgrx - ok
20:21:19.0698 4064 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
20:21:19.0714 4064 volsnap - ok
20:21:19.0745 4064 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
20:21:19.0761 4064 vsmraid - ok
20:21:19.0854 4064 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
20:21:19.0932 4064 VSS - ok
20:21:19.0964 4064 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
20:21:19.0964 4064 vwifibus - ok
20:21:20.0042 4064 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
20:21:20.0042 4064 vwififlt - ok
20:21:20.0135 4064 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
20:21:20.0166 4064 W32Time - ok
20:21:20.0276 4064 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
20:21:20.0291 4064 WacomPen - ok
20:21:20.0354 4064 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
20:21:20.0369 4064 WANARP - ok
20:21:20.0400 4064 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
20:21:20.0416 4064 Wanarpv6 - ok
20:21:20.0525 4064 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
20:21:20.0572 4064 WatAdminSvc - ok
20:21:20.0666 4064 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
20:21:20.0744 4064 wbengine - ok
20:21:20.0775 4064 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
20:21:20.0790 4064 WbioSrvc - ok
20:21:20.0822 4064 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
20:21:20.0853 4064 wcncsvc - ok
20:21:20.0884 4064 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
20:21:20.0915 4064 WcsPlugInService - ok
20:21:20.0962 4064 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
20:21:20.0962 4064 Wd - ok
20:21:21.0102 4064 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
20:21:21.0134 4064 Wdf01000 - ok
20:21:21.0196 4064 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
20:21:21.0227 4064 WdiServiceHost - ok
20:21:21.0243 4064 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
20:21:21.0258 4064 WdiSystemHost - ok
20:21:21.0321 4064 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
20:21:21.0352 4064 WebClient - ok
20:21:21.0399 4064 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
20:21:21.0430 4064 Wecsvc - ok
20:21:21.0508 4064 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
20:21:21.0539 4064 wercplsupport - ok
20:21:21.0602 4064 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
20:21:21.0617 4064 WerSvc - ok
20:21:21.0711 4064 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
20:21:21.0758 4064 WfpLwf - ok
20:21:21.0836 4064 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\windows\system32\DRIVERS\wimfltr.sys
20:21:21.0836 4064 WimFltr - ok
20:21:21.0929 4064 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
20:21:21.0929 4064 WIMMount - ok
20:21:22.0007 4064 WinDefend - ok
20:21:22.0101 4064 WinHttpAutoProxySvc - ok
20:21:22.0226 4064 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
20:21:22.0272 4064 Winmgmt - ok
20:21:22.0382 4064 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
20:21:22.0475 4064 WinRM - ok
20:21:22.0616 4064 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
20:21:22.0631 4064 WinUsb - ok
20:21:22.0709 4064 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
20:21:22.0772 4064 Wlansvc - ok
20:21:22.0834 4064 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:21:22.0850 4064 wlcrasvc - ok
20:21:22.0990 4064 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:21:23.0084 4064 wlidsvc - ok
20:21:23.0162 4064 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
20:21:23.0162 4064 WmiAcpi - ok
20:21:23.0224 4064 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
20:21:23.0240 4064 wmiApSrv - ok
20:21:23.0271 4064 WMPNetworkSvc - ok
20:21:23.0318 4064 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
20:21:23.0364 4064 WPCSvc - ok
20:21:23.0380 4064 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
20:21:23.0411 4064 WPDBusEnum - ok
20:21:23.0458 4064 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
