ccfc1987
-
Posts
61 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by ccfc1987
-
Adverts pop up in new tab (all logs provided)
ccfc1987 replied to ccfc1987's topic in Resolved Malware Removal Logs
Sorry been away for the weekend. Here are a couple of logs below: AdwCleaner: # AdwCleaner v2.105 - Logfile created 01/13/2013 at 22:03:14 # Updated 08/01/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Conor - CONOR-PC # Boot Mode : Normal # Running from : C:\Users\Conor\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\END Folder Deleted : C:\Program Files (x86)\1ClickDownload Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Users\Conor\AppData\Local\Conduit Folder Deleted : C:\Users\Conor\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\jpugj63t.default\extensions\staged ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\SweetIM Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASMANCS Key Deleted : HKLM\Software\SweetIM Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Mozilla Firefox v18.0 (en-US) File : C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb128?a=6PQFeVAurz&loc=FF_NT"); File : C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\jpugj63t.default\prefs.js Deleted : user_pref("CT2504091_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...] Deleted : user_pref("extensions.50d46eaa398b6.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...] -\\ Google Chrome v23.0.1271.97 File : C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [2404 octets] - [11/01/2013 15:09:53] AdwCleaner[s1].txt - [5083 octets] - [13/10/2012 13:19:54] AdwCleaner[s2].txt - [2375 octets] - [13/01/2013 22:03:14] ########## EOF - C:\AdwCleaner[s2].txt - [2435 octets] ########## OTL: All processes killed ========== COMMANDS ========== C:\windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Conor ->Temp folder emptied: 3714356 bytes ->Temporary Internet Files folder emptied: 229578 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 70109067 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 715 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 561470 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 293203 bytes RecycleBin emptied: 2428036 bytes Total Files Cleaned = 74.00 mb Restore point Set: OTL Restore Point [EMPTYFLASH] User: All Users User: Conor ->Flash cache emptied: 0 bytes User: Default User: Default User User: Public Total Flash Files Cleaned = 0.00 mb [EMPTYJAVA] User: All Users User: Conor ->Java cache emptied: 0 bytes User: Default User: Default User User: Public Total Java Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01132013_221047 Files\Folders moved on Reboot... C:\Users\Conor\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Conor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{21E223EE-C65F-410C-AA3B-31FCF5CD247E}.tmp moved successfully. C:\Users\Conor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{42B804F3-3716-49F5-A390-9C5BD1D796CA}.tmp moved successfully. C:\Users\Conor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{50DF3375-707C-4699-BC51-7C7606956339}.tmp moved successfully. File\Folder C:\Users\Conor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\18F9F700.gif not found! File\Folder C:\Users\Conor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\220889E5.png not found! File\Folder C:\Users\Conor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4662BA3B.png not found! File\Folder C:\Users\Conor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\98BD3EA2.png not found! PendingFileRenameOperations files... Registry entries deleted on Reboot... Mbam scanning as we speak (will post a log in my next reply) Must admit its still running slow and I've seen adverts for ILivid... Also had the blue screen of death from my video driver Not sure if related... -
Adverts pop up in new tab (all logs provided)
ccfc1987 replied to ccfc1987's topic in Resolved Malware Removal Logs
RKReport log RogueKiller V8.4.3 [Jan 10 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Conor [Admin rights] Mode : Scan -- Date : 01/11/2013 15:15:46 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{4A92C260-D31D-47C8-8A74-6B120C7909E3} : NameServer (8.26.56.26,156.154.70.22) -> FOUND [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3} : NameServer (8.26.56.26,156.154.70.22) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{4A92C260-D31D-47C8-8A74-6B120C7909E3} : NameServer (8.26.56.26,156.154.70.22) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3} : NameServer (8.26.56.26,156.154.70.22) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts 127.0.0.1 localhost 216.239.32.20 www.google.ae # bck9 216.239.32.20 www.google.at # bck9 216.239.32.20 www.google.be # bck9 216.239.32.20 www.google.ca # bck9 216.239.32.20 www.google.ch # bck9 216.239.32.20 www.google.cl # bck9 216.239.32.20 www.google.co.il # bck9 216.239.32.20 www.google.co.in # bck9 216.239.32.20 www.google.co.jp # bck9 216.239.32.20 www.google.co.kr # bck9 216.239.32.20 www.google.co.nz # bck9 216.239.32.20 www.google.co.uk # bck9 216.239.32.20 www.google.co.ve # bck9 216.239.32.20 www.google.co.za # bck9 216.239.32.20 www.google.com # bck9 216.239.32.20 www.google.com.ar # bck9 216.239.32.20 www.google.com.au # bck9 216.239.32.20 www.google.com.br # bck9 [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST950032 5AS SATA Disk Device +++++ --- User --- [MBR] e1cf3956ef2f984ff195364e4f6062fc [bSP] ee1fa6662c2a2d395c2bf5b13616a5b9 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_01112013_02d1515.txt >> RKreport[1]_S_01112013_02d1515.txt -
Adverts pop up in new tab (all logs provided)
ccfc1987 replied to ccfc1987's topic in Resolved Malware Removal Logs
TDSSKILLER log 15:11:49.0032 1144 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 15:11:49.0453 1144 ============================================================ 15:11:49.0453 1144 Current date / time: 2013/01/11 15:11:49.0453 15:11:49.0453 1144 SystemInfo: 15:11:49.0453 1144 15:11:49.0453 1144 OS Version: 6.1.7601 ServicePack: 1.0 15:11:49.0453 1144 Product type: Workstation 15:11:49.0469 1144 ComputerName: CONOR-PC 15:11:49.0469 1144 UserName: Conor 15:11:49.0469 1144 Windows directory: C:\windows 15:11:49.0469 1144 System windows directory: C:\windows 15:11:49.0469 1144 Running under WOW64 15:11:49.0469 1144 Processor architecture: Intel x64 15:11:49.0469 1144 Number of processors: 2 15:11:49.0469 1144 Page size: 0x1000 15:11:49.0469 1144 Boot type: Normal boot 15:11:49.0469 1144 ============================================================ 15:11:50.0498 1144 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 15:11:50.0514 1144 ============================================================ 15:11:50.0514 1144 \Device\Harddisk0\DR0: 15:11:50.0514 1144 MBR partitions: 15:11:50.0514 1144 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000 15:11:50.0514 1144 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030 15:11:50.0514 1144 ============================================================ 15:11:50.0545 1144 C: <-> \Device\Harddisk0\DR0\Partition2 15:11:50.0545 1144 ============================================================ 15:11:50.0545 1144 Initialize success 15:11:50.0545 1144 ============================================================ 15:11:59.0813 6244 ============================================================ 15:11:59.0813 6244 Scan started 15:11:59.0813 6244 Mode: Manual; 15:11:59.0813 6244 ============================================================ 15:12:00.0295 6244 ================ Scan system memory ======================== 15:12:00.0295 6244 System memory - ok 15:12:00.0295 6244 ================ Scan services ============================= 15:12:00.0669 6244 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys 15:12:00.0685 6244 1394ohci - ok 15:12:00.0731 6244 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys 15:12:00.0731 6244 ACPI - ok 15:12:00.0778 6244 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys 15:12:00.0778 6244 AcpiPmi - ok 15:12:00.0950 6244 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 15:12:00.0965 6244 AdobeFlashPlayerUpdateSvc - ok 15:12:01.0012 6244 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys 15:12:01.0012 6244 adp94xx - ok 15:12:01.0075 6244 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys 15:12:01.0075 6244 adpahci - ok 15:12:01.0090 6244 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys 15:12:01.0090 6244 adpu320 - ok 15:12:01.0153 6244 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll 15:12:01.0153 6244 AeLookupSvc - ok 15:12:01.0231 6244 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe 15:12:01.0231 6244 AESTFilters - ok 15:12:01.0293 6244 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys 15:12:01.0324 6244 AFD - ok 15:12:01.0371 6244 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys 15:12:01.0371 6244 agp440 - ok 15:12:01.0418 6244 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe 15:12:01.0418 6244 ALG - ok 15:12:01.0433 6244 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys 15:12:01.0433 6244 aliide - ok 15:12:01.0480 6244 [ 7922823AB3210517660712ED01B8A2B5 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe 15:12:01.0480 6244 AMD External Events Utility - ok 15:12:01.0527 6244 AMD FUEL Service - ok 15:12:01.0574 6244 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys 15:12:01.0574 6244 amdide - ok 15:12:01.0621 6244 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\windows\system32\DRIVERS\amdiox64.sys 15:12:01.0621 6244 amdiox64 - ok 15:12:01.0636 6244 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys 15:12:01.0652 6244 AmdK8 - ok 15:12:01.0917 6244 [ B3FE665C2D7DDE331BB05E0FD2292457 ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys 15:12:02.0151 6244 amdkmdag - ok 15:12:02.0182 6244 [ 6264A490E9E825185895E8FF290545C8 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys 15:12:02.0198 6244 amdkmdap - ok 15:12:02.0229 6244 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys 15:12:02.0245 6244 AmdPPM - ok 15:12:02.0276 6244 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys 15:12:02.0276 6244 amdsata - ok 15:12:02.0323 6244 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys 15:12:02.0323 6244 amdsbs - ok 15:12:02.0369 6244 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys 15:12:02.0369 6244 amdxata - ok 15:12:02.0432 6244 [ BB4FE7889DB9CBBE61A308E99697F53C ] amd_sata C:\windows\system32\DRIVERS\amd_sata.sys 15:12:02.0432 6244 amd_sata - ok 15:12:02.0463 6244 [ 5631CBA53F1CBEA3F9E88348E6723391 ] amd_xata C:\windows\system32\DRIVERS\amd_xata.sys 15:12:02.0463 6244 amd_xata - ok 15:12:02.0572 6244 [ 6690E42CED5D067233ABAD42DA141213 ] ApfiltrService C:\windows\system32\DRIVERS\Apfiltr.sys 15:12:02.0588 6244 ApfiltrService - ok 15:12:02.0650 6244 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys 15:12:02.0650 6244 AppID - ok 15:12:02.0681 6244 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll 15:12:02.0697 6244 AppIDSvc - ok 15:12:02.0713 6244 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll 15:12:02.0713 6244 Appinfo - ok 15:12:02.0837 6244 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 15:12:02.0837 6244 Apple Mobile Device - ok 15:12:02.0931 6244 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys 15:12:02.0931 6244 arc - ok 15:12:02.0947 6244 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys 15:12:02.0962 6244 arcsas - ok 15:12:03.0056 6244 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 15:12:03.0071 6244 aspnet_state - ok 15:12:03.0118 6244 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\windows\system32\drivers\aswFsBlk.sys 15:12:03.0118 6244 aswFsBlk - ok 15:12:03.0149 6244 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys 15:12:03.0165 6244 aswMonFlt - ok 15:12:03.0196 6244 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\windows\System32\Drivers\aswrdr2.sys 15:12:03.0196 6244 aswRdr - ok 15:12:03.0243 6244 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\windows\system32\drivers\aswSnx.sys 15:12:03.0274 6244 aswSnx - ok 15:12:03.0305 6244 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\windows\system32\drivers\aswSP.sys 15:12:03.0305 6244 aswSP - ok 15:12:03.0352 6244 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\windows\system32\drivers\aswTdi.sys 15:12:03.0352 6244 aswTdi - ok 15:12:03.0383 6244 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys 15:12:03.0383 6244 AsyncMac - ok 15:12:03.0415 6244 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys 15:12:03.0415 6244 atapi - ok 15:12:03.0477 6244 [ CBD14F698DEF12EE3557604B726CB8EB ] AtiHDAudioService C:\windows\system32\drivers\AtihdW76.sys 15:12:03.0493 6244 AtiHDAudioService - ok 15:12:03.0555 6244 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll 15:12:03.0571 6244 AudioEndpointBuilder - ok 15:12:03.0602 6244 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll 15:12:03.0617 6244 AudioSrv - ok 15:12:03.0695 6244 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe 15:12:03.0695 6244 avast! Antivirus - ok 15:12:03.0773 6244 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll 15:12:03.0773 6244 AxInstSV - ok 15:12:03.0836 6244 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys 15:12:03.0836 6244 b06bdrv - ok 15:12:03.0883 6244 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys 15:12:03.0898 6244 b57nd60a - ok 15:12:03.0993 6244 [ B9B123DD438E0FA190BE10A77ADCF38E ] bckd C:\windows\system32\drivers\bckd.sys 15:12:03.0993 6244 bckd - ok 15:12:04.0258 6244 [ 00BF725BFD0FE84EB196E9F45DAC091B ] bckwfs C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe 15:12:04.0289 6244 bckwfs - ok 15:12:04.0445 6244 [ 783F1C7ED6B39454A8D1028D4F30768D ] BCM43XX C:\windows\system32\DRIVERS\bcmwl664.sys 15:12:04.0570 6244 BCM43XX - ok 15:12:04.0601 6244 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll 15:12:04.0601 6244 BDESVC - ok 15:12:04.0648 6244 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys 15:12:04.0664 6244 Beep - ok 15:12:04.0710 6244 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll 15:12:04.0726 6244 BFE - ok 15:12:04.0773 6244 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll 15:12:04.0804 6244 BITS - ok 15:12:04.0851 6244 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys 15:12:04.0851 6244 blbdrive - ok 15:12:04.0929 6244 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 15:12:04.0945 6244 Bonjour Service - ok 15:12:04.0977 6244 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys 15:12:04.0992 6244 bowser - ok 15:12:05.0039 6244 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys 15:12:05.0039 6244 BrFiltLo - ok 15:12:05.0055 6244 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys 15:12:05.0055 6244 BrFiltUp - ok 15:12:05.0086 6244 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys 15:12:05.0101 6244 BridgeMP - ok 15:12:05.0133 6244 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll 15:12:05.0133 6244 Browser - ok 15:12:05.0164 6244 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys 15:12:05.0179 6244 Brserid - ok 15:12:05.0179 6244 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys 15:12:05.0195 6244 BrSerWdm - ok 15:12:05.0211 6244 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys 15:12:05.0226 6244 BrUsbMdm - ok 15:12:05.0226 6244 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys 15:12:05.0242 6244 BrUsbSer - ok 15:12:05.0257 6244 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys 15:12:05.0257 6244 BthEnum - ok 15:12:05.0289 6244 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys 15:12:05.0304 6244 BTHMODEM - ok 15:12:05.0335 6244 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys 15:12:05.0335 6244 BthPan - ok 15:12:05.0367 6244 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys 15:12:05.0382 6244 BTHPORT - ok 15:12:05.0429 6244 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll 15:12:05.0429 6244 bthserv - ok 15:12:05.0476 6244 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys 15:12:05.0476 6244 BTHUSB - ok 15:12:05.0569 6244 [ A0DFB69ADE3444C78B17636FCF28E898 ] BTWAMPFL C:\windows\system32\DRIVERS\btwampfl.sys 15:12:05.0569 6244 BTWAMPFL - ok 15:12:05.0616 6244 [ F6135859A582A7294BA7A3336E08BAA1 ] btwaudio C:\windows\system32\drivers\btwaudio.sys 15:12:05.0616 6244 btwaudio - ok 15:12:05.0647 6244 [ 3DEF2370E414B4E299673558BA171A51 ] btwavdt C:\windows\system32\DRIVERS\btwavdt.sys 15:12:05.0647 6244 btwavdt - ok 15:12:05.0772 6244 [ B7DEA77EE893806859072274EE8EC8FC ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 15:12:05.0772 6244 btwdins - ok 15:12:05.0835 6244 [ 9AD0FA253ED531D39FB2D74FE12A5FA9 ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys 15:12:05.0835 6244 btwl2cap - ok 15:12:05.0866 6244 [ 9937E0E4DFC0030560A6DFE9D3A94B39 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys 15:12:05.0866 6244 btwrchid - ok 15:12:05.0897 6244 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys 15:12:05.0913 6244 cdfs - ok 15:12:05.0944 6244 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys 15:12:05.0960 6244 cdrom - ok 15:12:06.0007 6244 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll 15:12:06.0023 6244 CertPropSvc - ok 15:12:06.0038 6244 CFRMD - ok 15:12:06.0070 6244 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys 15:12:06.0070 6244 circlass - ok 15:12:06.0116 6244 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys 15:12:06.0116 6244 CLFS - ok 15:12:06.0194 6244 [ 5EFF2D9DC1D80C1934DE81321599C8DB ] CLPSLauncher C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe 15:12:06.0194 6244 CLPSLauncher - ok 15:12:06.0304 6244 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:12:06.0304 6244 clr_optimization_v2.0.50727_32 - ok 15:12:06.0335 6244 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 15:12:06.0350 6244 clr_optimization_v2.0.50727_64 - ok 15:12:06.0428 6244 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:12:06.0475 6244 clr_optimization_v4.0.30319_32 - ok 15:12:06.0506 6244 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 15:12:06.0506 6244 clr_optimization_v4.0.30319_64 - ok 15:12:06.0584 6244 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys 15:12:06.0584 6244 CmBatt - ok 15:12:06.0787 6244 [ 65FB5097D9EE7E3A99E932CFA0E4B344 ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe 15:12:06.0818 6244 cmdAgent - ok 15:12:06.0896 6244 [ 919ACCC22ABDC1C3CA68326C0E5DEAF9 ] cmdGuard C:\windows\system32\DRIVERS\cmdguard.sys 15:12:06.0896 6244 cmdGuard - ok 15:12:06.0928 6244 [ F8FECE0F1D44C4A58778083B00EEADAC ] cmdHlp C:\windows\system32\DRIVERS\cmdhlp.sys 15:12:06.0928 6244 cmdHlp - ok 15:12:06.0959 6244 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys 15:12:06.0974 6244 cmdide - ok 15:12:07.0021 6244 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys 15:12:07.0037 6244 CNG - ok 15:12:07.0084 6244 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys 15:12:07.0084 6244 Compbatt - ok 15:12:07.0115 6244 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys 15:12:07.0115 6244 CompositeBus - ok 15:12:07.0130 6244 COMSysApp - ok 15:12:07.0162 6244 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys 15:12:07.0162 6244 crcdisk - ok 15:12:07.0224 6244 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll 15:12:07.0224 6244 CryptSvc - ok 15:12:07.0302 6244 [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt C:\windows\system32\DRIVERS\CtClsFlt.sys 15:12:07.0302 6244 CtClsFlt - ok 15:12:07.0349 6244 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll 15:12:07.0380 6244 DcomLaunch - ok 15:12:07.0411 6244 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll 15:12:07.0411 6244 defragsvc - ok 15:12:07.0442 6244 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys 15:12:07.0442 6244 DfsC - ok 15:12:07.0489 6244 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll 15:12:07.0489 6244 Dhcp - ok 15:12:07.0536 6244 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys 15:12:07.0536 6244 discache - ok 15:12:07.0583 6244 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys 15:12:07.0598 6244 Disk - ok 15:12:07.0614 6244 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll 15:12:07.0630 6244 Dnscache - ok 15:12:07.0661 6244 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll 15:12:07.0661 6244 dot3svc - ok 15:12:07.0708 6244 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\windows\system32\DRIVERS\Dot4.sys 15:12:07.0723 6244 Dot4 - ok 15:12:07.0754 6244 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\windows\system32\DRIVERS\Dot4Prt.sys 15:12:07.0770 6244 Dot4Print - ok 15:12:07.0786 6244 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\windows\system32\DRIVERS\dot4usb.sys 15:12:07.0786 6244 dot4usb - ok 15:12:07.0817 6244 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll 15:12:07.0817 6244 DPS - ok 15:12:07.0973 6244 [ 02F0870C07872CC506C33E79883082B3 ] DragonUpdater C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe 15:12:07.0988 6244 DragonUpdater - ok 15:12:08.0051 6244 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys 15:12:08.0066 6244 drmkaud - ok 15:12:08.0098 6244 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys 15:12:08.0129 6244 DXGKrnl - ok 15:12:08.0207 6244 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll 15:12:08.0222 6244 EapHost - ok 15:12:08.0347 6244 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys 15:12:08.0441 6244 ebdrv - ok 15:12:08.0472 6244 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe 15:12:08.0488 6244 EFS - ok 15:12:08.0550 6244 