20:21:23.0458 4064 ws2ifsl - ok
20:21:23.0505 4064 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
20:21:23.0536 4064 wscsvc - ok
20:21:23.0552 4064 WSearch - ok
20:21:23.0692 4064 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
20:21:23.0786 4064 wuauserv - ok
20:21:23.0848 4064 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
20:21:23.0864 4064 WudfPf - ok
20:21:23.0926 4064 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
20:21:23.0942 4064 WUDFRd - ok
20:21:24.0004 4064 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
20:21:24.0020 4064 wudfsvc - ok
20:21:24.0082 4064 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
20:21:24.0113 4064 WwanSvc - ok
20:21:24.0191 4064 ================ Scan global ===============================
20:21:24.0222 4064 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
20:21:24.0269 4064 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll
20:21:24.0332 4064 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll
20:21:24.0363 4064 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
20:21:24.0410 4064 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
20:21:24.0456 4064 [Global] - ok
20:21:24.0456 4064 ================ Scan MBR ==================================
20:21:24.0472 4064 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:21:24.0831 4064 \Device\Harddisk0\DR0 - ok
20:21:24.0831 4064 ================ Scan VBR ==================================
20:21:24.0846 4064 [ B4A651EA79A9998884DA67ECFFB5E2E7 ] \Device\Harddisk0\DR0\Partition1
20:21:24.0846 4064 \Device\Harddisk0\DR0\Partition1 - ok
20:21:24.0893 4064 [ 9353CF31A6EC515E78353D1600509A2F ] \Device\Harddisk0\DR0\Partition2
20:21:24.0893 4064 \Device\Harddisk0\DR0\Partition2 - ok
20:21:24.0893 4064 ============================================================
20:21:24.0893 4064 Scan finished
20:21:24.0893 4064 ============================================================
20:21:24.0940 7088 Detected object count: 0
20:21:24.0940 7088 Actual detected object count: 0
-
I think the attached log is what youre after (too long to post)
It seems to only be Firefox (ads are still there
) but its the only browser I use. -
JRT
Tried running the scan but when it starts doing a quick scan on the registry the image below poped up:
Tried closing the program but subsequently pooped up again after 5 minuites or so. The scan therefore couldn't complete...
ComboFix log:
ComboFix 13-01-15.02 - Conor 15/01/2013 20:38:31.8.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3692.1695 [GMT 0:00]
Running from: c:\users\Conor\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\programdata\PCDr\6032\AddOnDownloaded\18d25bc5-acbb-424f-a6c6-d04a97765094.dll
c:\programdata\PCDr\6032\AddOnDownloaded\2141cd58-3a24-481f-8ca2-8b466c9b797f.dll
c:\programdata\PCDr\6032\AddOnDownloaded\2d2ff7e2-f0f8-4f32-a28e-e44234dd3300.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3e137363-345c-454a-a474-2da300d9297a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4011a5cd-1208-467b-b149-4c0534295875.dll
c:\programdata\PCDr\6032\AddOnDownloaded\62089595-46e8-4c4f-9d7b-48be969390bb.dll
c:\programdata\PCDr\6032\AddOnDownloaded\65a823a3-a5fc-440a-b276-153555251042.dll
c:\programdata\PCDr\6032\AddOnDownloaded\8c199aef-9eca-4ab6-863d-c9136ebec654.dll
c:\programdata\PCDr\6032\AddOnDownloaded\918ee45c-eb0a-4e61-97ad-c1849c2623ee.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b0654984-096d-4244-a127-3364577b6279.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b967e9c4-897a-42c8-96d2-4ceb543f8cdb.dll
c:\programdata\PCDr\6032\AddOnDownloaded\db33b903-f6ef-4bdd-adf8-db57372a45ec.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ea058b56-dc30-479c-af0f-bcf27aed08df.dll
c:\programdata\PCDr\6032\AddOnDownloaded\f4d48f15-9f33-4b3f-a84f-bc8b2800e772.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-12-15 to 2013-01-15 )))))))))))))))))))))))))))))))
.
.
2013-01-15 20:56 . 2013-01-15 20:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-01-15 20:56 . 2013-01-15 20:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-15 19:22 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{211F444E-B71F-4D37-B545-34068E124FC6}\mpengine.dll
2013-01-15 19:19 . 2013-01-15 19:19 -------- d-----w- c:\windows\ERUNT
2013-01-15 19:13 . 2013-01-15 20:25 -------- d-----w- C:\JRT
2013-01-14 19:13 . 2013-01-14 19:13 56072 ----a-w- c:\windows\system32\certsentry.dll
2013-01-14 19:13 . 2013-01-14 19:13 47368 ----a-w- c:\windows\SysWow64\certsentry.dll
2013-01-13 22:10 . 2013-01-13 22:10 -------- d-----w- C:\_OTL
2013-01-11 15:05 . 2013-01-11 15:05 -------- d-----w- c:\program files (x86)\ERUNT
2013-01-10 22:53 . 2013-01-10 22:55 -------- d-----w- c:\users\Conor\AppData\Roaming\GetRightToGo
2013-01-10 19:17 . 2013-01-10 19:17 -------- d-----w- c:\users\Conor\AppData\Local\Programs
2013-01-09 18:37 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 18:37 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 18:37 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 18:37 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-09 18:37 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 18:37 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-09 18:37 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 18:37 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-09 18:37 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
2013-01-09 18:37 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2013-01-09 18:34 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-09 18:33 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-09 18:33 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-08 06:01 . 2013-01-08 06:01 -------- d-----w- c:\program files (x86)\Common Files\Comodo
2012-12-23 10:26 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-23 10:26 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-23 10:26 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-23 10:26 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-15 20:29 . 2012-10-16 20:31 151552 ----a-w- c:\windows\KMSEmulator.exe
2013-01-11 03:14 . 2012-08-01 22:05 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-08 19:12 . 2012-08-19 21:03 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-08 19:12 . 2012-08-19 21:03 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-23 22:13 . 2012-07-05 11:05 101688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-12-19 21:01 . 2012-11-22 21:32 281152 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-12-19 21:01 . 2012-11-22 21:16 281152 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-12-18 19:58 . 2012-11-22 21:16 281152 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-12-14 16:49 . 2012-05-03 13:03 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-11 21:52 . 2012-12-11 21:52 53248 ----a-r- c:\users\Conor\AppData\Roaming\Microsoft\Installer\{38676C9C-270F-43D1-926A-E45DE8820A6B}\ARPPRODUCTICON.exe
2012-12-04 08:41 . 2012-12-04 08:41 37976 ----a-w- c:\windows\SysWow64\drivers\CFRMD.sys
2012-12-04 08:41 . 2012-12-04 08:41 37976 ----a-w- c:\windows\inf\CFRMD\cfrmd.sys
2012-11-30 04:45 . 2013-01-09 18:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-22 21:16 . 2012-11-22 21:16 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-11-22 21:16 . 2012-11-22 21:16 840264 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-11-14 07:06 . 2012-12-15 17:37 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-15 17:37 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-15 17:37 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-15 17:37 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-15 17:37 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-15 17:37 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-15 17:37 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-15 17:37 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-15 17:37 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-15 17:37 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-15 17:37 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-15 17:37 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-15 17:37 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-15 17:37 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-15 17:37 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-15 17:37 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-15 17:37 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-15 17:37 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-15 17:37 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-15 17:37 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-15 17:37 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-15 17:37 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 19:24 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 19:24 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-07 23:38 . 2012-10-05 00:32 94288 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-11-07 23:38 . 2012-10-05 00:32 38144 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-07 23:37 . 2012-10-05 00:32 584056 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-07 23:37 . 2012-10-05 00:32 22736 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-07 23:37 . 2012-10-05 00:32 41240 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-07 23:37 . 2012-10-05 00:32 301264 ----a-w- c:\windows\SysWow64\guard32.dll
2012-11-07 23:37 . 2012-10-05 00:32 390392 ----a-w- c:\windows\system32\guard64.dll
2012-11-02 05:59 . 2012-12-12 19:18 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 19:18 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-10-30 22:51 . 2012-05-03 13:07 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-05-03 13:07 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-05-03 13:07 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-05-03 13:07 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-05-03 13:07 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-05-03 13:06 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-05-03 13:06 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2012-05-03 13:07 285328 ----a-w- c:\windows\system32\aswBoot.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-30 885760]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Control Center"="c:\program files (x86)\TRENDnet\MFP Server\Control Center.exe" [2007-11-02 2477568]
"gbrspcontrol"="c:\program files (x86)\Common Files\Comodo\GeekBuddyRSP.exe" [2012-11-26 1851088]
.