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe 15:12:08.0581 6244 ehRecvr - ok 15:12:08.0597 6244 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe 15:12:08.0597 6244 ehSched - ok 15:12:08.0644 6244 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys 15:12:08.0659 6244 elxstor - ok 15:12:08.0675 6244 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys 15:12:08.0675 6244 ErrDev - ok 15:12:08.0753 6244 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll 15:12:08.0753 6244 EventSystem - ok 15:12:08.0784 6244 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys 15:12:08.0800 6244 exfat - ok 15:12:08.0815 6244 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys 15:12:08.0831 6244 fastfat - ok 15:12:08.0862 6244 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe 15:12:08.0909 6244 Fax - ok 15:12:08.0924 6244 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys 15:12:08.0924 6244 fdc - ok 15:12:08.0940 6244 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll 15:12:08.0956 6244 fdPHost - ok 15:12:08.0971 6244 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll 15:12:08.0971 6244 FDResPub - ok 15:12:08.0987 6244 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys 15:12:09.0002 6244 FileInfo - ok 15:12:09.0018 6244 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys 15:12:09.0018 6244 Filetrace - ok 15:12:09.0143 6244 [ 5CEE6CD43AE5844C49300EA0B1E557EE ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe 15:12:09.0190 6244 FLEXnet Licensing Service 64 - ok 15:12:09.0221 6244 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys 15:12:09.0221 6244 flpydisk - ok 15:12:09.0252 6244 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys 15:12:09.0268 6244 FltMgr - ok 15:12:09.0330 6244 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll 15:12:09.0361 6244 FontCache - ok 15:12:09.0424 6244 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 15:12:09.0424 6244 FontCache3.0.0.0 - ok 15:12:09.0455 6244 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys 15:12:09.0455 6244 FsDepends - ok 15:12:09.0502 6244 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys 15:12:09.0502 6244 Fs_Rec - ok 15:12:09.0548 6244 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys 15:12:09.0548 6244 fvevol - ok 15:12:09.0580 6244 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys 15:12:09.0580 6244 gagp30kx - ok 15:12:09.0658 6244 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 15:12:09.0673 6244 GamesAppService - ok 15:12:09.0720 6244 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys 15:12:09.0720 6244 GEARAspiWDM - ok 15:12:09.0845 6244 [ 24B6902AE2735C7C8ED6670E5E323EC9 ] GeekBuddyRSP C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe 15:12:09.0876 6244 GeekBuddyRSP - ok 15:12:09.0923 6244 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll 15:12:09.0954 6244 gpsvc - ok 15:12:10.0063 6244 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 15:12:10.0063 6244 gupdate - ok 15:12:10.0094 6244 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 15:12:10.0094 6244 gupdatem - ok 15:12:10.0136 6244 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys 15:12:10.0136 6244 hcw85cir - ok 15:12:10.0186 6244 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys 15:12:10.0196 6244 HdAudAddService - ok 15:12:10.0216 6244 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys 15:12:10.0226 6244 HDAudBus - ok 15:12:10.0236 6244 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys 15:12:10.0246 6244 HidBatt - ok 15:12:10.0256 6244 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys 15:12:10.0256 6244 HidBth - ok 15:12:10.0296 6244 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys 15:12:10.0306 6244 HidIr - ok 15:12:10.0336 6244 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll 15:12:10.0346 6244 hidserv - ok 15:12:10.0376 6244 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys 15:12:10.0376 6244 HidUsb - ok 15:12:10.0426 6244 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll 15:12:10.0436 6244 hkmsvc - ok 15:12:10.0456 6244 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll 15:12:10.0466 6244 HomeGroupListener - ok 15:12:10.0506 6244 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll 15:12:10.0516 6244 HomeGroupProvider - ok 15:12:10.0646 6244 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll 15:12:10.0656 6244 hpqcxs08 - ok 15:12:10.0706 6244 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll 15:12:10.0706 6244 hpqddsvc - ok 15:12:10.0736 6244 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys 15:12:10.0736 6244 HpSAMD - ok 15:12:10.0796 6244 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys 15:12:10.0826 6244 HTTP - ok 15:12:10.0836 6244 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys 15:12:10.0846 6244 hwpolicy - ok 15:12:10.0876 6244 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys 15:12:10.0886 6244 i8042prt - ok 15:12:10.0926 6244 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys 15:12:10.0936 6244 iaStorV - ok 15:12:11.0006 6244 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 15:12:11.0016 6244 IDriverT - ok 15:12:11.0076 6244 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 15:12:11.0116 6244 idsvc - ok 15:12:11.0186 6244 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys 15:12:11.0196 6244 iirsp - ok 15:12:11.0246 6244 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll 15:12:11.0276 6244 IKEEXT - ok 15:12:11.0356 6244 [ C4E67D3037DC79E39D7136581A947F50 ] inspect C:\windows\system32\DRIVERS\inspect.sys 15:12:11.0356 6244 inspect - ok 15:12:11.0366 6244 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys 15:12:11.0376 6244 intelide - ok 15:12:11.0396 6244 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\drivers\intelppm.sys 15:12:11.0406 6244 intelppm - ok 15:12:11.0431 6244 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll 15:12:11.0431 6244 IPBusEnum - ok 15:12:11.0462 6244 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys 15:12:11.0462 6244 IpFilterDriver - ok 15:12:11.0525 6244 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll 15:12:11.0556 6244 iphlpsvc - ok 15:12:11.0556 6244 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys 15:12:11.0572 6244 IPMIDRV - ok 15:12:11.0603 6244 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys 15:12:11.0603 6244 IPNAT - ok 15:12:11.0696 6244 [ 755E4BA6DCE627A2683BB7640553C8D6 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 15:12:11.0728 6244 iPod Service - ok 15:12:11.0743 6244 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys 15:12:11.0759 6244 IRENUM - ok 15:12:11.0774 6244 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys 15:12:11.0790 6244 isapnp - ok 15:12:11.0821 6244 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys 15:12:11.0821 6244 iScsiPrt - ok 15:12:11.0852 6244 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys 15:12:11.0868 6244 kbdclass - ok 15:12:11.0884 6244 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys 15:12:11.0899 6244 kbdhid - ok 15:12:11.0915 6244 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe 15:12:11.0915 6244 KeyIso - ok 15:12:11.0946 6244 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys 15:12:11.0962 6244 KSecDD - ok 15:12:11.0977 6244 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys 15:12:11.0993 6244 KSecPkg - ok 15:12:12.0008 6244 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys 15:12:12.0008 6244 ksthunk - ok 15:12:12.0055 6244 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll 15:12:12.0086 6244 KtmRm - ok 15:12:12.0133 6244 KUSBusByTCP - ok 15:12:12.0274 6244 [ 384E82435A09A89C4E87A6B20AA9EE69 ] KUSBusByTCPMasterBus C:\windows\syswow64\Drivers\KUSBusByTCPMasterBus.sys 15:12:12.0274 6244 KUSBusByTCPMasterBus - ok 15:12:12.0352 6244 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll 15:12:12.0383 6244 LanmanServer - ok 15:12:12.0414 6244 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll 15:12:12.0430 6244 LanmanWorkstation - ok 15:12:12.0476 6244 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys 15:12:12.0492 6244 lltdio - ok 15:12:12.0523 6244 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll 15:12:12.0539 6244 lltdsvc - ok 15:12:12.0554 6244 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll 15:12:12.0570 6244 lmhosts - ok 15:12:12.0601 6244 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys 15:12:12.0601 6244 LSI_FC - ok 15:12:12.0632 6244 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys 15:12:12.0632 6244 LSI_SAS - ok 15:12:12.0664 6244 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys 15:12:12.0664 6244 LSI_SAS2 - ok 15:12:12.0695 6244 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys 15:12:12.0695 6244 LSI_SCSI - ok 15:12:12.0710 6244 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys 15:12:12.0726 6244 luafv - ok 15:12:12.0773 6244 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\windows\system32\DRIVERS\mcdbus.sys 15:12:12.0773 6244 mcdbus - ok 15:12:12.0804 6244 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll 15:12:12.0804 6244 Mcx2Svc - ok 15:12:12.0820 6244 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys 15:12:12.0835 6244 megasas - ok 15:12:12.0866 6244 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys 15:12:12.0866 6244 MegaSR - ok 15:12:12.0944 6244 Microsoft SharePoint Workspace Audit Service - ok 15:12:12.0991 6244 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll 15:12:12.0991 6244 MMCSS - ok 15:12:13.0007 6244 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys 15:12:13.0022 6244 Modem - ok 15:12:13.0069 6244 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys 15:12:13.0069 6244 monitor - ok 15:12:13.0100 6244 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys 15:12:13.0100 6244 mouclass - ok 15:12:13.0132 6244 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys 15:12:13.0132 6244 mouhid - ok 15:12:13.0163 6244 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys 15:12:13.0163 6244 mountmgr - ok 15:12:13.0225 6244 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 15:12:13.0241 6244 MozillaMaintenance - ok 15:12:13.0256 6244 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys 15:12:13.0272 6244 mpio - ok 15:12:13.0303 6244 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys 15:12:13.0303 6244 mpsdrv - ok 15:12:13.0350 6244 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll 15:12:13.0381 6244 MpsSvc - ok 15:12:13.0428 6244 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys 15:12:13.0444 6244 MRxDAV - ok 15:12:13.0475 6244 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys 15:12:13.0490 6244 mrxsmb - ok 15:12:13.0506 6244 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys 15:12:13.0522 6244 mrxsmb10 - ok 15:12:13.0537 6244 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys 15:12:13.0537 6244 mrxsmb20 - ok 15:12:13.0568 6244 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys 15:12:13.0568 6244 msahci - ok 15:12:13.0600 6244 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys 15:12:13.0600 6244 msdsm - ok 15:12:13.0631 6244 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe 15:12:13.0646 6244 MSDTC - ok 15:12:13.0693 6244 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys 15:12:13.0693 6244 Msfs - ok 15:12:13.0709 6244 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys 15:12:13.0709 6244 mshidkmdf - ok 15:12:13.0740 6244 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys 15:12:13.0740 6244 msisadrv - ok 15:12:13.0787 6244 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll 15:12:13.0802 6244 MSiSCSI - ok 15:12:13.0802 6244 msiserver - ok 15:12:13.0865 6244 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys 15:12:13.0865 6244 MSKSSRV - ok 15:12:13.0880 6244 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys 15:12:13.0896 6244 MSPCLOCK - ok 15:12:13.0912 6244 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys 15:12:13.0912 6244 MSPQM - ok 15:12:13.0953 6244 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys 15:12:13.0963 6244 MsRPC - ok 15:12:13.0983 6244 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys 15:12:13.0993 6244 mssmbios - ok 15:12:14.0003 6244 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys 15:12:14.0013 6244 MSTEE - ok 15:12:14.0043 6244 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys 15:12:14.0043 6244 MTConfig - ok 15:12:14.0083 6244 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys 15:12:14.0083 6244 Mup - ok 15:12:14.0133 6244 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll 15:12:14.0153 6244 napagent - ok 15:12:14.0213 6244 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys 15:12:14.0223 6244 NativeWifiP - ok 15:12:14.0313 6244 [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe 15:12:14.0323 6244 NAUpdate - ok 15:12:14.0393 6244 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys 15:12:14.0433 6244 NDIS - ok 15:12:14.0473 6244 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys 15:12:14.0483 6244 NdisCap - ok 15:12:14.0513 6244 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys 15:12:14.0513 6244 NdisTapi - ok 15:12:14.0543 6244 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys 15:12:14.0553 6244 Ndisuio - ok 15:12:14.0573 6244 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys 15:12:14.0583 6244 NdisWan - ok 15:12:14.0603 6244 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys 15:12:14.0603 6244 NDProxy - ok 15:12:14.0683 6244 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 15:12:14.0693 6244 Net Driver HPZ12 - ok 15:12:14.0733 6244 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys 15:12:14.0733 6244 NetBIOS - ok 15:12:14.0773 6244 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys 15:12:14.0773 6244 NetBT - ok 15:12:14.0803 6244 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe 15:12:14.0803 6244 Netlogon - ok 15:12:14.0853 6244 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll 15:12:14.0863 6244 Netman - ok 15:12:14.0943 6244 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 15:12:14.0953 6244 NetMsmqActivator - ok 15:12:14.0973 6244 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 15:12:14.0983 6244 NetPipeActivator - ok 15:12:15.0023 6244 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll 15:12:15.0043 6244 netprofm - ok 15:12:15.0053 6244 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 15:12:15.0053 6244 NetTcpActivator - ok 15:12:15.0073 6244 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 15:12:15.0083 6244 NetTcpPortSharing - ok 15:12:15.0113 6244 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys 15:12:15.0123 6244 nfrd960 - ok 15:12:15.0173 6244 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll 15:12:15.0183 6244 NlaSvc - ok 15:12:15.0203 6244 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys 15:12:15.0213 6244 Npfs - ok 15:12:15.0233 6244 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll 15:12:15.0243 6244 nsi - ok 15:12:15.0263 6244 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys 15:12:15.0263 6244 nsiproxy - ok 15:12:15.0363 6244 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys 15:12:15.0433 6244 Ntfs - ok 15:12:15.0463 6244 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys 15:12:15.0463 6244 Null - ok 15:12:15.0503 6244 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys 15:12:15.0513 6244 nvraid - ok 15:12:15.0533 6244 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys 15:12:15.0543 6244 nvstor - ok 15:12:15.0553 6244 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys 15:12:15.0563 6244 nv_agp - ok 15:12:15.0583 6244 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys 15:12:15.0583 6244 ohci1394 - ok 15:12:15.0653 6244 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:12:15.0653 6244 ose - ok 15:12:15.0833 6244 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 15:12:15.0873 6244 osppsvc - ok 15:12:15.0933 6244 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll 15:12:15.0943 6244 p2pimsvc - ok 15:12:15.0973 6244 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll 15:12:15.0993 6244 p2psvc - ok 15:12:16.0014 6244 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys 15:12:16.0024 6244 Parport - ok 15:12:16.0054 6244 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys 15:12:16.0054 6244 partmgr - ok 15:12:16.0084 6244 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll 15:12:16.0094 6244 PcaSvc - ok 15:12:16.0194 6244 [ 4B5F5774FF1C577B9515FDD2B5C535C5 ] PCDSRVC{1E208CE0-FB7451FF-06020200}_0 c:\program files\dell support center\pcdsrvc_x64.pkms 15:12:16.0194 6244 PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - ok 15:12:16.0234 6244 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys 15:12:16.0244 6244 pci - ok 15:12:16.0264 6244 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys 15:12:16.0274 6244 pciide - ok 15:12:16.0294 6244 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys 15:12:16.0304 6244 pcmcia - ok 15:12:16.0334 6244 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys 15:12:16.0334 6244 pcw - ok 15:12:16.0364 6244 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys 15:12:16.0394 6244 PEAUTH - ok 15:12:16.0524 6244 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe 15:12:16.0534 6244 PerfHost - ok 15:12:16.0624 6244 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll 15:12:16.0674 6244 pla - ok 15:12:16.0724 6244 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll 15:12:16.0744 6244 PlugPlay - ok 15:12:16.0814 6244 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 15:12:16.0824 6244 Pml Driver HPZ12 - ok 15:12:16.0854 6244 PnkBstrA - ok 15:12:16.0884 6244 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll 15:12:16.0894 6244 PNRPAutoReg - ok 15:12:16.0934 6244 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll 15:12:16.0944 6244 PNRPsvc - ok 15:12:16.0984 6244 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll 15:12:17.0004 6244 PolicyAgent - ok 15:12:17.0045 6244 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll 15:12:17.0055 6244 Power - ok 15:12:17.0095 6244 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys 15:12:17.0095 6244 PptpMiniport - ok 15:12:17.0125 6244 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys 15:12:17.0125 6244 Processor - ok 15:12:17.0182 6244 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll 15:12:17.0197 6244 ProfSvc - ok 15:12:17.0213 6244 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe 15:12:17.0228 6244 ProtectedStorage - ok 15:12:17.0260 6244 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys 15:12:17.0260 6244 Psched - ok 15:12:17.0322 6244 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys 15:12:17.0322 6244 PxHlpa64 - ok 15:12:17.0384 6244 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys 15:12:17.0431 6244 ql2300 - ok 15:12:17.0447 6244 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys 15:12:17.0462 6244 ql40xx - ok 15:12:17.0509 6244 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll 15:12:17.0509 6244 QWAVE - ok 15:12:17.0525 6244 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys 15:12:17.0525 6244 QWAVEdrv - ok 15:12:17.0681 6244 [ F98487B25828441B1C6488C642C2AC10 ] RapportCerberus_43926 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys 15:12:17.0696 6244 RapportCerberus_43926 - ok 15:12:17.0743 6244 [ EAE1BB44F17EB3F439367AAC6B829D55 ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys 15:12:17.0759 6244 RapportEI64 - ok 15:12:17.0790 6244 [ 428ABD0B5D771284F393356C6729074F ] RapportKE64 C:\windows\system32\Drivers\RapportKE64.sys 15:12:17.0790 6244 RapportKE64 - ok 15:12:17.0884 6244 [ 35468625105F5B10FCF43E5D58659924 ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe 15:12:17.0899 6244 RapportMgmtService - ok 15:12:17.0962 6244 [ 4CCFCED21C81C0C1D2BE6CB3ABF8A217 ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys 15:12:17.0977 6244 RapportPG64 - ok 15:12:18.0008 6244 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys 15:12:18.0008 6244 RasAcd - ok 15:12:18.0040 6244 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys 15:12:18.0040 6244 RasAgileVpn - ok 15:12:18.0071 6244 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll 15:12:18.0086 6244 RasAuto - ok 15:12:18.0118 6244 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys 15:12:18.0133 6244 Rasl2tp - ok 15:12:18.0164 6244 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll 15:12:18.0196 6244 RasMan - ok 15:12:18.0211 6244 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys 15:12:18.0211 6244 RasPppoe - ok 15:12:18.0242 6244 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys 15:12:18.0242 6244 RasSstp - ok 15:12:18.0274 6244 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys 15:12:18.0274 6244 rdbss - ok 15:12:18.0305 6244 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys 15:12:18.0305 6244 rdpbus - ok 15:12:18.0320 6244 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys 15:12:18.0336 6244 RDPCDD - ok 15:12:18.0352 6244 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys 15:12:18.0367 6244 RDPENCDD - ok 15:12:18.0398 6244 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys 15:12:18.0398 6244 RDPREFMP - ok 15:12:18.0445 6244 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys 15:12:18.0445 6244 RDPWD - ok 15:12:18.0492 6244 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys 15:12:18.0492 6244 rdyboost - ok 15:12:18.0523 6244 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll 15:12:18.0539 6244 