c:\users\Conor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-1-13 1138464]
Start GeekBuddy.lnk - c:\program files (x86)\Comodo\GeekBuddy\launcher.exe [2012-12-19 49360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-08-18 39464]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-09-16 1431888]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 KUSBusByTCP;KUSBusByTCP;c:\windows\system32\Drivers\KUSBusByTCP.sys [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-08-17 25584]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-13 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-06-16 79488]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-06-16 40064]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-12-23 101688]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-11-07 584056]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-11-07 38144]
S1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-10-04 505720]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-12-23 55096]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-12-23 297240]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-08-06 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-08-06 365568]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\Comodo\launcher_service.exe [2012-12-19 70352]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [2013-01-14 1868432]
S2 GeekBuddyRSP;GeekBuddyRSP Service;c:\program files (x86)\Common Files\Comodo\GeekBuddyRSP.exe [2012-11-26 1851088]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-12-23 976728]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-06-21 92632]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-08-18 349736]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 KUSBusByTCPMasterBus;Master Bus of Kernel USB Software Bus by TCP;SysWOW64\Drivers\KUSBusByTCPMasterBus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-17 533096]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-29 44672]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-15 19:11 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-19 19:12]
.
2013-01-15 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-09-15 10:41]
.
2013-01-15 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-09-15 10:41]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-20 22:47]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-20 22:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 9577680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Conor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}\358455D2553535: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\jpugj63t.default\
FF - prefs.js: browser.startup.homepage - http:\\\\www.google.co.uk
FF - ExtSQL: 2012-12-21 13:56; 50d46eaa39804@50d46eaa3983d.com; c:\users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\jpugj63t.default\extensions\50d46eaa39804@50d46eaa3983d.com.xpi
FF - ExtSQL: !HIDDEN! 2012-09-24 21:07; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\03\00\0b\0f\06\05?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-15 21:04:59
ComboFix-quarantined-files.txt 2013-01-15 21:04
.
Pre-Run: 415,447,019,520 bytes free
Post-Run: 415,198,908,416 bytes free
.
- - End Of File - - 2B47DE32F90F85262EACB6A82D685DB3
Still adverts
It says underneath 'Ads not by this site' on most of them. -
Mbam Log:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.01.14.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Conor :: CONOR-PC [administrator]
14/01/2013 19:07:29
mbam-log-2013-01-14 (19-07-29).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 403232
Time elapsed: 1 hour(s), 50 minute(s), 32 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
I just want my PC clean
thanks for your help so far
Keeps 'Not esponding' then I have to end the process... Anything else we can try?
Help! What has happened to my system? I cant even run DDS!
in Resolved Malware Removal Logs
Posted
Had to run in Safe Mode again. After running the problem is still the same
ran the disk check again upon startup as well which is rather annnoying :/
Log is below:
ComboFix 14-02-24.02 - Conor 27/02/2014 17:15:04.24.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3692.2264 [GMT 0:00]
Running from: c:\users\Conor\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2014-01-27 to 2014-02-27 )))))))))))))))))))))))))))))))
.
.