RemoteAccess - ok 15:12:18.0570 6244 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll 15:12:18.0586 6244 RemoteRegistry - ok 15:12:18.0648 6244 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys 15:12:18.0648 6244 RFCOMM - ok 15:12:18.0695 6244 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\windows\system32\Drivers\RimUsb_AMD64.sys 15:12:18.0695 6244 RimUsb - ok 15:12:18.0757 6244 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\windows\system32\DRIVERS\RimSerial_AMD64.sys 15:12:18.0757 6244 RimVSerPort - ok 15:12:18.0788 6244 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\windows\system32\Drivers\RootMdm.sys 15:12:18.0788 6244 ROOTMODEM - ok 15:12:18.0898 6244 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe 15:12:18.0929 6244 RoxMediaDB12OEM - ok 15:12:18.0976 6244 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe 15:12:18.0991 6244 RoxWatch12 - ok 15:12:19.0022 6244 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll 15:12:19.0038 6244 RpcEptMapper - ok 15:12:19.0069 6244 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe 15:12:19.0085 6244 RpcLocator - ok 15:12:19.0132 6244 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\System32\rpcss.dll 15:12:19.0147 6244 RpcSs - ok 15:12:19.0163 6244 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys 15:12:19.0178 6244 rspndr - ok 15:12:19.0245 6244 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys 15:12:19.0255 6244 RSUSBSTOR - ok 15:12:19.0285 6244 [ E50CFB92986DCAB49DE93788FD695813 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys 15:12:19.0305 6244 RTL8167 - ok 15:12:19.0325 6244 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe 15:12:19.0325 6244 SamSs - ok 15:12:19.0355 6244 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys 15:12:19.0365 6244 sbp2port - ok 15:12:19.0415 6244 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll 15:12:19.0445 6244 SCardSvr - ok 15:12:19.0475 6244 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys 15:12:19.0475 6244 scfilter - ok 15:12:19.0535 6244 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll 15:12:19.0585 6244 Schedule - ok 15:12:19.0635 6244 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll 15:12:19.0645 6244 SCPolicySvc - ok 15:12:19.0685 6244 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll 15:12:19.0705 6244 SDRSVC - ok 15:12:19.0745 6244 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys 15:12:19.0755 6244 secdrv - ok 15:12:19.0785 6244 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll 15:12:19.0795 6244 seclogon - ok 15:12:19.0825 6244 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll 15:12:19.0835 6244 SENS - ok 15:12:19.0865 6244 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll 15:12:19.0875 6244 SensrSvc - ok 15:12:19.0915 6244 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys 15:12:19.0915 6244 Serenum - ok 15:12:19.0945 6244 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys 15:12:19.0945 6244 Serial - ok 15:12:19.0955 6244 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys 15:12:19.0965 6244 sermouse - ok 15:12:20.0055 6244 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll 15:12:20.0055 6244 SessionEnv - ok 15:12:20.0071 6244 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys 15:12:20.0071 6244 sffdisk - ok 15:12:20.0086 6244 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys 15:12:20.0102 6244 sffp_mmc - ok 15:12:20.0118 6244 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys 15:12:20.0133 6244 sffp_sd - ok 15:12:20.0149 6244 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys 15:12:20.0149 6244 sfloppy - ok 15:12:20.0258 6244 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE 15:12:20.0274 6244 SftService - ok 15:12:20.0336 6244 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll 15:12:20.0352 6244 SharedAccess - ok 15:12:20.0383 6244 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll 15:12:20.0398 6244 ShellHWDetection - ok 15:12:20.0430 6244 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys 15:12:20.0430 6244 SiSRaid2 - ok 15:12:20.0461 6244 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys 15:12:20.0461 6244 SiSRaid4 - ok 15:12:20.0523 6244 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 15:12:20.0523 6244 SkypeUpdate - ok 15:12:20.0554 6244 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys 15:12:20.0554 6244 Smb - ok 15:12:20.0617 6244 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe 15:12:20.0617 6244 SNMPTRAP - ok 15:12:20.0664 6244 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys 15:12:20.0664 6244 spldr - ok 15:12:20.0726 6244 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe 15:12:20.0742 6244 Spooler - ok 15:12:20.0882 6244 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe 15:12:20.0976 6244 sppsvc - ok 15:12:21.0007 6244 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll 15:12:21.0022 6244 sppuinotify - ok 15:12:21.0054 6244 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys 15:12:21.0069 6244 srv - ok 15:12:21.0100 6244 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys 15:12:21.0116 6244 srv2 - ok 15:12:21.0147 6244 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys 15:12:21.0147 6244 srvnet - ok 15:12:21.0194 6244 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll 15:12:21.0194 6244 SSDPSRV - ok 15:12:21.0225 6244 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll 15:12:21.0241 6244 SstpSvc - ok 15:12:21.0350 6244 [ A6B2EC3A2B6AD7C3F7B2F3495CADE4C0 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe 15:12:21.0366 6244 STacSV - ok 15:12:21.0397 6244 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys 15:12:21.0397 6244 stexstor - ok 15:12:21.0459 6244 [ EBA98394A7D58F7552C52192BD8FA7E6 ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys 15:12:21.0490 6244 STHDA - ok 15:12:21.0568 6244 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll 15:12:21.0600 6244 stisvc - ok 15:12:21.0662 6244 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe 15:12:21.0662 6244 stllssvr - ok 15:12:21.0693 6244 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys 15:12:21.0693 6244 swenum - ok 15:12:21.0740 6244 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll 15:12:21.0771 6244 swprv - ok 15:12:21.0834 6244 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll 15:12:21.0912 6244 SysMain - ok 15:12:21.0958 6244 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll 15:12:21.0974 6244 TabletInputService - ok 15:12:22.0021 6244 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll 15:12:22.0052 6244 TapiSrv - ok 15:12:22.0083 6244 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll 15:12:22.0083 6244 TBS - ok 15:12:22.0192 6244 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys 15:12:22.0255 6244 Tcpip - ok 15:12:22.0317 6244 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys 15:12:22.0348 6244 TCPIP6 - ok 15:12:22.0411 6244 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys 15:12:22.0411 6244 tcpipreg - ok 15:12:22.0473 6244 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys 15:12:22.0473 6244 TDPIPE - ok 15:12:22.0504 6244 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys 15:12:22.0504 6244 TDTCP - ok 15:12:22.0551 6244 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys 15:12:22.0551 6244 tdx - ok 15:12:22.0582 6244 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys 15:12:22.0582 6244 TermDD - ok 15:12:22.0629 6244 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll 15:12:22.0660 6244 TermService - ok 15:12:22.0676 6244 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll 15:12:22.0692 6244 Themes - ok 15:12:22.0723 6244 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll 15:12:22.0738 6244 THREADORDER - ok 15:12:22.0801 6244 [ E9CA6ED72EA9F56BD6E98C7042092A1C ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe 15:12:22.0801 6244 TomTomHOMEService - ok 15:12:22.0863 6244 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll 15:12:22.0894 6244 TrkWks - ok 15:12:22.0957 6244 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe 15:12:22.0957 6244 TrustedInstaller - ok 15:12:23.0004 6244 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys 15:12:23.0004 6244 tssecsrv - ok 15:12:23.0035 6244 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys 15:12:23.0035 6244 TsUsbFlt - ok 15:12:23.0066 6244 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys 15:12:23.0066 6244 TsUsbGD - ok 15:12:23.0128 6244 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys 15:12:23.0128 6244 tunnel - ok 15:12:23.0144 6244 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys 15:12:23.0160 6244 uagp35 - ok 15:12:23.0175 6244 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys 15:12:23.0191 6244 udfs - ok 15:12:23.0238 6244 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe 15:12:23.0253 6244 UI0Detect - ok 15:12:23.0269 6244 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys 15:12:23.0269 6244 uliagpkx - ok 15:12:23.0300 6244 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys 15:12:23.0300 6244 umbus - ok 15:12:23.0316 6244 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys 15:12:23.0316 6244 UmPass - ok 15:12:23.0347 6244 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll 15:12:23.0362 6244 upnphost - ok 15:12:23.0425 6244 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys 15:12:23.0425 6244 USBAAPL64 - ok 15:12:23.0472 6244 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys 15:12:23.0472 6244 usbccgp - ok 15:12:23.0518 6244 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys 15:12:23.0518 6244 usbcir - ok 15:12:23.0550 6244 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys 15:12:23.0550 6244 usbehci - ok 15:12:23.0581 6244 [ 76E2FFAD301490BA27B947C6507752FB ] usbfilter C:\windows\system32\DRIVERS\usbfilter.sys 15:12:23.0596 6244 usbfilter - ok 15:12:23.0643 6244 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys 15:12:23.0659 6244 usbhub - ok 15:12:23.0690 6244 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys 15:12:23.0690 6244 usbohci - ok 15:12:23.0721 6244 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys 15:12:23.0737 6244 usbprint - ok 15:12:23.0768 6244 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys 15:12:23.0768 6244 usbscan - ok 15:12:23.0815 6244 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS 15:12:23.0830 6244 USBSTOR - ok 15:12:23.0846 6244 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys 15:12:23.0846 6244 usbuhci - ok 15:12:23.0893 6244 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys 15:12:23.0893 6244 usbvideo - ok 15:12:23.0924 6244 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll 15:12:23.0940 6244 UxSms - ok 15:12:23.0971 6244 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe 15:12:23.0986 6244 VaultSvc - ok 15:12:24.0002 6244 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys 15:12:24.0018 6244 vdrvroot - ok 15:12:24.0033 6244 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe 15:12:24.0080 6244 vds - ok 15:12:24.0111 6244 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys 15:12:24.0111 6244 vga - ok 15:12:24.0158 6244 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys 15:12:24.0158 6244 VgaSave - ok 15:12:24.0189 6244 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys 15:12:24.0189 6244 vhdmp - ok 15:12:24.0205 6244 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys 15:12:24.0205 6244 viaide - ok 15:12:24.0220 6244 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys 15:12:24.0236 6244 volmgr - ok 15:12:24.0283 6244 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys 15:12:24.0298 6244 volmgrx - ok 15:12:24.0345 6244 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys 15:12:24.0345 6244 volsnap - ok 15:12:24.0376 6244 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys 15:12:24.0376 6244 vsmraid - ok 15:12:24.0454 6244 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe 15:12:24.0486 6244 VSS - ok 15:12:24.0532 6244 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys 15:12:24.0532 6244 vwifibus - ok 15:12:24.0564 6244 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys 15:12:24.0564 6244 vwififlt - ok 15:12:24.0595 6244 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll 15:12:24.0626 6244 W32Time - ok 15:12:24.0657 6244 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys 15:12:24.0657 6244 WacomPen - ok 15:12:24.0688 6244 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys 15:12:24.0704 6244 WANARP - ok 15:12:24.0704 6244 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys 15:12:24.0720 6244 Wanarpv6 - ok 15:12:24.0829 6244 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe 15:12:24.0876 6244 WatAdminSvc - ok 15:12:24.0954 6244 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe 15:12:25.0047 6244 wbengine - ok 15:12:25.0063 6244 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll 15:12:25.0078 6244 WbioSrvc - ok 15:12:25.0094 6244 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll 15:12:25.0110 6244 wcncsvc - ok 15:12:25.0141 6244 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll 15:12:25.0141 6244 WcsPlugInService - ok 15:12:25.0172 6244 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys 15:12:25.0172 6244 Wd - ok 15:12:25.0234 6244 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys 15:12:25.0266 6244 Wdf01000 - ok 15:12:25.0281 6244 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll 15:12:25.0297 6244 WdiServiceHost - ok 15:12:25.0312 6244 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll 15:12:25.0328 6244 WdiSystemHost - ok 15:12:25.0344 6244 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll 15:12:25.0375 6244 WebClient - ok 15:12:25.0406 6244 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll 15:12:25.0422 6244 Wecsvc - ok 15:12:25.0437 6244 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll 15:12:25.0453 6244 wercplsupport - ok 15:12:25.0500 6244 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll 15:12:25.0515 6244 WerSvc - ok 15:12:25.0546 6244 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys 15:12:25.0546 6244 WfpLwf - ok 15:12:25.0593 6244 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\windows\system32\DRIVERS\wimfltr.sys 15:12:25.0593 6244 WimFltr - ok 15:12:25.0624 6244 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys 15:12:25.0624 6244 WIMMount - ok 15:12:25.0656 6244 WinDefend - ok 15:12:25.0687 6244 WinHttpAutoProxySvc - ok 15:12:25.0749 6244 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll 15:12:25.0765 6244 Winmgmt - ok 15:12:25.0858 6244 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll 15:12:25.0952 6244 WinRM - ok 15:12:26.0014 6244 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys 15:12:26.0014 6244 WinUsb - ok 15:12:26.0077 6244 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll 15:12:26.0108 6244 Wlansvc - ok 15:12:26.0156 6244 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 15:12:26.0156 6244 wlcrasvc - ok 15:12:26.0327 6244 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 15:12:26.0343 6244 wlidsvc - ok 15:12:26.0421 6244 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys 15:12:26.0437 6244 WmiAcpi - ok 15:12:26.0515 6244 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe 15:12:26.0530 6244 wmiApSrv - ok 15:12:26.0561 6244 WMPNetworkSvc - ok 15:12:26.0593 6244 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll 15:12:26.0593 6244 WPCSvc - ok 15:12:26.0624 6244 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll 15:12:26.0639 6244 WPDBusEnum - ok 15:12:26.0671 6244 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys 15:12:26.0671 6244 ws2ifsl - ok 15:12:26.0702 6244 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll 15:12:26.0702 6244 wscsvc - ok 15:12:26.0717 6244 WSearch - ok 15:12:26.0842 6244 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll 15:12:26.0920 6244 wuauserv - ok 15:12:26.0983 6244 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys 15:12:26.0983 6244 WudfPf - ok 15:12:27.0076 6244 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys 15:12:27.0076 6244 WUDFRd - ok 15:12:27.0123 6244 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll 15:12:27.0155 6244 wudfsvc - ok 15:12:27.0202 6244 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll 15:12:27.0218 6244 WwanSvc - ok 15:12:27.0264 6244 ================ Scan global =============================== 15:12:27.0280 6244 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll 15:12:27.0342 6244 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll 15:12:27.0358 6244 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll 15:12:27.0389 6244 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll 15:12:27.0420 6244 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe 15:12:27.0452 6244 [Global] - ok 15:12:27.0452 6244 ================ Scan MBR ================================== 15:12:27.0467 6244 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 15:12:27.0857 6244 \Device\Harddisk0\DR0 - ok 15:12:27.0857 6244 ================ Scan VBR ================================== 15:12:27.0857 6244 [ B4A651EA79A9998884DA67ECFFB5E2E7 ] \Device\Harddisk0\DR0\Partition1 15:12:27.0857 6244 \Device\Harddisk0\DR0\Partition1 - ok 15:12:27.0920 6244 [ 9353CF31A6EC515E78353D1600509A2F ] \Device\Harddisk0\DR0\Partition2 15:12:27.0920 6244 \Device\Harddisk0\DR0\Partition2 - ok 15:12:27.0920 6244 ============================================================ 15:12:27.0920 6244 Scan finished 15:12:27.0920 6244 ============================================================ 15:12:27.0951 5072 Detected object count: 0 15:12:27.0951 5072 Actual detected object count: 0 15:12:47.0434 6588 Deinitialize success -
Adverts pop up in new tab (all logs provided)
ccfc1987 replied to ccfc1987's topic in Resolved Malware Removal Logs
C:\AdwCleaner[R1].txt # AdwCleaner v2.105 - Logfile created 01/11/2013 at 15:09:53 # Updated 08/01/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Conor - CONOR-PC # Boot Mode : Normal # Running from : C:\Users\Conor\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\END Folder Found : C:\Program Files (x86)\1ClickDownload Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\Users\Conor\AppData\Local\Conduit Folder Found : C:\Users\Conor\AppData\LocalLow\Conduit Folder Found : C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\jpugj63t.default\extensions\staged ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\SweetIM Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091 Key Found : HKLM\Software\Conduit Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASMANCS Key Found : HKLM\Software\SweetIM Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Mozilla Firefox v18.0 (en-US) File : C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js Found : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb128?a=6PQFeVAurz&loc=FF_NT"); File : C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\jpugj63t.default\prefs.js Found : user_pref("CT2504091_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...] Found : user_pref("extensions.50d46eaa398b6.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...] -\\ Google Chrome v23.0.1271.97 File : C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [2215 octets] - [11/01/2013 15:09:53] AdwCleaner[s1].txt - [5083 octets] - [13/10/2012 13:19:54] ########## EOF - C:\AdwCleaner[R1].txt - [2335 octets] ########## -
Hi all I am infected... again Basically I could be browsing normally and all of a sudded without clicking adverts open up in a new tab. Very strange! I did a bit of research and I cannot remember the name of the virus (it is stated in the address bar in the new tab before redirecting to another thing) I also notice my PC running much slower than usual... Malwarebytes scan detected nothing. Please help me! All logs attaced (also attached a ComboFix log) Thanks in advance DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2 Run by Conor at 13:38:09 on 2013-01-11 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3692.1420 [GMT 0:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D} FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe C:\windows\system32\svchost.exe -k RPCSS C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe C:\windows\system32\atiesrxx.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\windows\system32\svchost.exe -k LocalService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\windows\system32\WLANExt.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe C:\windows\SysWOW64\svchost.exe -k hpdevmgmt C:\windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe C:\windows\System32\svchost.exe -k secsvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\windows\system32\svchost.exe -k bthsvcs C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\windows\system32\atieclxx.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files (x86)\TRENDnet\MFP Server\Control Center.exe C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\windows\SysWOW64\RunDll32.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe C:\windows\system32\taskeng.exe C:\Program Files\Dell Support Center\uaclauncher.exe C:\Program Files\CCleaner\CCleaner64.exe C:\windows\servicing\TrustedInstaller.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com uSearchAssistant = hxxp://www.google.com uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned> BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [Control Center] C:\Program Files (x86)\TRENDnet\MFP Server\Control Center.exe -mini mRun: [gbrspcontrol] "C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe" -controlservice -slave StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTG~1.LNK - C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe uPolicies-Explorer: NoDrives = dword:0 uPolicies-Explorer: NoDriveTypeAutoRun = dword:255 uPolicies-Explorer: RestrictRun = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-Explorer: RestrictRun = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - C:\Users\Conor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab TCP: NameServer = 192.168.2.1 TCP: Interfaces\{4A92C260-D31D-47C8-8A74-6B120C7909E3} : NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3} : NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}\358455D2553535 : NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}\358455D2553535 : DHCPNameServer = 10.14.72.10 10.11.73.10 143.52.2.91 TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}\358455D27455543545 : DHCPNameServer = 10.14.72.10 10.11.73.10 143.52.2.91 TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}\35B4953383737373 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}\4514C4B44514C4B4D2145423641403 : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll AppInit_DLLs= C:\windows\SysWOW64\guard32.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL Hosts: 216.239.32.20 www.google.ae # bck9 Hosts: 216.239.32.20 www.google.at # bck9 Hosts: 216.239.32.20 www.google.be # bck9 Hosts: 216.239.32.20 www.google.ca # bck9 Hosts: 216.239.32.20 www.google.ch # bck9 . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\jpugj63t.default\ FF - prefs.js: browser.startup.homepage - http:\\\\www.google.co.uk FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Conor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll FF - ExtSQL: 2012-12-21 13:56; 50d46eaa39804@50d46eaa3983d.com; C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\jpugj63t.default\extensions\50d46eaa39804@50d46eaa3983d.com.xpi FF - ExtSQL: !HIDDEN! 2012-09-24 21:07; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2011-11-27 79488] R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2011-11-27 40064] R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-11-27 55856] R0 RapportKE64;RapportKE64;C:\windows\System32\drivers\RapportKE64.sys [2012-7-5 101688] R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2012-5-3 984144] R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2012-5-3 370288] R1 bckd;bckd;C:\windows\System32\drivers\bckd.sys [2012-2-13 108304] R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\windows\System32\drivers\cmdGuard.sys [2012-10-5 584056] R1 cmdHlp;COMODO Internet Security Helper Driver;C:\windows\System32\drivers\cmdhlp.sys [2012-10-5 38144] R1 RapportCerberus_43926;RapportCerberus_43926;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-10-4 505720] R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-12-23 55096] R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-12-23 297240] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-11-27 89600] R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-11-27 204288] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-8-6 365568] R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2012-5-3 25232] R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2012-5-3 71600] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-20 44808] R2 bckwfs;Blue Coat K9 Web Protection;C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2012-2-13 2122000] R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe [2012-12-19 70352] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2012-12-19 1868432] R2 GeekBuddyRSP;GeekBuddyRSP Service;C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe [2012-11-26 1851088] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400] R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-12-23 976728] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-11-27 1692480] R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-6-21 92632] R3 amdiox64;AMD IO Driver;C:\windows\System32\drivers\amdiox64.sys [2011-11-27 46136] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2011-11-27 114704] R3 BTWAMPFL;BTWAMPFL;C:\windows\System32\drivers\btwampfl.sys [2011-11-27 349736] R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2011-11-27 39464] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2011-11-27 176096] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-11-27 533096] R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\drivers\usbfilter.sys [2011-11-27 44672] S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-9-16 1431888] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-8-17 25584] S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-11-27 250984] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-2-15 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-3-14 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184] . =============== File Associations =============== . FileExt: .scr: AutoCADScriptFile=C:\windows\System32\notepad.exe "%1" . =============== Created Last 30 ================ . 2013-01-11 13:35:11 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BB314319-DACE-45D8-9210-F93E5018246C}\mpengine.dll 2013-01-10 22:53:17 -------- d-----w- C:\Users\Conor\AppData\Roaming\GetRightToGo 2013-01-10 19:17:57 -------- d-----w- C:\Users\Conor\AppData\Local\Programs 2013-01-09 18:37:49 750592 ----a-w- C:\windows\System32\win32spl.dll 2013-01-09 18:37:49 492032 ----a-w- C:\windows\SysWow64\win32spl.dll 2013-01-09 18:37:47 307200 ----a-w- C:\windows\System32\ncrypt.dll 2013-01-09 18:37:47 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll 2013-01-09 18:37:44 2002432 ----a-w- C:\windows\System32\msxml6.dll 2013-01-09 18:37:43 1882624 ----a-w- C:\windows\System32\msxml3.dll 2013-01-09 18:37:42 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll 2013-01-09 18:37:42 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll 2013-01-09 18:37:08 800768 ----a-w- C:\windows\System32\usp10.dll 2013-01-09 18:37:08 626688 ----a-w- C:\windows\SysWow64\usp10.dll 2013-01-09 18:34:21 424448 ----a-w- C:\windows\System32\KernelBase.dll 2013-01-09 18:33:15 68608 ----a-w- C:\windows\System32\taskhost.exe 2013-01-09 18:33:13 3149824 ----a-w- C:\windows\System32\win32k.sys 2013-01-08 06:01:23 -------- d-----w- C:\Program Files (x86)\Common Files\Comodo 2013-01-07 21:49:36 -------- d-----w- C:\Program Files\Blue Coat K9 Web Protection 2012-12-23 10:26:22 46080 ----a-w- C:\windows\System32\atmlib.dll 2012-12-23 10:26:22 34304 ----a-w- C:\windows\SysWow64\atmlib.dll 2012-12-23 10:26:16 367616 ----a-w- C:\windows\System32\atmfd.dll 2012-12-23 10:26:14 295424 ----a-w- C:\windows\SysWow64\atmfd.dll 2012-12-17 18:48:05 54024 ----a-w- C:\windows\System32\certsentry.dll 2012-12-17 18:48:05 45832 ----a-w- C:\windows\SysWow64\certsentry.dll 2012-12-12 22:46:48 -------- d-----w- C:\Users\Conor\New folder 2012-12-12 22:46:32 -------- d-----w- C:\Users\Conor\Blackberry Back Up (December 2012) 2012-12-12 19:24:30 2048 ----a-w- C:\windows\SysWow64\tzres.dll 2012-12-12 19:24:30 2048 ----a-w- C:\windows\System32\tzres.dll 2012-12-12 19:18:43 478208 ----a-w- C:\windows\System32\dpnet.dll 2012-12-12 19:18:43 376832 ----a-w- C:\windows\SysWow64\dpnet.dll . ==================== Find3M ==================== . 2013-01-11 03:50:32 151552 ----a-w- C:\windows\KMSEmulator.exe 2013-01-08 19:12:42 74248 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-08 19:12:42 697864 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-12-23 22:13:34 101688 ----a-w- C:\windows\System32\drivers\RapportKE64.sys 2012-12-19 21:01:57 281152 ----a-w- C:\windows\SysWow64\PnkBstrB.xtr 2012-12-19 21:01:57 281152 ----a-w- C:\windows\SysWow64\PnkBstrB.exe 2012-12-18 19:58:21 281152 ----a-w- C:\windows\SysWow64\PnkBstrB.ex0 2012-12-14 16:49:28 24176 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-12-07 13:20:16 441856 ----a-w- C:\windows\System32\Wpc.dll 2012-12-07 13:15:31 2746368 ----a-w- C:\windows\System32\gameux.dll 2012-12-07 12:26:17 308736 ----a-w- C:\windows\SysWow64\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- C:\windows\SysWow64\gameux.dll 2012-12-07 11:20:04 30720 ----a-w- C:\windows\System32\usk.rs 2012-12-07 11:20:03 43520 ----a-w- C:\windows\System32\csrr.rs 2012-12-07 11:20:03 23552 ----a-w- C:\windows\System32\oflc.rs 2012-12-07 11:20:01 45568 ----a-w- C:\windows\System32\oflc-nz.rs 2012-12-07 11:20:01 44544 ----a-w- C:\windows\System32\pegibbfc.rs 2012-12-07 11:20:01 20480 ----a-w- C:\windows\System32\pegi-fi.rs 2012-12-07 11:20:00 20480 ----a-w- C:\windows\System32\pegi-pt.rs 2012-12-07 11:19:59 20480 ----a-w- C:\windows\System32\pegi.rs 2012-12-07 11:19:58 46592 ----a-w- C:\windows\System32\fpb.rs 2012-12-07 11:19:57 40960 ----a-w- C:\windows\System32\cob-au.rs 2012-12-07 11:19:57 21504 ----a-w- C:\windows\System32\grb.rs 2012-12-07 11:19:57 15360 ----a-w- C:\windows\System32\djctq.rs 2012-12-07 11:19:56 55296 ----a-w- C:\windows\System32\cero.rs 2012-12-07 11:19:55 51712 ----a-w- C:\windows\System32\esrb.rs 2012-12-04 08:41:28 37976 ----a-w- C:\windows\SysWow64\drivers\CFRMD.sys 2012-12-04 08:41:28 37976 ----a-w- C:\windows\inf\CFRMD\cfrmd.sys 2012-11-30 05:45:35 362496 ----a-w- C:\windows\System32\wow64win.dll 2012-11-30 05:45:35 243200 ----a-w- C:\windows\System32\wow64.dll 2012-11-30 05:45:35 13312 ----a-w- C:\windows\System32\wow64cpu.dll 2012-11-30 05:45:14 215040 ----a-w- C:\windows\System32\winsrv.dll 2012-11-30 05:43:12 16384 ----a-w- C:\windows\System32\ntvdm64.dll 2012-11-30 04:54:00 5120 ----a-w- C:\windows\SysWow64\wow32.dll 2012-11-30 04:53:59 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll 2012-11-30 03:23:48 338432 ----a-w- C:\windows\System32\conhost.exe 2012-11-30 02:44:06 25600 ----a-w- C:\windows\SysWow64\setup16.exe 2012-11-30 02:44:04 7680 ----a-w- C:\windows\SysWow64\instnm.exe 2012-11-30 02:44:04 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll 2012-11-30 02:44:03 2048 ----a-w- C:\windows\SysWow64\user.exe 2012-11-30 02:38:59 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38:59 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-11-22 21:16:56 76888 ----a-w- C:\windows\SysWow64\PnkBstrA.exe 2012-11-22 21:16:43 840264 ----a-w- C:\windows\SysWow64\pbsvc.exe 2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-11-07 23:38:00 38144 ----a-w- C:\windows\System32\drivers\cmdhlp.sys 2012-11-07 23:37:59 584056 ----a-w- C:\windows\System32\drivers\cmdGuard.sys 2012-11-07 23:37:57 22736 ----a-w- C:\windows\System32\drivers\cmderd.sys 2012-11-07 23:37:36 41240 ----a-w- C:\windows\System32\cmdcsr.dll 2012-11-07 23:37:34 301264 ----a-w- C:\windows\SysWow64\guard32.dll 2012-11-07 23:37:31 390392 ----a-w- C:\windows\System32\guard64.dll 2012-10-30 22:51:55 984144 ----a-w- C:\windows\System32\drivers\aswSnx.sys 2012-10-30 22:51:55 71600 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys 2012-10-30 22:51:07 41224 ----a-w- C:\windows\avastSS.scr 2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll 2012-10-15 16:59:28 54072 ----a-w- C:\windows\System32\drivers\aswRdr2.sys 2012-10-14 19:43:48 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-10-14 19:43:47 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll . ============= FINISH: 13:42:06.76 =============== ComboFix 13-01-11.01 - Conor 11/01/2013 13:54:37.7.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3692.1678 [GMT 0:00] Running from: C:\Users\Conor\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\ProgramData\PCDr\6032\AddOnDownloaded\18d25bc5-acbb-424f-a6c6-d04a97765094.dll C:\ProgramData\PCDr\6032\AddOnDownloaded\2141cd58-3a24-481f-8ca2-8b466c9b797f.dll C:\ProgramData\PCDr\6032\AddOnDownloaded\2d2ff7e2-f0f8-4f32-a28e-e44234dd3300.dll C:\ProgramData\PCDr\6032\AddOnDownloaded\3e137363-345c-454a-a474-2da300d9297a.dll C:\ProgramData\PCDr\6032\AddOnDownloaded\4011a5cd-1208-467b-b149-4c0534295875.dll C:\ProgramData\PCDr\6032\AddOnDownloaded\62089595-46e8-4c4f-9d7b-48be969390bb.dll C:\ProgramData\PCDr\6032\AddOnDownloaded\65a823a3-a5fc-440a-b276-153555251042.dll C:\ProgramData\PCDr\6032\AddOnDownloaded\8c199aef-9eca-4ab6-863d-c9136ebec654.dll C:\ProgramData\PCDr\6032\AddOnDownloaded\918ee45c-eb0a-4e61-97ad-c1849c2623ee.dll C:\ProgramData\PCDr\6032\AddOnDownloaded\b0654984-096d-4244-a127-3364577b6279.dll C:\ProgramData\PCDr\6032\AddOnDownloaded\b967e9c4-897a-42c8-96d2-4ceb543f8cdb.dll C:\ProgramData\PCDr\6032\AddOnDownloaded\db33b903-f6ef-4bdd-adf8-db57372a45ec.dll C:\ProgramData\PCDr\6032\AddOnDownloaded\ea058b56-dc30-479c-af0f-bcf27aed08df.dll C:\ProgramData\PCDr\6032\AddOnDownloaded\f4d48f15-9f33-4b3f-a84f-bc8b2800e772.dll ((((((((((((((((((((((((( Files Created from 2012-12-11 to 2013-01-11 ))))))))))))))))))))))))))))))) 2013-01-11 14:17:17 . 2013-01-11 14:17:17 -------- d-----w- C:\Users\Public\AppData\Local\temp 2013-01-11 14:17:17 . 2013-01-11 14:17:17 -------- d-----w- C:\Users\Default\AppData\Local\temp 2013-01-11 13:43:32 . 2013-01-11 13:43:32 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BB314319-DACE-45D8-9210-F93E5018246C}\offreg.dll 2013-01-11 13:35:11 . 2012-11-08 17:24:30 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BB314319-DACE-45D8-9210-F93E5018246C}\mpengine.dll 2013-01-10 22:53:17 . 2013-01-10 22:55:22 -------- d-----w- C:\Users\Conor\AppData\Roaming\GetRightToGo 2013-01-10 19:17:57 . 2013-01-10 19:17:57 -------- d-----w- C:\Users\Conor\AppData\Local\Programs 2013-01-09 18:37:49 . 2012-11-09 05:45:32 750592 ----a-w- C:\windows\system32\win32spl.dll 2013-01-09 18:37:49 . 2012-11-09 04:43:04 492032 ----a-w- C:\windows\SysWow64\win32spl.dll 2013-01-09 18:37:47 . 2012-11-20 05:48:49 307200 ----a-w- C:\windows\system32\ncrypt.dll 2013-01-09 18:37:47 . 2012-11-20 04:51:09 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll 2013-01-09 18:37:44 . 2012-11-01 05:43:42 2002432 ----a-w- C:\windows\system32\msxml6.dll 2013-01-09 18:37:43 . 2012-11-01 05:43:42 1882624 ----a-w- C:\windows\system32\msxml3.dll 2013-01-09 18:37:42 . 2012-11-01 04:47:54 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll 2013-01-09 18:37:42 . 2012-11-01 04:47:54 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll 2013-01-09 18:37:08 . 2012-11-22 05:44:23 800768 ----a-w- C:\windows\system32\usp10.dll 2013-01-09 18:37:08 . 2012-11-22 04:45:03 626688 ----a-w- C:\windows\SysWow64\usp10.dll 2013-01-09 18:34:21 . 2012-11-30 05:41:07 424448 ----a-w- C:\windows\system32\KernelBase.dll 2013-01-09 18:33:15 . 2012-11-23 03:13:57 68608 ----a-w- C:\windows\system32\taskhost.exe 2013-01-09 18:33:13 . 2012-11-23 03:26:31 3149824 ----a-w- C:\windows\system32\win32k.sys 2013-01-08 06:01:23 . 2013-01-08 06:01:24 -------- d-----w- C:\Program Files (x86)\Common Files\Comodo 2013-01-07 21:49:36 . 2013-01-09 19:15:25 -------- d-----w- C:\Program Files\Blue Coat K9 Web Protection 2012-12-23 10:26:22 . 2012-12-16 17:11:22 46080 ----a-w- C:\windows\system32\atmlib.dll 2012-12-23 10:26:22 . 2012-12-16 14:13:20 34304 ----a-w- C:\windows\SysWow64\atmlib.dll 2012-12-23 10:26:16 . 2012-12-16 14:45:03 367616 ----a-w- C:\windows\system32\atmfd.dll 2012-12-23 10:26:14 . 2012-12-16 14:13:28 295424 ----a-w- C:\windows\SysWow64\atmfd.dll 2012-12-17 18:48:05 . 2012-12-30 06:05:29 54024 ----a-w- C:\windows\system32\certsentry.dll 2012-12-17 18:48:05 . 2012-12-30 06:05:29 45832 ----a-w- C:\windows\SysWow64\certsentry.dll 2012-12-12 22:46:48 . 2012-12-19 20:55:28 -------- d-----w- C:\Users\Conor\New folder 2012-12-12 22:46:32 . 2012-12-12 22:46:32 -------- d-----w- C:\Users\Conor\Blackberry Back Up (December 2012) 2012-12-12 19:24:30 . 2012-11-09 05:45:09 2048 ----a-w- C:\windows\system32\tzres.dll 2012-12-12 19:24:30 . 2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll 2012-12-12 19:18:43 . 2012-11-02 05:59:11 478208 ----a-w- C:\windows\system32\dpnet.dll 2012-12-12 19:18:43 . 2012-11-02 05:11:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2013-01-11 03:50:32 . 2012-10-16 20:31:33 151552 ----a-w- C:\windows\KMSEmulator.exe 2013-01-11 03:14:14 . 2012-08-01 22:05:00 67599240 ----a-w- C:\windows\system32\MRT.exe 2013-01-08 19:12:42 . 2012-08-19 21:03:11 74248 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-08 19:12:42 . 2012-08-19 21:03:11 697864 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-12-23 22:13:34 . 2012-07-05 11:05:08 101688 ----a-w- C:\windows\system32\drivers\RapportKE64.sys 2012-12-19 21:01:57 . 2012-11-22 21:32:29 281152 ----a-w- C:\windows\SysWow64\PnkBstrB.xtr 2012-12-19 21:01:57 . 2012-11-22 21:16:57 281152 ----a-w- C:\windows\SysWow64\PnkBstrB.exe 2012-12-18 19:58:21 . 2012-11-22 21:16:57 281152 ----a-w- C:\windows\SysWow64\PnkBstrB.ex0 2012-12-14 16:49:28 . 2012-05-03 13:03:09 24176 ----a-w- C:\windows\system32\drivers\mbam.sys 2012-12-11 21:52:17 . 2012-12-11 21:52:17 53248 ----a-r- C:\Users\Conor\AppData\Roaming\Microsoft\Installer\{38676C9C-270F-43D1-926A-E45DE8820A6B}\ARPPRODUCTICON.exe 2012-12-04 08:41:28 . 2012-12-04 08:41:28 37976 ----a-w- C:\windows\SysWow64\drivers\CFRMD.sys 2012-12-04 08:41:28 . 2012-12-04 08:41:28 37976 ----a-w- C:\windows\inf\CFRMD\cfrmd.sys 2012-11-30 04:45:10 . 2013-01-09 18:34:17 44032 ----a-w- C:\windows\apppatch\acwow64.dll 2012-11-22 21:16:56 . 2012-11-22 21:16:56 76888 ----a-w- C:\windows\SysWow64\PnkBstrA.exe 2012-11-22 21:16:43 . 2012-11-22 21:16:55 840264 ----a-w- C:\windows\SysWow64\pbsvc.exe 2012-11-07 23:38:01 . 2012-10-05 00:32:42 94288 ----a-w- C:\windows\system32\drivers\inspect.sys 2012-11-07 23:38:00 . 2012-10-05 00:32:40 38144 ----a-w- C:\windows\system32\drivers\cmdhlp.sys 2012-11-07 23:37:59 . 2012-10-05 00:32:40 584056 ----a-w- C:\windows\system32\drivers\cmdGuard.sys 2012-11-07 23:37:57 . 2012-10-05 00:32:38 22736 ----a-w- C:\windows\system32\drivers\cmderd.sys 2012-11-07 23:37:36 . 2012-10-05 00:32:16 41240 ----a-w- C:\windows\system32\cmdcsr.dll 2012-11-07 23:37:34 . 2012-10-05 00:32:12 301264 ----a-w- C:\windows\SysWow64\guard32.dll 2012-11-07 23:37:31 . 2012-10-05 00:32:10 390392 ----a-w- C:\windows\system32\guard64.dll 2012-10-30 22:51:56 . 2012-05-03 13:07:32 59728 ----a-w- C:\windows\system32\drivers\aswTdi.sys 2012-10-30 22:51:55 . 2012-05-03 13:07:34 370288 ----a-w- C:\windows\system32\drivers\aswSP.sys 2012-10-30 22:51:55 . 2012-05-03 13:07:32 984144 ----a-w- C:\windows\system32\drivers\aswSnx.sys 2012-10-30 22:51:55 . 2012-05-03 13:07:31 71600 ----a-w- C:\windows\system32\drivers\aswMonFlt.sys 2012-10-30 22:51:53 . 2012-05-03 13:07:34 25232 ----a-w- C:\windows\system32\drivers\aswFsBlk.sys 2012-10-30 22:51:07 . 2012-05-03 13:06:30 41224 ----a-w- C:\windows\avastSS.scr 2012-10-30 22:50:59 . 2012-05-03 13:06:28 227648 ----a-w- C:\windows\SysWow64\aswBoot.exe 2012-10-30 22:50:30 . 2012-05-03 13:07:31 285328 ----a-w- C:\windows\system32\aswBoot.exe 2012-10-16 08:38:37 . 2012-11-27 19:44:47 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 . 2012-11-27 19:44:47 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 . 2012-11-27 19:44:47 561664 ----a-w- C:\windows\apppatch\AcLayers.dll 2012-10-15 16:59:28 . 2012-05-03 13:07:32 54072 ----a-w- C:\windows\system32\drivers\aswRdr2.sys 2012-10-14 19:43:48 . 2012-10-14 19:44:07 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-10-14 19:43:47 . 2011-11-27 21:40:47 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll attach.txt
-
8 found threats C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Backup\DSLUpdate\hstart.exe.bak a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Backup\DSLUpdate\hstart.exe.bk1 a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application C:\Windows\KMSEmulator.exe a variant of Win32/HackKMS.A application C:\_OTL\MovedFiles\08212012_223005\c_program files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu.dll a variant of Win32/Bunndle application
-
MBAM Log: Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.13.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Conor :: CONOR-PC [administrator] 14/10/2012 20:46:40 mbam-log-2012-10-14 (20-46-40).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 211693 Time elapsed: 6 minute(s), 14 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) HJT Log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:53:55, on 14/10/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16450) Boot mode: Normal Running processes: C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\TRENDnet\MFP Server\Control Center.exe C:\windows\SysWOW64\RunDll32.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe C:\Users\Conor\Desktop\HijackThis.exe C:\windows\SysWOW64\DllHost.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" O4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Control Center] C:\Program Files (x86)\TRENDnet\MFP Server\Control Center.exe -mini O4 - HKLM\..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe O4 - HKLM\..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Conor\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Conor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CCS\Services\Tcpip\..\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CS1\Services\Tcpip\..\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CS2\Services\Tcpip\..\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 8.26.56.26,156.154.70.22 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\windows\SysWOW64\guard32.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: RoxMediaDB12OEM - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 14140 bytes Again going good also installed Comodo.