2014-02-27 17:26 . 2014-02-27 17:26 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-02-27 17:26 . 2014-02-27 17:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-27 15:51 . 2014-02-27 15:51 -------- d-----w- C:\found.005
2014-02-27 15:34 . 2014-02-27 16:06 -------- d-----w- C:\FRST
2014-02-27 13:22 . 2014-02-27 13:22 -------- d-----w- C:\found.004
2014-02-26 13:00 . 2014-02-26 13:00 -------- d-----w- C:\found.003
2014-02-26 08:26 . 2014-02-27 12:53 -------- d-----w- c:\windows\Migration
2014-02-26 08:21 . 2014-02-27 12:54 -------- d-----w- C:\7fcdf01e3cb87b5371c943805f224414
2014-02-25 20:02 . 2014-02-25 20:02 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-02-25 20:01 . 2014-02-25 20:01 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-25 20:01 . 2014-02-25 20:01 -------- d-----w- c:\program files (x86)\Java
2014-02-25 13:00 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{73B12862-83DB-4711-8764-3EE7F9C82D95}\mpengine.dll
2014-02-15 23:46 . 2014-02-15 23:46 -------- d-----w- c:\program files\McAfee Security Scan
2014-02-14 03:04 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-14 03:04 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-14 03:02 . 2014-02-06 10:48 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-02-12 21:53 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-01-30 13:36 . 2014-01-30 13:35 80184 ----a-w- c:\windows\system32\drivers\aswStm.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 10:22 . 2012-08-19 21:03 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-21 10:22 . 2012-08-19 21:03 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-16 23:32 . 2012-08-01 22:05 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-01-30 13:35 . 2013-04-20 10:23 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-30 13:35 . 2012-05-03 13:07 421704 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-01-30 13:35 . 2012-05-03 13:07 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-30 13:35 . 2012-05-03 13:07 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-30 13:35 . 2012-05-03 13:07 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-30 13:35 . 2012-05-03 13:06 43152 ----a-w- c:\windows\avastSS.scr
2014-01-22 20:37 . 2012-07-05 11:05 316312 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2013-12-18 06:13 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-05 03:05 . 2013-12-05 03:05 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-05 03:05 . 2013-12-05 03:05 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-05 03:05 . 2013-12-05 03:05 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-05 03:05 . 2013-12-05 03:05 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-05 03:05 . 2013-12-05 03:05 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-05 03:05 . 2013-12-05 03:05 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-05 03:05 . 2013-12-05 03:05 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-05 03:05 . 2013-12-05 03:05 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-05 03:05 . 2013-12-05 03:05 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-05 03:05 . 2013-12-05 03:05 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-05 03:05 . 2013-12-05 03:05 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-05 03:05 . 2013-12-05 03:05 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-05 03:05 . 2013-12-05 03:05 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-05 03:05 . 2013-12-05 03:05 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-05 03:05 . 2013-12-05 03:05 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-05 03:05 . 2013-12-05 03:05 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-05 03:05 . 2013-12-05 03:05 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-05 03:05 . 2013-12-05 03:05 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-05 03:05 . 2013-12-05 03:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-05 03:05 . 2013-12-05 03:05 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-05 03:05 . 2013-12-05 03:05 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-05 03:05 . 2013-12-05 03:05 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-05 03:05 . 2013-12-05 03:05 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-05 03:05 . 2013-12-05 03:05 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-05 03:05 . 2013-12-05 03:05 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-05 03:05 . 2013-12-05 03:05 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-05 03:05 . 2013-12-05 03:05 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-05 03:05 . 2013-12-05 03:05 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-05 03:05 . 2013-12-05 03:05 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-05 03:05 . 2013-12-05 03:05 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-05 03:05 . 2013-12-05 03:05 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-05 03:05 . 2013-12-05 03:05 413696 ----a-w- c:\windows\system32\html.iec
2013-12-05 03:05 . 2013-12-05 03:05 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-05 03:05 . 2013-12-05 03:05 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-05 03:05 . 2013-12-05 03:05 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-05 03:05 . 2013-12-05 03:05 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-05 03:05 . 2013-12-05 03:05 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-05 03:05 . 2013-12-05 03:05 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-05 03:05 . 2013-12-05 03:05 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-05 03:05 . 2013-12-05 03:05 235520 ----a-w- c:\windows\system32\url.dll