-
ComboFix 12-10-14.03 - Conor 14/10/2012 19:18:42.6.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3692.2353 [GMT 1:00] Running from: C:\Users\Conor\Desktop\ComboFix.exe Command switches used :: C:\Users\Conor\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ((((((((((((((((((((((((( Files Created from 2012-09-14 to 2012-10-14 ))))))))))))))))))))))))))))))) 2012-10-14 18:36:45 . 2012-10-14 18:36:45 -------- d-----w- C:\Users\Public\AppData\Local\temp 2012-10-14 18:36:45 . 2012-10-14 18:36:45 -------- d-----w- C:\Users\Default\AppData\Local\temp 2012-10-13 11:19:27 . 2012-10-13 11:19:28 388096 ----a-r- C:\Users\Conor\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-10-13 09:44:59 . 2012-08-20 18:38:31 5120 ---ha-w- C:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-10-13 09:43:54 . 2012-08-11 00:56:03 715776 ----a-w- C:\windows\system32\kerberos.dll 2012-10-13 09:43:54 . 2012-08-10 23:56:14 542208 ----a-w- C:\windows\SysWow64\kerberos.dll 2012-10-13 09:43:41 . 2012-06-02 05:41:27 1464320 ----a-w- C:\windows\system32\crypt32.dll 2012-10-13 09:43:40 . 2012-06-02 05:41:28 184320 ----a-w- C:\windows\system32\cryptsvc.dll 2012-10-13 09:43:40 . 2012-06-02 05:41:28 140288 ----a-w- C:\windows\system32\cryptnet.dll 2012-10-13 09:43:40 . 2012-06-02 04:36:29 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll 2012-10-13 09:43:40 . 2012-06-02 04:36:29 1159680 ----a-w- C:\windows\SysWow64\crypt32.dll 2012-10-13 09:43:40 . 2012-06-02 04:36:29 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll 2012-10-12 12:40:36 . 2012-08-30 07:27:02 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EC241DF6-9D2C-4E64-9E6A-CD2F1B758554}\mpengine.dll 2012-10-09 18:16:42 . 2012-10-09 18:16:42 -------- d-----w- C:\Program Files (x86)\TRENDnet 2012-10-09 18:06:00 . 2012-10-09 18:06:00 -------- d-----w- C:\Users\Conor\AppData\Roaming\HP 2012-09-25 19:37:35 . 2012-08-21 21:01:00 245760 ----a-w- C:\windows\system32\OxpsConverter.exe 2012-09-24 20:17:31 . 2012-09-24 20:17:31 -------- d-----w- C:\ProgramData\Hewlett-Packard 2012-09-24 20:17:19 . 2009-07-14 01:41:04 230400 ----a-w- C:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll 2012-09-24 20:13:02 . 2012-09-24 20:13:02 -------- d-----w- C:\ProgramData\Auslogics 2012-09-24 19:36:07 . 2012-09-24 19:36:07 -------- d-----w- C:\ProgramData\HP Product Assistant 2012-09-24 19:31:14 . 2012-09-24 19:31:14 -------- d-----w- C:\Program Files (x86)\Common Files\HP 2012-09-24 19:30:29 . 2012-09-24 19:30:29 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard 2012-09-24 19:29:10 . 2012-09-24 19:36:54 -------- d-----w- C:\Program Files (x86)\HP 2012-09-24 19:24:47 . 2012-09-24 20:21:04 -------- d-----w- C:\ProgramData\HP 2012-09-24 18:31:56 . 2009-07-08 10:51:17 642360 ----a-w- C:\windows\system32\hpzids40.dll 2012-09-24 18:31:56 . 2009-07-08 10:51:17 540672 ----a-w- C:\windows\system32\hppldcoi.dll 2012-09-24 18:31:55 . 2009-07-08 10:51:17 859136 ----a-w- C:\windows\system32\hpowiax4.dll 2012-09-24 18:31:55 . 2009-07-08 10:51:17 488960 ----a-w- C:\windows\system32\hpovst11.dll 2012-09-24 18:31:54 . 2009-07-08 10:51:17 1295360 ----a-w- C:\windows\system32\hpotiop4.dll 2012-09-23 13:45:10 . 2012-09-23 13:45:10 -------- d-----w- C:\Program Files (x86)\Gophoto.it 2012-09-22 22:28:59 . 2012-08-24 10:17:58 548864 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll 2012-09-16 16:32:15 . 2012-09-16 16:42:52 -------- d-----w- C:\ProgramData\FLEXnet 2012-09-16 16:19:44 . 2012-09-16 16:19:44 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared 2012-09-16 16:13:42 . 2012-09-16 17:12:27 -------- d-----w- C:\Program Files\Common Files\Autodesk Shared 2012-09-16 16:13:42 . 2012-09-16 16:13:42 -------- d-----w- C:\Users\Conor\AppData\Local\Autodesk 2012-09-16 16:08:17 . 2012-09-16 17:10:32 -------- d-----w- C:\Program Files (x86)\Common Files\Autodesk Shared 2012-09-16 16:07:53 . 2009-09-04 16:29:22 2582888 ----a-w- C:\windows\system32\D3DCompiler_42.dll 2012-09-16 16:07:50 . 2009-09-04 16:29:34 235344 ----a-w- C:\windows\SysWow64\d3dx11_42.dll 2012-09-16 16:07:50 . 2009-09-04 16:29:24 285024 ----a-w- C:\windows\system32\d3dx11_42.dll 2012-09-16 16:07:47 . 2009-09-04 16:29:20 2475352 ----a-w- C:\windows\system32\D3DX9_42.dll 2012-09-16 13:42:49 . 2012-09-16 17:10:37 -------- d-----w- C:\Users\Conor\AppData\Roaming\Autodesk 2012-09-16 13:42:48 . 2012-09-16 17:12:59 -------- d-----w- C:\ProgramData\Autodesk 2012-09-16 13:33:13 . 2012-09-16 15:52:19 -------- d-----w- C:\Autodesk 2012-09-16 11:46:15 . 2009-02-24 17:35:44 255552 ----a-w- C:\windows\SysWow64\drivers\mcdbus.sys 2012-09-16 11:46:13 . 2012-09-16 11:46:23 -------- d-----w- C:\Program Files (x86)\MagicDisc 2012-09-15 10:37:45 . 2012-10-14 10:59:52 151552 ----a-w- C:\windows\KMSEmulator.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2012-10-13 10:33:53 . 2012-08-01 22:05:00 65309168 ----a-w- C:\windows\system32\MRT.exe 2012-10-08 21:11:43 . 2012-08-19 21:03:11 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-08 21:11:43 . 2012-08-19 21:03:11 696760 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-09-22 15:34:44 . 2012-07-05 11:05:08 101688 ----a-w- C:\windows\system32\drivers\RapportKE64.sys 2012-09-09 10:53:37 . 2012-09-09 10:53:48 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-09 10:53:33 . 2012-05-18 15:10:16 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll 2012-09-09 10:53:33 . 2011-11-27 21:40:47 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll 2012-09-07 16:04:46 . 2012-05-03 13:03:09 25928 ----a-w- C:\windows\system32\drivers\mbam.sys 2012-08-22 18:12:50 . 2012-09-12 19:40:50 1913200 ----a-w- C:\windows\system32\drivers\tcpip.sys 2012-08-22 18:12:40 . 2012-09-12 19:41:08 950128 ----a-w- C:\windows\system32\drivers\ndis.sys 2012-08-22 18:12:40 . 2012-09-12 19:40:49 376688 ----a-w- C:\windows\system32\drivers\netio.sys 2012-08-22 18:12:33 . 2012-09-12 19:40:49 288624 ----a-w- C:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 09:13:13 . 2012-05-03 13:07:34 359464 ----a-w- C:\windows\system32\drivers\aswSP.sys 2012-08-21 09:13:13 . 2012-05-03 13:07:32 969200 ----a-w- C:\windows\system32\drivers\aswSnx.sys 2012-08-21 09:13:13 . 2012-05-03 13:07:32 59728 ----a-w- C:\windows\system32\drivers\aswTdi.sys 2012-08-21 09:13:12 . 2012-05-03 13:07:32 54072 ----a-w- C:\windows\system32\drivers\aswRdr2.sys 2012-08-21 09:13:12 . 2012-05-03 13:07:31 71600 ----a-w- C:\windows\system32\drivers\aswMonFlt.sys 2012-08-21 09:13:11 . 2012-05-03 13:07:34 25232 ----a-w- C:\windows\system32\drivers\aswFsBlk.sys 2012-08-21 09:12:33 . 2012-05-03 13:06:30 41224 ----a-w- C:\windows\avastSS.scr 2012-08-21 09:12:23 . 2012-05-03 13:06:28 227648 ----a-w- C:\windows\SysWow64\aswBoot.exe 2012-08-21 09:12:02 . 2012-05-03 13:07:31 285328 ----a-w- C:\windows\system32\aswBoot.exe 2012-08-20 17:38:44 . 2012-10-13 09:45:03 44032 ----a-w- C:\windows\apppatch\acwow64.dll 2012-08-19 20:44:18 . 2012-08-19 20:44:43 108008 ----a-w- C:\windows\system32\WindowsAccessBridge-64.dll 2012-08-19 20:44:08 . 2012-08-19 20:45:21 289768 ----a-w- C:\windows\system32\javaws.exe 2012-08-19 20:44:08 . 2012-08-19 20:44:43 189416 ----a-w- C:\windows\system32\javaw.exe 2012-08-19 20:44:07 . 2012-08-19 20:44:43 188904 ----a-w- C:\windows\system32\java.exe 2012-08-19 20:44:05 . 2012-08-19 20:45:21 1034216 ----a-w- C:\windows\system32\npDeployJava1.dll 2012-08-19 20:44:05 . 2011-11-27 21:40:28 916456 ----a-w- C:\windows\system32\deployJava1.dll 2012-08-02 17:58:52 . 2012-09-12 19:40:59 574464 ----a-w- C:\windows\system32\d3d10level9.dll 2012-08-02 16:57:20 . 2012-09-12 19:40:58 490496 ----a-w- C:\windows\SysWow64\d3d10level9.dll 2012-08-01 14:18:23 . 2012-08-01 14:18:23 203576 ----a-w- C:\windows\SysWow64\richtx32.ocx 2012-08-01 14:18:22 . 2012-08-01 14:18:22 124688 ----a-w- C:\windows\SysWow64\mswinsck.ocx 2012-07-18 18:15:06 . 2012-08-15 15:52:07 3148800 ----a-w- C:\windows\system32\win32k.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\Conor\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-10 11:06:06 932528] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell Webcam Central"="C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 16:39:14 503942] "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-08-06 06:58:58 336384] "RoxWatchTray"="c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 11:33:58 240112] "Desktop Disc Tool"="c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 16:35:34 514544] "NeroLauncher"="C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 17:26:08 66872] "AccuWeatherWidget"="C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-30 00:18:16 885760] "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 17:22:24 91520] "RIMBBLaunchAgent.exe"="C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 01:00:44 90448] "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 19:06:18 59280] "avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2012-08-21 09:12:26 4282728] "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 19:05:34 421736] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 08:04:54 252848] "Control Center"="C:\Program Files (x86)\TRENDnet\MFP Server\Control Center.exe" [2007-11-02 10:04:10 2477568] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-1-13 1138464] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 20:27:14 138576] R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 13:07:37 136176] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 11:34:18 219632] R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 12:28:36 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 21:11:44 250808] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-09-16 16:19:44 1431888] R3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 17:59:12 206072] R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 13:07:37 136176] R3 KUSBusByTCP;KUSBusByTCP;C:\windows\system32\Drivers\KUSBusByTCP.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 17:51:12 30963576] R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-11 01:05:59 115168] R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-08-17 21:26:48 25584] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 11:33:18 1116656] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 00:11:42 250984] R3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys [2010-11-21 03:24:33 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 03:23:47 31232] R3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 11:01:50 52736] R3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe [2012-03-13 17:18:31 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 00:10:10 57184] S0 amd_sata;amd_sata;C:\windows\system32\DRIVERS\amd_sata.sys [2011-06-16 22:08:24 79488] S0 amd_xata;amd_xata;C:\windows\system32\DRIVERS\amd_xata.sys [2011-06-16 22:08:26 40064] S0 PxHlpa64;PxHlpa64;C:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 09:00:00 55856] S0 RapportKE64;RapportKE64;C:\windows\System32\Drivers\RapportKE64.sys [2012-09-22 15:34:44 101688] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 RapportCerberus_43926;RapportCerberus_43926;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-10-04 20:18:01 505720] S1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-09-22 15:34:44 55096] S1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-09-22 15:34:42 297240] S1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 00:07:22 59904] S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2009-03-03 10:42:58 89600] S2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe [2011-08-06 07:44:20 204288] S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-08-06 07:14:06 365568] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;C:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 09:13:12 71600] S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 15:32:36 687400] S2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-09-22 15:34:24 976728] S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 15:05:46 1692480] S2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-06-21 04:01:58 92632] S3 amdiox64;AMD IO Driver;C:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 15:18:24 46136] S3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys [2011-08-06 11:33:18 9361408] S3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys [2011-08-06 07:01:50 309760] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\system32\drivers\AtihdW76.sys [2011-03-30 22:46:46 114704] S3 BTWAMPFL;BTWAMPFL;C:\windows\system32\DRIVERS\btwampfl.sys [2011-08-18 22:39:50 349736] S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys [2011-08-18 22:39:52 39464] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 17:20:46 176096] S3 KUSBusByTCPMasterBus;Master Bus of Kernel USB Software Bus by TCP;SysWOW64\Drivers\KUSBusByTCPMasterBus.sys [x] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 20:34:24 4925184] S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-17 06:55:28 533096] S3 usbfilter;AMD USB Filter Driver;C:\windows\system32\DRIVERS\usbfilter.sys [2010-11-29 12:50:38 44672] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc Contents of the 'Scheduled Tasks' folder 2012-10-14 C:\windows\Tasks\Adobe Flash Player Updater.job - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-19 21:03:12 . 2012-10-08 21:11:44] 2012-10-14 C:\windows\Tasks\AutoKMS.job - C:\Windows\AutoKMS\AutoKMS.exe [2012-09-15 10:41:58 . 2012-09-15 10:41:58] 2012-10-14 C:\windows\Tasks\AutoKMSDaily.job - C:\Windows\AutoKMS\AutoKMS.exe [2012-09-15 10:41:58 . 2012-09-15 10:41:58] 2012-10-14 C:\windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 13:08:00 . 2012-05-03 13:07:37] 2012-10-14 C:\windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 13:08:00 . 2012-05-03 13:07:37] --------- X64 Entries ----------- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-08-21 09:11:57 133400 ----a-w- C:\Program Files\AVAST Software\Avast\ashShA64.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2011-03-29 20:50:34 608112] "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" [2011-05-27 19:06:16 1128448] "Stage Remote"="C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 01:26:30 2022976] ------- Supplementary Scan ------- uStart Page = hxxp://www.google.com uLocal Page = C:\windows\system32\blank.htm mLocal Page = C:\Windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - C:\Users\Conor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}\358455D2553535: NameServer = 8.26.56.26,156.154.70.22 FF - ProfilePath - C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\jpugj63t.default\ FF - ExtSQL: 2012-09-02 10:51; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF FF - ExtSQL: 2012-09-24 21:07; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF - ExtSQL: !HIDDEN! 2012-09-24 21:07; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 - - - - ORPHANS REMOVED - - - - AddRemove-WT089446 - C:\Program Files (x86)\WildTangent\Dell Games\Wedding Dash - Ready Seems to be running fine now I used to have Comodo Firewall but I wasn't the biggest fan of it. Is there anymore free ones you can reccomend? If not I'll go back to Comodo
-
Seems to have done the trick thanks a bunch! Can you confirm that my PC is clear? Also can you reccomend a food freeware firewall please? I dont trust Windows Firewall anymore.
-
I have done that, it still crashes though anything else I can try? Maybe look deeper into the system?
-
ComboFix 12-10-12.01 - Conor 13/10/2012 16:07:48.5.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3692.2203 [GMT 1:00] Running from: c:\users\Conor\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-09-13 to 2012-10-13 ))))))))))))))))))))))))))))))) . . 2012-10-13 15:25 . 2012-10-13 15:25 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-10-13 15:25 . 2012-10-13 15:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-13 11:19 . 2012-10-13 11:19 388096 ----a-r- c:\users\Conor\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-10-13 09:44 . 2012-08-20 18:38 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-10-13 09:43 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll 2012-10-13 09:43 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll 2012-10-13 09:43 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll 2012-10-13 09:43 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-13 09:43 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-13 09:43 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-10-13 09:43 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-10-13 09:43 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-10-12 12:40 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC241DF6-9D2C-4E64-9E6A-CD2F1B758554}\mpengine.dll 2012-10-09 18:16 . 2012-10-09 18:16 -------- d-----w- c:\program files (x86)\TRENDnet 2012-10-09 18:06 . 2012-10-09 18:06 -------- d-----w- c:\users\Conor\AppData\Roaming\HP 2012-09-25 19:37 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-09-24 20:17 . 2012-09-24 20:17 -------- d-----w- c:\programdata\Hewlett-Packard 2012-09-24 20:17 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll 2012-09-24 20:13 . 2012-09-24 20:13 -------- d-----w- c:\programdata\Auslogics 2012-09-24 19:36 . 2012-09-24 19:36 -------- d-----w- c:\programdata\HP Product Assistant 2012-09-24 19:31 . 2012-09-24 19:31 -------- d-----w- c:\program files (x86)\Common Files\HP 2012-09-24 19:30 . 2012-09-24 19:30 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard 2012-09-24 19:29 . 2012-09-24 19:36 -------- d-----w- c:\program files (x86)\HP 2012-09-24 19:24 . 2012-09-24 20:21 -------- d-----w- c:\programdata\HP 2012-09-24 18:31 . 2009-07-08 10:51 642360 ----a-w- c:\windows\system32\hpzids40.dll 2012-09-24 18:31 . 2009-07-08 10:51 540672 ----a-w- c:\windows\system32\hppldcoi.dll 2012-09-24 18:31 . 2009-07-08 10:51 859136 ----a-w- c:\windows\system32\hpowiax4.dll 2012-09-24 18:31 . 2009-07-08 10:51 488960 ----a-w- c:\windows\system32\hpovst11.dll 2012-09-24 18:31 . 2009-07-08 10:51 1295360 ----a-w- c:\windows\system32\hpotiop4.dll 2012-09-23 13:45 . 2012-09-23 13:45 -------- d-----w- c:\program files (x86)\Gophoto.it 2012-09-22 22:28 . 2012-08-24 10:17 548864 ----a-w- c:\program files\Internet Explorer\ieproxy.dll 2012-09-16 16:32 . 2012-09-16 16:42 -------- d-----w- c:\programdata\FLEXnet 2012-09-16 16:19 . 2012-09-16 16:19 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2012-09-16 16:13 . 2012-09-16 17:12 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2012-09-16 16:13 . 2012-09-16 16:13 -------- d-----w- c:\users\Conor\AppData\Local\Autodesk 2012-09-16 16:08 . 2012-09-16 17:10 -------- d-----w- c:\program files (x86)\Common Files\Autodesk Shared 2012-09-16 16:07 . 2009-09-04 16:29 2582888 ----a-w- c:\windows\system32\D3DCompiler_42.dll 2012-09-16 16:07 . 2009-09-04 16:29 235344 ----a-w- c:\windows\SysWow64\d3dx11_42.dll 2012-09-16 16:07 . 2009-09-04 16:29 285024 ----a-w- c:\windows\system32\d3dx11_42.dll 2012-09-16 16:07 . 2009-09-04 16:29 2475352 ----a-w- c:\windows\system32\D3DX9_42.dll 2012-09-16 13:42 . 2012-09-16 17:10 -------- d-----w- c:\users\Conor\AppData\Roaming\Autodesk 2012-09-16 13:42 . 2012-09-16 17:12 -------- d-----w- c:\programdata\Autodesk 2012-09-16 13:33 . 2012-09-16 15:52 -------- d-----w- C:\Autodesk 2012-09-16 11:46 . 2009-02-24 17:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys 2012-09-16 11:46 . 2012-09-16 11:46 -------- d-----w- c:\program files (x86)\MagicDisc 2012-09-15 10:37 . 2012-10-13 13:23 151552 ----a-w- c:\windows\KMSEmulator.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-13 10:33 . 2012-08-01 22:05 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-10-08 21:11 . 2012-08-19 21:03 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-08 21:11 . 2012-08-19 21:03 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-09-22 15:34 . 2012-07-05 11:05 101688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys 2012-09-09 10:53 . 2012-09-09 10:53 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-09 10:53 . 2012-05-18 15:10 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-09 10:53 . 2011-11-27 21:40 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-07 16:04 . 2012-05-03 13:03 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-22 18:12 . 2012-09-12 19:40 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 18:12 . 2012-09-12 19:41 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-12 19:40 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 19:40 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 09:13 . 2012-05-03 13:07 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-08-21 09:13 . 2012-05-03 13:07 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-08-21 09:13 . 2012-05-03 13:07 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-08-21 09:13 . 2012-05-03 13:07 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-08-21 09:13 . 2012-05-03 13:07 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-08-21 09:13 . 2012-05-03 13:07 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-08-21 09:12 . 2012-05-03 13:06 41224 ----a-w- c:\windows\avastSS.scr 2012-08-21 09:12 . 2012-05-03 13:06 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-08-21 09:12 . 2012-05-03 13:07 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-08-20 17:38 . 2012-10-13 09:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-08-19 20:44 . 2012-08-19 20:44 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2012-08-19 20:44 . 2012-08-19 20:45 289768 ----a-w- c:\windows\system32\javaws.exe 2012-08-19 20:44 . 2012-08-19 20:44 189416 ----a-w- c:\windows\system32\javaw.exe 2012-08-19 20:44 . 2012-08-19 20:44 188904 ----a-w- c:\windows\system32\java.exe 2012-08-19 20:44 . 2012-08-19 20:45 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-08-19 20:44 . 2011-11-27 21:40 916456 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-02 17:58 . 2012-09-12 19:40 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-08-02 16:57 . 2012-09-12 19:40 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2012-08-01 14:18 . 2012-08-01 14:18 203576 ----a-w- c:\windows\SysWow64\richtx32.ocx 2012-08-01 14:18 . 2012-08-01 14:18 124688 ----a-w- c:\windows\SysWow64\mswinsck.ocx 2012-07-18 18:15 . 2012-08-15 15:52 3148800 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="c:\users\Conor\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-10 932528] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-08-06 336384] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544] "NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872] "AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-30 885760] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520] "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Control Center"="c:\program files (x86)\TRENDnet\MFP Server\Control Center.exe" [2007-11-02 2477568] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-1-13 1138464] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 136176] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 250808] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-09-16 1431888] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 136176] R3 KUSBusByTCP;KUSBusByTCP;c:\windows\system32\Drivers\KUSBusByTCP.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-08 114144] R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-08-17 25584] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-13 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-06-16 79488] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-06-16 40064] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-09-22 101688] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-10-04 505720] S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-09-22 55096] S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-09-22 297240] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-08-06 204288] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-08-06 365568] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400] S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-09-22 976728] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480] S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-06-21 92632] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-08-06 9361408] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-08-06 309760] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704] S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-08-18 349736] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-08-18 39464] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096] S3 KUSBusByTCPMasterBus;Master Bus of Kernel USB Software Bus by TCP;SysWOW64\Drivers\KUSBusByTCPMasterBus.sys [x] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-17 533096] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-29 44672] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-10-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-19 21:11] . 2012-10-13 c:\windows\Tasks\AutoKMS.job - c:\windows\AutoKMS\AutoKMS.exe [2012-09-15 10:41] . 2012-10-13 c:\windows\Tasks\AutoKMSDaily.job - c:\windows\AutoKMS\AutoKMS.exe [2012-09-15 10:41] . 2012-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 13:07] . 2012-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 13:07] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448] "Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - c:\users\Conor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}\358455D2553535: NameServer = 8.26.56.26,156.154.70.22 FF - ProfilePath - c:\users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\j4evul88.default-1347814311337\ FF - prefs.js: browser.startup.homepage - www.google.co.uk . - - - - ORPHANS REMOVED - - - - . AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\03\00\0b\0f\06\05?" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe . ************************************************************************** . Completion time: 2012-10-13 16:36:16 - machine was rebooted ComboFix-quarantined-files.txt 2012-10-13 15:36 ComboFix2.txt 2012-08-19 12:15 . Pre-Run: 419,670,745,088 bytes free Post-Run: 419,630,161,920 bytes free . - - End Of File - - 760C72807CC98C0CE5F70A5EA613172B Searnu seems to have gone but Firefox seems to be running rather slow (keeps 'not responding')
-
AdwCleaner report: # AdwCleaner v2.004 - Logfile created 10/13/2012 at 14:19:54 # Updated 06/10/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Conor - CONOR-PC # Boot Mode : Normal # Running from : C:\Users\Conor\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\user.js Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\Smartdl Folder Deleted : C:\Users\Conor\AppData\Local\Conduit Folder Deleted : C:\Users\Conor\AppData\LocalLow\Conduit ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Iminent Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS Key Deleted : HKLM\Software\Web Assistant Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar Key Deleted : HKLM\SOFTWARE\Web Assistant Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=4423b668-d83b-4cac-88cf-2b98c24f5722&searchtype=hp --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=4423b668-d83b-4cac-88cf-2b98c24f5722&searchtype=ds&q={searchTerms} --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=4423b668-d83b-4cac-88cf-2b98c24f5722&searchtype=ds&q={searchTerms} --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=4423b668-d83b-4cac-88cf-2b98c24f5722&searchtype=ds&q={searchTerms} --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=4423b668-d83b-4cac-88cf-2b98c24f5722&searchtype=ds&q={searchTerms} --> hxxp://www.google.com -\\ Mozilla Firefox v15.0.1 (en-US) Profile name : default-1347814311337 [Profil par défaut] File : C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\j4evul88.default-1347814311337\prefs.js [OK] File is clean. -\\ Google Chrome v [unable to get version] File : C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.8] : homepage = "hxxp://www.searchnu.com/102", Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/102", "hxxp://www.google.com" ] Deleted [l.1419] : homepage = "hxxp://www.searchnu.com/102", Deleted [l.1740] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/102", "hxxp://www.google.com" ] ************************* AdwCleaner[s1].txt - [4968 octets] - [13/10/2012 14:19:54] ########## EOF - C:\AdwCleaner[s1].txt - [5028 octets] ########## RogueKiller report: RogueKiller V8.1.1 [10/03/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Conor [Admin rights] Mode : Remove -- Date : 10/13/2012 14:26:56 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{4A92C260-D31D-47C8-8A74-6B120C7909E3} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{4A92C260-D31D-47C8-8A74-6B120C7909E3} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST950032 5AS SATA Disk Device +++++ --- User --- [MBR] e1cf3956ef2f984ff195364e4f6062fc [bSP] ee1fa6662c2a2d395c2bf5b13616a5b9 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt
-
Thanks for your reply Logs are below: Security Check: Results of screen317's Security Check version 0.99.51 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` SpywareBlaster 4.6 Malwarebytes Anti-Malware version 1.65.0.1400 JavaFX 2.1.0 Java™ 6 Update 27 Java 7 Update 7 Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.4.402.287 Mozilla Firefox (15.0.1) Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log`````````````````````` Attach.txt DDS.txt
-
Hey gys Just found out now that on Google Chome there is a search engine called ‘searchnu’ infected on my machine? Can you please check all my logs and advise me on the next steps please? Many thanks HJT Log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:22:13, on 13/10/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16450) Boot mode: Normal Running processes: C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe C:\Users\Conor\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe C:\Program Files (x86)\TRENDnet\MFP Server\Control Center.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\windows\SysWOW64\RunDll32.exe C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe C:\windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=4423b668-d83b-4cac-88cf-2b98c24f5722&searchtype=ds&q={searchTerms} R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=4423b668-d83b-4cac-88cf-2b98c24f5722&searchtype=ds&q={searchTerms} R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=4423b668-d83b-4cac-88cf-2b98c24f5722&searchtype=hp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=4423b668-d83b-4cac-88cf-2b98c24f5722&searchtype=ds&q={searchTerms} R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=4423b668-d83b-4cac-88cf-2b98c24f5722&searchtype=ds&q={searchTerms} R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file) O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" O4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Control Center] C:\Program Files (x86)\TRENDnet\MFP Server\Control Center.exe -mini O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Conor\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Conor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CS1\Services\Tcpip\..\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CS2\Services\Tcpip\..\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 8.26.56.26,156.154.70.22 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: RoxMediaDB12OEM - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 15795 bytes Attach.txt DDS.txt
-
Thank you very much matey
-
No problems so far and I've been browsing for over an hour what re the next steps?
-
I'll give that a go and see Just to confirm that now makes my machine 100% clean? Also you have obviously seen that list of programs that I have, can you reccomend any others so this doesn't happen again? Thanks for your help
-
Hmmmm, still says 'not responding' every now and then... its deinitely not the server as that has been sorted out :/ As long as you think my systems is a clean as ever then I cant complain
-
All processes killed ========== OTL ========== HKEY_USERS\S-1-5-21-3498985405-2854093996-1078918590-1002\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-3498985405-2854093996-1078918590-1002\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found. Use Chrome's Settings page to change the HomePage. Use Chrome's Settings page to change the HomePage. C:\Users\Conor\AppData\Local\blekkotb\data folder moved successfully. C:\Users\Conor\AppData\Local\blekkotb folder moved successfully. C:\Users\Conor\AppData\Roaming\Azureus\updates folder moved successfully. C:\Users\Conor\AppData\Roaming\Azureus\torrents folder moved successfully. C:\Users\Conor\AppData\Roaming\Azureus\tmp folder moved successfully. C:\Users\Conor\AppData\Roaming\Azureus\subs folder moved successfully. C:\Users\Conor\AppData\Roaming\Azureus\shares folder moved successfully. C:\Users\Conor\AppData\Roaming\Azureus\rss folder moved successfully. C:\Users\Conor\AppData\Roaming\Azureus\plugins\mlab folder moved successfully. C:\Users\Conor\AppData\Roaming\Azureus\plugins\azutp\x64 folder moved successfully. C:\Users\Conor\AppData\Roaming\Azureus\plugins\azutp\win32 folder moved successfully. C:\Users\Conor\AppData\Roaming\Azureus\plugins\azutp folder moved successfully. C:\Users\Conor\AppData\Roaming\Azureus\plugins\azupnpav folder moved successfully. C:\Users\Conor\AppData\Roaming\Azureus\plugins\aefeatman_v folder moved successfully. C:\Users\Conor\AppData\Roaming\Azureus\plugins folder moved successfully. C:\Users\Conor\AppData\Roaming\Azureus\net folder moved successfully. C:\Users\Conor\AppData\Roaming\Azureus\logs folder moved successfully. C:\Users\Conor\AppData\Roaming\Azureus\dht folder moved successfully. C:\Users\Conor\AppData\Roaming\Azureus\devices folder moved successfully. C:\Users\Conor\AppData\Roaming\Azureus\active folder moved successfully. C:\Users\Conor\AppData\Roaming\Azureus folder moved successfully. ========== FILES ========== c:\program files (x86)\Vuze\plugins\azupnpav folder moved successfully. c:\program files (x86)\Vuze\plugins\azupdater folder moved successfully. c:\program files (x86)\Vuze\plugins\azrating folder moved successfully. c:\program files (x86)\Vuze\plugins\azplugins folder moved successfully. c:\program files (x86)\Vuze\plugins\azitunes folder moved successfully. c:\program files (x86)\Vuze\plugins folder moved successfully. c:\program files (x86)\Vuze\.install4j folder moved successfully. c:\program files (x86)\Vuze folder moved successfully. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Conor\Desktop\cmd.bat deleted successfully. C:\Users\Conor\Desktop\cmd.txt deleted successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7BB2A6DB-F82D-4FDA-87EC-BCEB84D4D33E} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7BB2A6DB-F82D-4FDA-87EC-BCEB84D4D33E}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\"{E87F1CE2-4A00-4D83-87BF-A6B632604566}" |-| /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CA83E4A2-897A-4918-BE18-1DEB7A268D4C}C:\program files (x86)\vuze\azureus.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DA21EF18-A3E5-4370-A9DC-47CFBC097F3F}C:\program files (x86)\vuze\azureus.exe deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Conor ->Temp folder emptied: 738403 bytes ->Temporary Internet Files folder emptied: 74303 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 38726185 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 715 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 1607517 bytes Total Files Cleaned = 39.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.58.1 log created on 08212012_223005 Files\Folders moved on Reboot... File\Folder C:\Users\Conor\AppData\Local\Temp\BIT4817.tmp not found! C:\Users\Conor\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot...