2013-12-05 03:05 . 2013-12-05 03:05 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-05 03:04 . 2013-12-05 03:04 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-05 03:04 . 2013-12-05 03:04 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-05 03:04 . 2013-12-05 03:04 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-05 03:04 . 2013-12-05 03:04 101376 ----a-w- c:\windows\system32\inseng.dll
2013-12-05 03:04 . 2013-12-05 03:04 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-05 03:04 . 2013-12-05 03:04 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-05 03:04 . 2013-12-05 03:04 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-05 03:04 . 2013-12-05 03:04 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-05 03:04 . 2013-12-05 03:04 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-05 03:04 . 2013-12-05 03:04 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-05 03:04 . 2013-12-05 03:04 135680 ----a-w- c:\windows\system32\iepeers.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"tvncontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2014-01-20 2327248]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-30 3767096]
"pnusbclitray"="pnusbclitray.exe" [2012-06-09 67480]
"EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-01-15 2750840]
"Conime"="c:\windows\system32\conime.exe" [bU]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-1-13 1138464]
CodecPackUpdateChecker.lnk - c:\windows\SysWOW64\C2MP\UpdateChecker.exe [2013-9-1 48248]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-16 329944]
Start GeekBuddy.lnk - c:\program files (x86)\Comodo\GeekBuddy\launcher.exe "unit_manager.exe" [2014-1-20 49360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R0 aswRvrt;avast! Revert; [x]
R0 aswVmm;avast! VM Monitor; [x]
R0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys;c:\windows\SYSNATIVE\DRIVERS\CFRMD.sys [x]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
R1 RapportCerberus_59849;RapportCerberus_59849;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [x]
R1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
R1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
R2 Cadence License Manager;Cadence License Manager;c:\cadence\LicenseManager\lmgrd.exe;c:\cadence\LicenseManager\lmgrd.exe [x]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [x]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [x]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [x]
R2 lmgrd;Flexlm;c:\orcad\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe;c:\orcad\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe [x]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R2 pnpnptool;Quest RDP PnP Driver;c:\windows\system32\Drivers\pnpnptool.sys;c:\windows\SYSNATIVE\Drivers\pnpnptool.sys [x]
R2 pnusbvirtualhubwssrv;Quest USB Hub Client Service;c:\windows\system32\pnusbvirtualhubwssrv.exe;c:\windows\SYSNATIVE\pnusbvirtualhubwssrv.exe [x]
R2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 KUSBusByTCPMasterBus;KUSBusByTCPMasterBus;c:\windows\system32\Drivers\KUSBusByTCPMasterBus.sys;c:\windows\SYSNATIVE\Drivers\KUSBusByTCPMasterBus.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [x]
R3 pnusbd;Quest RDP USB Driver;c:\windows\system32\Drivers\pnusbd.sys;c:\windows\SYSNATIVE\Drivers\pnusbd.sys [x]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 aswKbd;aswKbd; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\SPB_16.6]
2011-07-05 01:47 930 ----a-w- c:\cadence\SPB_16.6\tools\ConfigUtility\CreateShortcut.vbs
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [bU]
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-19 10:23]
.
2014-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-19 14:24]
.
2014-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-19 14:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-30 13:35 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 9577680]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.192.192.1
TCP: Interfaces\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 208.67.222.123,208.67.220.123,10.192.192.1
TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}: NameServer = 208.67.222.123,208.67.220.123
TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}\751425E494E4741212120265942555350214C4542545121212: NameServer = 208.67.222.123,208.67.220.123
TCP: Interfaces\{BA778979-A30E-4822-B18E-7E8FE2E428FD}: NameServer = 198.153.192.60,198.153.194.60
FF - ProfilePath - c:\users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\ue1pm6q0.default-1392630538753\
.
.
------- File Associations -------
.
.scr=Icad.load.scr
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e9,2e,90,3b,5c,26,ce,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\03\00\0b\0f\06\05?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-27 17:30:24
ComboFix-quarantined-files.txt 2014-02-27 17:30
ComboFix2.txt 2014-02-27 13:53
ComboFix3.txt 2014-02-19 17:34
ComboFix4.txt 2013-12-24 21:06
ComboFix5.txt 2014-02-27 17:13
.
Pre-Run: 286,890,729,472 bytes free
Post-Run: 286,767,255,552 bytes free
.
- - End Of File - - 2A5BF6DC88F46DE9BC573E23CEA45FE3
A36C5E4F47E84449FF07ED3517B43A31