-
Extras.txt OTL Extras logfile created on: 20/08/2012 18:21:23 - Run 1 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Conor\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.61 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 60.31% Memory free 7.21 Gb Paging File | 5.29 Gb Available in Paging File | 73.41% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451.01 Gb Total Space | 392.29 Gb Free Space | 86.98% Space Free | Partition Type: NTFS Computer Name: CONOR-PC | User Name: Conor | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-3498985405-2854093996-1078918590-1002\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0F3EADCB-871A-42F6-8AD3-E1F2D0ACCE5D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{162EE2D9-984B-4AE2-B647-3A99A0C2C743}" = lport=445 | protocol=6 | dir=in | app=system | "{1B530870-5396-4294-864D-AA311F8083F8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1FD7917A-0CE9-48C1-A8E3-7EAE774E4EF6}" = rport=138 | protocol=17 | dir=out | app=system | "{23551B08-DD5F-45BB-A60A-98FCAB4F1244}" = rport=139 | protocol=6 | dir=out | app=system | "{2554ED7D-96F3-4759-8F98-C4F05BBE70B8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{28D1354A-D66C-4502-AC8C-48C780A13D7B}" = rport=445 | protocol=6 | dir=out | app=system | "{3C36F7CA-2839-4362-AE95-4D350ADEEE72}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 | "{526BA06D-4684-4D98-80A4-C3C6E96E82CB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{561A243B-F46A-44C9-A107-DD353A2AFF8B}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{5D7F767F-C21A-4400-892C-75FFF2E990DD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{60132583-49D5-40D9-8855-03AD65E35192}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 | "{7966AC72-F8C6-4756-914C-479E41988EDD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7D22D946-FAB4-4FF6-BA8F-20EE5FDBD680}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{7DCEEEAD-52C6-4457-96A2-10A5D0ECB5F7}" = lport=139 | protocol=6 | dir=in | app=system | "{94C772F0-7D44-4965-AA9D-3807FADAAFC1}" = lport=2869 | protocol=6 | dir=in | app=system | "{98C7E727-AA65-4F07-AFAA-FE835F04B41A}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | "{98E22152-FCEC-4BE3-BF7C-173CD6FE7D8E}" = rport=10243 | protocol=6 | dir=out | app=system | "{A76F88FF-EE12-4EE9-AA61-8E29981AEA2A}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 | "{B38ADF00-4311-43B5-815E-FE984EDC90C0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B67377B1-34A5-4BC6-9929-99A43D6D8C5E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BB9632FC-9B9E-4264-91B9-77A77C9B6991}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{BC400FB8-BFBD-4E72-9767-C8C2C4DBDE37}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 | "{C755C2C7-7FA9-4CF7-989F-9AA1E45D10D3}" = lport=10243 | protocol=6 | dir=in | app=system | "{D40E89D7-0064-4ACE-9F2B-792540C1D727}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | "{D6070D2E-F41B-4D40-AD79-7AFBCD8ACA80}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{D90A4E79-BDC2-46A0-B3E1-639D9A0B0AA4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{EA00D2F0-026D-4371-B97F-0DE58E77D67B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{ED56EC57-4151-4681-9EC7-48C894BDB2EB}" = rport=137 | protocol=17 | dir=out | app=system | "{ED65B1C6-0378-4494-B227-99E2DB5D7186}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EF869736-F9C4-414D-9656-73DEEF5068D8}" = lport=138 | protocol=17 | dir=in | app=system | "{F4F8D34C-C522-4F6B-811A-0A4589899FD4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F8C88083-1C97-4D7B-B9A6-5952529EADE9}" = lport=137 | protocol=17 | dir=in | app=system | "{FAA158DD-A7C1-40EC-924C-64F330ED0374}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{033AA789-6219-4608-9738-540D5DDEE3B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{06A5418F-C879-48E9-B449-66B180E6323F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{08D478CC-0F19-44F9-8D0E-01D2A06B4450}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe | "{1E90CF14-2E2D-429E-8389-DCC9AAE62CD4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{22D70FAB-D47C-4D99-870D-7ABB65C17867}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{35D1B1CE-E97D-4D75-9808-2B9D4689B3E4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{3675C852-1C50-4F95-B4BD-8FB416DDF0AE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{3731695F-D2B3-414C-A214-A566789AFB8F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{3AB05FCD-4476-4258-9640-4F0F9C4F24DD}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | "{3E097E9F-9F07-46CE-AE60-C35B057526AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{48191C4F-93FD-4FED-AC85-707A727E52F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4CAA1321-84BE-4092-A537-8B31CB0FC4C6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{4EEDF0EC-A1F5-4091-9E62-C447794AB6DF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5D288B2D-957A-4268-82EA-A723926B8CC8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{6001FAB6-61AD-4E8D-974F-3C9086BCB88F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{6127B30D-1696-4956-9B74-0A54A1B0B762}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe | "{671961C2-BD73-40E5-938E-0D9364C6C9A0}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe | "{686415E0-E526-44A3-95AD-5B7589E54899}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{7058840E-D9A9-4047-8BCF-9516CFB4502C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{7BB2A6DB-F82D-4FDA-87EC-BCEB84D4D33E}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "{7C4B0808-18D9-48C8-987D-EF772A0DF2B4}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe | "{7EFB9DBC-BD89-4BE7-8A61-EC1CB2D3E2AF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{807C7A02-59A6-4830-886D-E3D465AE1FA6}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe | "{8506368C-38BA-4CCD-B03C-5B994C91DEE2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{93DCBB58-575F-454F-A4A6-43BDE546721F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{94E37551-CFF2-416E-9C49-3C0F0894CEDD}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe | "{96D777D7-2E19-4620-BF21-9519FFE8A1DF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{98153C2A-473C-47CE-B228-87E0275A2B4D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A49F6C8F-1F3C-48DA-95B7-7F6C423A1A5F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{AEB6D2E5-571C-499C-96C9-D7ECEFD06B40}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B4B759DD-3134-4FFE-B5D3-949408645782}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{B561C8DC-FA31-483C-860A-01CD9B20AB61}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{BD59A5BA-D5D8-481A-B285-7E126AEAC2C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C2DC9DEB-0048-400F-B1AE-34E861AA7C00}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe | "{C546FD13-33C4-47B1-A248-877E3C331067}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe | "{C740DDA0-B920-4599-AC0E-D163179749B8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{CDDB6F62-CD9A-4870-8E84-2556CF535C0B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{CEC1D218-7566-4B13-8B10-9A819A64BF29}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | "{D1E5A190-05EA-41E0-BCF5-457CDE2603A1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D21FCFA2-4A02-4A07-B6FD-F579C1A6BC01}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{D4CFED25-A509-4774-B8D2-0D26DE4AF91F}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe | "{D9E6156D-B748-4640-935E-1EF4AFE43939}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe | "{DFC3BDC7-6065-449D-BDF5-EDE83AC950CA}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe | "{E7BA08E9-08F2-4370-97AC-7DD69CDD7B86}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{E7BEAC90-B253-405C-ABED-4617A2324328}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{E87F1CE2-4A00-4D83-87BF-A6B632604566}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "{EBD9598C-9696-487E-96DE-F91DFAA592E1}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe | "{F1A70A07-95ED-4366-AC45-CD02570F91A3}" = protocol=6 | dir=out | app=system | "{F2DC0C51-D2AB-4B64-B12C-AA94D3B4C247}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe | "{F544BD2C-3956-4C72-A106-C897746A05F3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F99FBC70-A151-4F88-BB26-87017DC768DF}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe | "TCP Query User{74052E7A-6865-4439-B372-49341FFAD606}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe | "TCP Query User{C46077B8-BCA8-418B-9965-4D1D9CFFBD95}C:\users\conor\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\conor\appdata\roaming\spotify\spotify.exe | "TCP Query User{CA83E4A2-897A-4918-BE18-1DEB7A268D4C}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "UDP Query User{05BD5668-1C64-4229-9130-B99D65B2F952}C:\users\conor\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\conor\appdata\roaming\spotify\spotify.exe | "UDP Query User{5CDEAA8E-193C-4446-85AD-3ADD22411339}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe | "UDP Query User{DA21EF18-A3E5-4370-A9DC-47CFBC097F3F}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport "{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java 6 Update 27 (64-bit) "{26A24AE4-039D-4CA4-87B4-2F86417006FF}" = Java 7 Update 6 (64-bit) "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software "{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6A29BC26-68EB-EE27-0775-C6A5D9880FB8}" = ATI AVIVO64 Codecs "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{8F56EA58-DCEE-8262-12AC-5C7ED4B3FE01}" = ATI Catalyst Install Manager "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{AB7F413C-C973-1E76-1500-A379C6876468}" = ccc-utility64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{D44E2164-C3EA-09BF-8396-07BFF727025A}" = AMD Media Foundation Decoders "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F82DEF3B-AB08-942C-3EA9-18277410B384}" = AMD Fuel "Dell Support Center" = Dell Support Center "DW WLAN Card" = DW WLAN Card "Matlab R2011b" = MATLAB R2011b "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2244FF47-8247-C94C-4459-0B6F57495400}" = CCC Help Hungarian "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{25AE6DBA-D866-1325-1F82-D6BFFA4D6110}" = CCC Help Chinese Standard "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java 6 Update 27 "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java 7 Update 4 "{26CE484D-2E8E-40D5-B251-158133114C69}" = TomTom HOME "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{315B5C4F-8FB3-117A-DB04-C09D99781848}" = Catalyst Control Center Profiles Mobile "{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33B2BCA3-DAAA-92E4-A612-1E25349CC439}" = Catalyst Control Center Localization All "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{400182B4-CA55-46A9-9D88-F8413DCFB36D}" = Blio "{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP "{4296F858-23E0-1875-96F4-ECAC0B65B2A5}" = CCC Help Russian "{44619C87-6A22-E5B5-B756-A4E87CF287ED}" = CCC Help Japanese "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CDFB50C-EFC7-5740-8351-9DA8327076AB}" = CCC Help Chinese Traditional "{4D6E7356-0D53-D9DF-B65E-13A44B4621C2}" = Catalyst Control Center InstallProxy "{51F2D101-6579-CA0C-0B69-DEC94C4C7EC9}" = CCC Help German "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{58DB59A3-47B7-CB43-8AAA-400A6EB3FAD3}" = CCC Help Korean "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer "{63229B8B-B757-2A22-D56B-36CA72DD401B}" = CCC Help Greek "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73B91779-D763-560C-2623-5835DFBC5016}" = CCC Help Thai "{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8B09AC97-2063-0928-0C94-7330E4AEF4D9}" = CCC Help Danish "{8B16758A-B4E4-F49C-76C4-13D2A067CC24}" = CCC Help Swedish "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{9064317A-39C7-40D5-8CF5-04A254747B88}" = BlackBerry Device Software Updater "{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback "{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage "{91CF243B-116F-965D-726C-89713A3B1922}" = CCC Help Norwegian "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{933FBD25-7171-D8B5-3E31-095750D6BD8C}" = CCC Help Finnish "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.7 "{97F75C51-951B-E04C-8CFD-25900D388693}" = CCC Help Polish "{98AB97E8-FA29-02A4-941D-222C4A83DAC3}" = AMD VISION Engine Control Center "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AD57ECE4-976A-0447-4C4C-644C6059341F}" = CCC Help Turkish "{AF4D3C63-009B-4A17-B02E-D395065DD3F0}" = Dell Stage Remote "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime "{AFEA7544-6B97-4867-A94D-1C39BA61B64F}" = Catalyst Control Center - Branding "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B106F6AB-EEC6-FCC3-1492-0A54E7B0D52E}" = CCC Help French "{B62174EB-2AE6-D3A0-381D-DA9FDBF70C82}" = CCC Help Czech "{B73009A8-78AB-47D2-9D63-99271D9457B1}" = CCC Help Italian "{BE731865-5041-3F42-C7E9-68292DB8A044}" = Catalyst Control Center Graphics Previews Common "{C594B957-CC60-589C-D825-E6406D8759F5}" = CCC Help Spanish "{C5BF5D70-6C6E-915A-A3DA-F4F86ACEEFE3}" = CCC Help Portuguese "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CED8DCFA-2DD0-49EF-377A-F414B644D8E3}" = CCC Help English "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar "{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP "{DA94A899-F439-44D1-90B6-DB02A7341170}" = BlackBerry Desktop Software 7.0 "{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}" = Dell Stage "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage "{E50FD74A-DAAC-C9D0-F9D8-EDCDD08CAB2D}" = CCC Help Dutch "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter "{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE2AE129-A29B-4C52-AC5A-24EF4F579700}" = MPLAB Tools v8.84 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "8461-7759-5462-8226" = Vuze "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Advanced Audio FX Engine" = Advanced Audio FX Engine "Audacity_is1" = Audacity 2.0 "avast" = avast! Free Antivirus "BlackBerry_Desktop" = BlackBerry Desktop Software 7.0 "Canon MP280 series User Registration" = Canon MP280 series User Registration "CanonMyPrinter" = Canon My Printer "CanonSolutionMenuEX" = Canon Solution Menu EX "Dell Webcam Central" = Dell Webcam Central "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX "Easy-WebPrint EX" = Canon Easy-WebPrint EX "ESET Online Scanner" = ESET Online Scanner v3 "FileHippo.com" = FileHippo.com Update Checker "Foxit Reader_is1" = Foxit Reader "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.25.627 "Google Chrome" = Google Chrome "InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage "InstallShield_{FE2AE129-A29B-4C52-AC5A-24EF4F579700}" = MPLAB Tools v8.84 "LAME_is1" = LAME v3.99.3 (for Windows) "LTspice IV" = LTspice IV "MagicDisc 2.7.106" = MagicDisc 2.7.106 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0 "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "PICC 9.83" = HI-TECH C Compiler for the PIC10/12/16 MCUs V9.83PL0 "PSpice Student" = PSpice Student 9.1 "Rapport_msi" = Rapport "VLC media player" = VLC media player 2.0.3 "WildTangent dell Master Uninstall" = WildTangent Games "WinLiveSuite" = Windows Live Essentials "WT089409" = Bejeweled 2 Deluxe "WT089410" = Blackhawk Striker 2 "WT089411" = Build-a-lot 2 "WT089412" = Cake Mania "WT089413" = Chuzzle Deluxe "WT089414" = Diner Dash 2 Restaurant Rescue "WT089415" = Dora's World Adventure "WT089418" = FATE "WT089420" = Jewel Quest "WT089422" = Jewel Quest Solitaire 2 "WT089426" = Poker Superstars III "WT089430" = Virtual Villagers 4 - The Tree of Life "WT089433" = Polar Golfer "WT089434" = Escape Whisper Valley "WT089440" = Namco All-Stars PAC-MAN "WT089443" = Bounce Symphony "WT089444" = Final Drive Nitro "WT089445" = Penguins! "WT089446" = Wedding Dash - Ready, Aim, Love! "WT089448" = Zuma Deluxe "WT089450" = Farm Frenzy "WT089452" = Plants vs. Zombies - Game of the Year "WT089499" = Final Drive Fury "WT089503" = Samantha Swift "WT089507" = Luxor "WT089508" = Polar Bowler "ZinioReader4" = Zinio Reader 4 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3498985405-2854093996-1078918590-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Spotify" = Spotify "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11/08/2012 12:41:05 | Computer Name = Conor-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11/08/2012 12:41:05 | Computer Name = Conor-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6427 Error - 11/08/2012 12:41:05 | Computer Name = Conor-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6427 Error - 11/08/2012 12:41:07 | Computer Name = Conor-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11/08/2012 12:41:07 | Computer Name = Conor-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 7581 Error - 11/08/2012 12:41:07 | Computer Name = Conor-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 7581 Error - 11/08/2012 12:41:10 | Computer Name = Conor-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11/08/2012 12:41:10 | Computer Name = Conor-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 10639 Error - 11/08/2012 12:41:10 | Computer Name = Conor-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 10639 Error - 11/08/2012 13:31:10 | Computer Name = Conor-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11/08/2012 13:31:10 | Computer Name = Conor-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 3011349 [ Dell Events ] Error - 11/03/2012 10:41:42 | Computer Name = Conor-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 11/03/2012 10:41:42 | Computer Name = Conor-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 11/03/2012 17:23:59 | Computer Name = Conor-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 11/03/2012 17:23:59 | Computer Name = Conor-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 13/03/2012 12:40:28 | Computer Name = Conor-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. [ System Events ] Error - 19/08/2012 17:06:51 | Computer Name = Conor-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 22:05:22 on ?19/?08/?2012 was unexpected. Error - 19/08/2012 17:27:19 | Computer Name = Conor-PC | Source = DCOM | ID = 10010 Description = Error - 19/08/2012 18:09:29 | Computer Name = Conor-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. Error - 19/08/2012 18:09:59 | Computer Name = Conor-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. Error - 19/08/2012 18:40:06 | Computer Name = Conor-PC | Source = DCOM | ID = 10010 Description = Error - 20/08/2012 13:11:42 | Computer Name = Conor-PC | Source = DCOM | ID = 10010 Description = Error - 20/08/2012 13:11:52 | Computer Name = Conor-PC | Source = WMPNetworkSvc | ID = 866300 Description = Error - 20/08/2012 14:28:20 | Computer Name = Conor-PC | Source = DCOM | ID = 10010 Description = Error - 20/08/2012 14:28:20 | Computer Name = Conor-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service. Error - 20/08/2012 14:28:20 | Computer Name = Conor-PC | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. < End of report >
-
Here you go: OTL.txt OTL logfile created on: 20/08/2012 18:21:23 - Run 1 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Conor\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.61 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 60.31% Memory free 7.21 Gb Paging File | 5.29 Gb Available in Paging File | 73.41% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451.01 Gb Total Space | 392.29 Gb Free Space | 86.98% Space Free | Partition Type: NTFS Computer Name: CONOR-PC | User Name: Conor | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/19 23:13:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Conor\Desktop\OTL.exe PRC - [2012/07/29 20:52:22 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe PRC - [2012/07/29 20:52:20 | 001,673,048 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe PRC - [2012/07/10 12:06:06 | 000,932,528 | ---- | M] () -- C:\Users\Conor\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012/07/03 17:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012/07/03 17:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012/06/21 05:01:58 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe PRC - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE PRC - [2012/02/06 18:26:08 | 000,066,872 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe PRC - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe PRC - [2011/09/06 18:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe PRC - [2011/08/18 16:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe PRC - [2011/08/18 16:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe PRC - [2011/08/01 18:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe PRC - [2011/06/29 15:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe PRC - [2011/06/28 02:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe PRC - [2011/04/30 01:18:16 | 000,885,760 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe PRC - [2011/04/13 17:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe PRC - [2011/01/13 22:56:42 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2010/11/17 17:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe PRC - [2010/04/02 11:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2009/02/23 20:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe ========== Modules (No Company Name) ========== MOD - [2012/07/27 22:41:55 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll MOD - [2012/07/10 12:06:06 | 000,932,528 | ---- | M] () -- C:\Users\Conor\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe MOD - [2012/06/14 18:23:26 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll MOD - [2012/06/14 18:22:52 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012/06/14 18:22:35 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012/06/14 18:22:28 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll MOD - [2012/05/12 03:06:09 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll MOD - [2012/05/11 03:41:07 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll MOD - [2012/05/11 03:38:42 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012/05/11 03:38:31 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/11 03:38:23 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/11 03:38:21 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/11 03:38:02 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012/02/06 18:26:08 | 000,066,872 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe MOD - [2012/02/01 14:43:10 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll MOD - [2011/08/18 16:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe MOD - [2011/06/29 15:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe MOD - [2011/06/28 02:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe MOD - [2011/06/28 02:25:30 | 000,058,944 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\DataService.dll MOD - [2011/06/25 06:21:46 | 000,322,624 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll MOD - [2011/06/25 06:20:26 | 000,565,968 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll MOD - [2011/04/30 01:18:16 | 000,885,760 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe MOD - [2011/04/30 01:13:50 | 002,225,664 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll MOD - [2011/04/30 01:13:48 | 007,938,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll MOD - [2010/11/25 05:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll MOD - [2010/11/17 17:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe MOD - [2010/03/22 22:52:42 | 006,776,832 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll MOD - [2010/03/17 03:28:28 | 000,326,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll MOD - [2010/03/17 03:28:16 | 000,635,904 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll MOD - [2010/03/17 03:28:04 | 001,926,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll MOD - [2010/03/12 02:52:34 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll MOD - [2010/03/12 02:52:34 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll MOD - [2010/03/05 22:07:58 | 000,125,952 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll MOD - [2010/03/05 22:07:58 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/07/03 17:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2011/08/06 08:44:20 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011/08/06 08:14:06 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2011/05/27 20:06:16 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:64bit: - [2011/01/13 22:56:40 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2010/09/23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/03/03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV - [2012/08/19 22:03:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/29 20:52:22 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService) SRV - [2012/06/21 05:01:58 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2012/02/29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate) SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc) SRV - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011/08/18 16:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService) SRV - [2010/11/25 12:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12) SRV - [2010/11/25 12:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM) SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/03/18 20:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/07/29 20:52:38 | 000,101,688 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64) DRV:64bit: - [2012/07/03 17:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012/07/03 17:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012/07/03 17:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012/07/03 17:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012/07/03 17:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012/07/03 17:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012/04/10 20:04:32 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/08/18 23:40:08 | 004,719,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2011/08/18 23:39:52 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2011/08/18 23:39:52 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2011/08/18 23:39:50 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL) DRV:64bit: - [2011/08/18 23:39:50 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2011/08/18 23:39:50 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2011/08/06 12:33:18 | 009,361,408 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/08/06 08:01:50 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011/07/25 18:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:64bit: - [2011/07/20 15:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort) DRV:64bit: - [2011/06/16 23:08:26 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2011/06/16 23:08:24 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2011/05/27 20:06:16 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011/05/17 07:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/04/01 04:35:12 | 000,355,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2011/03/30 23:46:46 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/01/20 18:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2010/11/29 13:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/10/30 01:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010/03/19 10:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010/02/18 16:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus) DRV:64bit: - [2006/11/01 19:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2012/08/12 18:30:21 | 000,397,720 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys -- (RapportCerberus_42020) DRV - [2012/07/29 20:52:40 | 000,055,096 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64) DRV - [2012/07/29 20:52:38 | 000,297,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3498985405-2854093996-1078918590-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-21-3498985405-2854093996-1078918590-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3498985405-2854093996-1078918590-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB IE - HKU\S-1-5-21-3498985405-2854093996-1078918590-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A6 A9 3B 21 08 7E CD 01 [binary data] IE - HKU\S-1-5-21-3498985405-2854093996-1078918590-1002\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} IE - HKU\S-1-5-21-3498985405-2854093996-1078918590-1002\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=BBA1457895073553F18E0C2C&q={searchTerms} IE - HKU\S-1-5-21-3498985405-2854093996-1078918590-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3498985405-2854093996-1078918590-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.co.uk" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Conor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/12 11:07:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/12 11:07:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/01 15:57:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Conor\AppData\Roaming\Mozilla\Extensions [2012/07/30 21:46:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Conor\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com [2012/08/12 11:08:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\extensions [2012/08/17 05:51:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\3ookyrzc.default\extensions [2012/03/31 11:21:16 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\3ookyrzc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012/06/10 00:34:19 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\3ookyrzc.default\extensions\anttoolbar@ant.com [2012/07/31 20:43:29 | 000,002,519 | ---- | M] () -- C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\3ookyrzc.default\searchplugins\Search_Results.xml [2012/08/01 15:57:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/08/12 11:07:34 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012/08/17 05:51:39 | 000,341,151 | ---- | M] () (No name found) -- C:\USERS\CONOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3OOKYRZC.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI [2012/07/29 18:59:10 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll ========== Chrome ========== CHR - homepage: http://www.searchnu.com/102 CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: http://www.searchnu.com/102 CHR - Extension: No name found = C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\ CHR - Extension: No name found = C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/08/19 13:10:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () O4:64bit: - HKLM..\Run: [stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe () O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe () O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe () O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [RoxWatchTray] c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-3498985405-2854093996-1078918590-1002..\Run: [spotify Web Helper] C:\Users\Conor\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - Startup: C:\Users\Conor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3498985405-2854093996-1078918590-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3498985405-2854093996-1078918590-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Conor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Conor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Reg Error: Value error.) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.6.2) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.4.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}: DhcpNameServer = 192.168.2.1 O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/08/19 23:31:20 | 000,000,000 | ---D | C] -- C:\Users\Conor\AppData\Local\Macromedia [2012/08/19 23:13:25 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Conor\Desktop\OTL.exe [2012/08/19 22:03:06 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed [2012/08/19 21:33:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software [2012/08/19 13:46:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/08/19 13:25:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/08/19 13:16:02 | 000,000,000 | ---D | C] -- C:\windows\temp [2012/08/19 12:31:05 | 000,000,000 | ---D | C] -- C:\ComboFix [2012/08/16 21:14:31 | 000,000,000 | ---D | C] -- C:\Users\Conor\AppData\Local\{8A255FD5-3D2E-4456-8523-9B90AFCD68E7} [2012/08/16 21:14:17 | 000,000,000 | ---D | C] -- C:\Users\Conor\AppData\Local\{C4D4969A-5080-468C-BB99-DFBB59240065} [2012/08/15 06:08:49 | 000,000,000 | ---D | C] -- C:\Users\Conor\AppData\Local\{340041CE-2AA9-4489-8F1E-D79E182B6342} [2012/08/14 20:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO [2012/08/14 19:32:03 | 000,000,000 | ---D | C] -- C:\windows\Minidump [2012/08/14 17:17:19 | 000,000,000 | ---D | C] -- C:\Users\Conor\AppData\Local\{A1D7985D-5917-4D45-B60B-D16F597A4239} [2012/08/13 21:44:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2012/08/13 21:44:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2012/08/13 21:44:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2012/08/13 21:29:29 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/08/13 21:28:21 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2012/08/13 21:25:04 | 004,735,580 | R--- | C] (Swearware) -- C:\Users\Conor\Desktop\ComboFix.exe [2012/08/12 13:32:47 | 000,000,000 | ---D | C] -- C:\Users\Conor\AppData\Local\{634BD4C6-3AAF-46D2-9FF4-EF495C19CF6E} [2012/08/12 12:49:44 | 000,000,000 | ---D | C] -- C:\Users\Conor\AppData\Local\{6C222671-0455-4121-AC85-68803098084C} [2012/08/12 10:44:49 | 000,000,000 | ---D | C] -- C:\found.001 [2012/08/12 00:03:07 | 000,000,000 | ---D | C] -- C:\Users\Conor\AppData\Local\blekkotb [2012/08/11 19:51:53 | 000,000,000 | ---D | C] -- C:\Users\Conor\AppData\Local\{04D2246A-5816-4A1F-8A0B-A21AC21814BF} [2012/08/11 19:51:40 | 000,000,000 | ---D | C] -- C:\Users\Conor\AppData\Local\{0D62A33A-F082-4211-B383-A54E11C0A491} [2012/08/11 10:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012/08/11 10:54:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012/08/10 23:20:59 | 000,000,000 | ---D | C] -- C:\Users\Conor\AppData\Local\{538A0B49-DDA4-4D6E-ABCF-C43B1EEA1FE3} [2012/08/10 23:20:15 | 000,000,000 | ---D | C] -- C:\Users\Conor\AppData\Local\{B38A521B-5601-4AF6-990D-29798169518D} [2012/08/10 21:47:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2012/08/10 21:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012/08/10 15:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis [2012/08/09 23:20:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/08/09 22:19:53 | 000,000,000 | ---D | C] -- C:\Users\Conor\AppData\Roaming\Auslogics [2012/08/09 22:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics [2012/08/09 22:19:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics [2012/08/09 18:59:36 | 000,000,000 | ---D | C] -- C:\Users\Conor\AppData\Local\{45BDF70A-CF60-4785-B98E-C8F267D5A0C7} [2012/08/09 18:59:23 | 000,000,000 | ---D | C] -- C:\Users\Conor\AppData\Local\{1805E12F-01DE-4F4F-8019-C0846BBC107F} [2012/08/08 20:09:45 | 000,000,000 | ---D | C] -- C:\Users\Conor\AppData\Local\{3966E704-090F-490C-85C8-864BC135F5F6} [2012/08/08 20:09:32 | 000,000,000 | ---D | C] -- C:\Users\Conor\AppData\Local\{D21133A8-6EC2-4C35-87F9-D8B20824879D} [2012/08/06 18:08:48 | 000,000,000 | ---D | C] -- C:\Users\Conor\AppData\Local\{B68F97F3-6AE2-469B-AE86-559BFB25FF63} [2012/08/06 18:08:34 | 000,000,000 | ---D | C] -- C:\Users\Conor\AppData\Local\{450A9525-0FC0-4E39-9C13-EA2815215BB8} [2012/08/05 22:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012/08/05 22:01:53 | 000,000,000 | ---D | C] -- C:\Users\Conor\Tracing [2012/08/05 21:46:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com [2012/08/01 22:57:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2012/08/01 22:56:18 | 000,000,000 | ---D | C] -- C:\Users\Conor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2012/08/01 21:41:35 | 000,000,000 | ---D | C] -- C:\Users\Conor\Desktop\Hima-Sella Documents [2012/08/01 18:02:47 | 000,000,000 | ---D | C] -- C:\Users\Conor\Desktop\zip [2012/08/01 15:33:46 | 000,000,000 | ---D | C] -- C:\Users\Conor\AppData\Roaming\WinRAR [2012/08/01 15:06:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload [2012/08/01 14:10:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\smartdl [2012/08/01 11:53:37 | 000,000,000 | ---D | C] -- C:\Users\Conor\Desktop\Speed cameras [2012/07/31 19:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TomTom [2012/07/31 19:50:45 | 000,000,000 | ---D | C] -- C:\Users\Conor\Desktop\TomTom XL copy [2012/07/30 21:46:38 | 000,000,000 | ---D | C] -- C:\Users\Conor\Documents\TomTom [2012/07/30 21:46:19 | 000,000,000 | ---D | C] -- C:\Users\Conor\AppData\Roaming\TomTom [2012/07/30 21:46:19 | 000,000,000 | ---D | C] -- C:\Users\Conor\AppData\Local\TomTom [2012/07/30 21:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom [2012/07/30 21:45:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom HOME 2 [2012/07/30 21:43:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom International B.V [2012/07/30 21:01:43 | 000,000,000 | ---D | C] -- C:\Users\Conor\Desktop\TomTom Copy [1 C:\Users\Conor\Desktop\*.tmp files -> C:\Users\Conor\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/08/20 18:30:04 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/08/20 18:25:12 | 000,000,506 | ---- | M] () -- C:\windows\tasks\SystemToolsDailyTest.job [2012/08/20 18:20:10 | 000,778,834 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/08/20 18:20:10 | 000,664,780 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/08/20 18:20:10 | 000,125,484 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/08/20 18:19:59 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/20 18:19:59 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/20 18:11:12 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/08/20 18:10:14 | 000,000,892 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/08/20 18:09:44 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/08/20 18:09:26 | 2903,519,232 | -HS- | M] () -- C:\hiberfil.sys [2012/08/19 23:13:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Conor\Desktop\OTL.exe [2012/08/19 22:25:43 | 000,001,975 | ---- | M] () -- C:\Users\Conor\Desktop\Update Checker.lnk [2012/08/19 22:25:28 | 000,264,271 | ---- | M] () -- C:\Users\Conor\Desktop\FHSetup.exe [2012/08/19 21:34:11 | 000,001,132 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2012/08/19 13:10:27 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2012/08/19 12:29:41 | 004,735,580 | R--- | M] (Swearware) -- C:\Users\Conor\Desktop\ComboFix.exe [2012/08/19 12:27:16 | 000,003,849 | ---- | M] () -- C:\windows\scad3.INI [2012/08/16 05:00:31 | 000,460,056 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012/08/14 19:32:18 | 000,000,564 | ---- | M] () -- C:\windows\tasks\PCDoctorBackgroundMonitorTask.job [2012/08/14 19:31:58 | 508,998,758 | ---- | M] () -- C:\windows\MEMORY.DMP [2012/08/12 16:37:17 | 000,001,252 | ---- | M] () -- C:\Users\Conor\Desktop\Auslogics Disk Defrag.lnk [2012/08/12 11:12:37 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012/08/12 11:12:35 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt [2012/08/12 10:49:10 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat [2012/08/05 22:04:04 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012/08/05 20:38:32 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/08/01 22:57:59 | 000,002,975 | ---- | M] () -- C:\Users\Conor\Desktop\HiJackThis.lnk [2012/08/01 15:06:53 | 000,000,447 | ---- | M] () -- C:\user.js [2012/07/30 21:41:35 | 032,948,928 | ---- | M] () -- C:\Users\Conor\Desktop\TomTomHOME2winlatest.exe [2012/07/29 20:52:38 | 000,101,688 | ---- | M] (Trusteer Ltd.) -- C:\windows\SysNative\drivers\RapportKE64.sys [1 C:\Users\Conor\Desktop\*.tmp files -> C:\Users\Conor\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/08/19 22:25:23 | 000,264,271 | ---- | C] () -- C:\Users\Conor\Desktop\FHSetup.exe [2012/08/19 22:21:44 | 000,001,975 | ---- | C] () -- C:\Users\Conor\Desktop\Update Checker.lnk [2012/08/19 22:03:13 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/08/19 21:34:11 | 000,001,132 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2012/08/14 19:31:58 | 508,998,758 | ---- | C] () -- C:\windows\MEMORY.DMP [2012/08/13 21:44:52 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2012/08/13 21:44:52 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2012/08/13 21:44:52 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2012/08/13 21:44:52 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2012/08/13 21:44:52 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2012/08/12 16:37:17 | 000,001,252 | ---- | C] () -- C:\Users\Conor\Desktop\Auslogics Disk Defrag.lnk [2012/08/12 10:49:10 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat [2012/08/05 22:04:04 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012/08/01 22:56:18 | 000,002,975 | ---- | C] () -- C:\Users\Conor\Desktop\HiJackThis.lnk [2012/08/01 15:06:51 | 000,000,447 | ---- | C] () -- C:\user.js [2012/07/30 21:40:22 | 032,948,928 | ---- | C] () -- C:\Users\Conor\Desktop\TomTomHOME2winlatest.exe [2012/05/18 16:17:00 | 000,000,045 | ---- | C] () -- C:\Users\Conor\jagex_cl_runescape_LIVE1.dat [2012/05/18 16:11:43 | 000,000,044 | ---- | C] () -- C:\Users\Conor\jagex_cl_runescape_LIVE.dat [2012/05/18 16:11:43 | 000,000,024 | ---- | C] () -- C:\Users\Conor\random.dat [2012/04/19 21:33:34 | 000,002,700 | ---- | C] () -- C:\windows\PSPICEEV.INI [2012/04/19 21:33:25 | 000,043,008 | ---- | C] () -- C:\windows\SysWow64\ltfil60n.dll [2012/04/19 21:33:25 | 000,019,456 | ---- | C] () -- C:\windows\SysWow64\lfwpg60n.dll [2012/04/19 21:33:25 | 000,019,456 | ---- | C] () -- C:\windows\SysWow64\lfwmf60n.dll [2012/04/19 21:33:24 | 000,110,080 | ---- | C] () -- C:\windows\SysWow64\lfpng60n.dll [2012/04/19 21:33:24 | 000,046,080 | ---- | C] () -- C:\windows\SysWow64\lftif60n.dll [2012/04/19 21:33:24 | 000,023,552 | ---- | C] () -- C:\windows\SysWow64\lfpcx60n.dll [2012/04/19 21:33:24 | 000,022,528 | ---- | C] () -- C:\windows\SysWow64\lfpct60n.dll [2012/04/19 21:33:24 | 000,020,480 | ---- | C] () -- C:\windows\SysWow64\lfpsd60n.dll [2012/04/19 21:33:24 | 000,019,968 | ---- | C] () -- C:\windows\SysWow64\lftga60n.dll [2012/04/19 21:33:24 | 000,018,432 | ---- | C] () -- C:\windows\SysWow64\lfmsp60n.dll [2012/04/19 21:33:23 | 000,176,128 | ---- | C] () -- C:\windows\SysWow64\lffax60n.dll [2012/04/19 21:33:23 | 000,141,824 | ---- | C] () -- C:\windows\SysWow64\lfcmp60n.dll [2012/04/19 21:33:23 | 000,022,528 | ---- | C] () -- C:\windows\SysWow64\lfeps60n.dll [2012/04/19 21:33:23 | 000,022,016 | ---- | C] () -- C:\windows\SysWow64\lfbmp60n.dll [2012/04/19 21:33:23 | 000,017,920 | ---- | C] () -- C:\windows\SysWow64\lfmac60n.dll [2012/04/19 21:33:23 | 000,017,920 | ---- | C] () -- C:\windows\SysWow64\implode.dll [2012/04/19 19:44:31 | 000,003,849 | ---- | C] () -- C:\windows\scad3.INI [2012/04/07 23:08:56 | 000,005,632 | ---- | C] () -- C:\Users\Conor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/02/13 07:31:00 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\MPMapTrace.dll [2012/02/13 06:40:18 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\mpPathan.dll [2011/11/27 23:37:58 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2011/11/27 23:33:28 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini [2011/11/27 23:32:39 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini [2011/11/27 23:32:39 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini [2011/11/27 23:32:39 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini [2011/11/27 23:32:39 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini [2011/11/27 23:32:39 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini [2011/11/27 23:01:42 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2011/11/27 22:54:00 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll [2011/11/27 22:44:57 | 000,764,746 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011/08/06 08:47:32 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll [2011/07/29 12:40:44 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini [2011/07/29 12:40:44 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini ========== LOP Check ========== [2012/05/01 23:24:08 | 000,000,000 | ---D | M] -- C:\Users\Conor\AppData\Roaming\Audacity [2012/08/12 16:33:58 | 000,000,000 | ---D | M] -- C:\Users\Conor\AppData\Roaming\Auslogics [2012/08/12 11:08:04 | 000,000,000 | ---D | M] -- C:\Users\Conor\AppData\Roaming\Azureus [2012/03/12 17:51:55 | 000,000,000 | ---D | M] -- C:\Users\Conor\AppData\Roaming\Canon [2012/07/06 00:31:13 | 000,000,000 | ---D | M] -- C:\Users\Conor\AppData\Roaming\DVDVideoSoft [2012/03/31 11:21:15 | 000,000,000 | ---D | M] -- C:\Users\Conor\AppData\Roaming\DVDVideoSoftIEHelpers [2012/03/11 15:22:06 | 000,000,000 | ---D | M] -- C:\Users\Conor\AppData\Roaming\Fingertapps [2012/03/27 14:34:37 | 000,000,000 | ---D | M] -- C:\Users\Conor\AppData\Roaming\IDT [2012/03/11 15:21:49 | 000,000,000 | ---D | M] -- C:\Users\Conor\AppData\Roaming\Leadertech [2012/05/03 22:24:14 | 000,000,000 | ---D | M] -- C:\Users\Conor\AppData\Roaming\Microchip [2012/04/15 21:26:50 | 000,000,000 | ---D | M] -- C:\Users\Conor\AppData\Roaming\Namco [2012/03/22 17:55:07 | 000,000,000 | ---D | M] -- C:\Users\Conor\AppData\Roaming\PCDr [2012/03/11 17:29:25 | 000,000,000 | ---D | M] -- C:\Users\Conor\AppData\Roaming\Research In Motion [2012/07/10 18:45:17 | 000,000,000 | ---D | M] -- C:\Users\Conor\AppData\Roaming\Spotify [2012/08/12 11:06:01 | 000,000,000 | ---D | M] -- C:\Users\Conor\AppData\Roaming\TomTom [2012/03/14 19:19:44 | 000,000,000 | ---D | M] -- C:\Users\Conor\AppData\Roaming\Windows Live Writer [2012/08/14 19:32:18 | 000,000,564 | ---- | M] () -- C:\windows\Tasks\PCDoctorBackgroundMonitorTask.job [2012/08/02 09:41:45 | 000,032,570 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT [2012/08/20 18:25:12 | 000,000,506 | ---- | M] () -- C:\windows\Tasks\SystemToolsDailyTest.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:07BF512B < End of report >
-
All programs updated, but its still doing it what I will say is I'm having problems with my ISP for the last 10 days or so, so it may be that. If you are happy my PC is 99-100% clear (HJT log below) then I'll take your word on it may I request that this thrad stays open just in case its not my ISP (max 2 weeks) that is causing the problem? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:14:31, on 19/08/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16448) Boot mode: Normal Running processes: C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe C:\Users\Conor\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe C:\Program Files (x86)\MagicDisc\MagicDisc.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\windows\SysWOW64\RunDll32.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe C:\windows\SysWOW64\DllHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" O4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Conor\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Conor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CS1\Services\Tcpip\..\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CS2\Services\Tcpip\..\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 8.26.56.26,156.154.70.22 O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: RoxMediaDB12OEM - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13151 bytes
-
Thank you Results of screen317's Security Check version 0.99.46 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.62.0.1300 JavaFX 2.1.0 Java 6 Update 27 Java 7 Update 4 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Mozilla Firefox (14.0.1) Google Chrome 21.0.1180.77 Google Chrome 21.0.1180.79 ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
-
Definitely better! Althought I very often get a (not responding) message whilst opening another tab on Firefox :/ so I'm not sure if you know a solution to that? Been a massive help!!
-
This was all the log said: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK However the two threats that were found I exprted to another text file: C:\Users\Conor\Downloads\cnet2_setup_magicdisc106_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined C:\Windows\KMSEmulator.exe a variant of Win32/HackKMS.A application cleaned by deleting - quarantined