ccfc1987
-
Posts
61 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by ccfc1987
-
ComboFix 12-08-18.03 - Conor 19/08/2012 12:34:22.4.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3692.2237 [GMT 1:00] Running from: c:\users\Conor\Desktop\ComboFix.exe Command switches used :: c:\users\Conor\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\PCDr\5907\Downloads\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll . . ((((((((((((((((((((((((( Files Created from 2012-07-19 to 2012-08-19 ))))))))))))))))))))))))))))))) . . 2012-08-19 12:10 . 2012-08-19 12:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-15 22:12 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys 2012-08-15 15:52 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll 2012-08-15 15:52 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll 2012-08-15 15:52 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll 2012-08-15 15:52 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll 2012-08-15 15:52 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe 2012-08-15 15:52 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe 2012-08-15 15:52 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2012-08-15 15:52 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll 2012-08-15 15:52 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll 2012-08-15 15:52 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll 2012-08-15 15:52 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll 2012-08-15 15:52 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-08-15 15:51 . 2012-06-29 10:04 9133488 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F0A7F8CF-61C5-467C-81FD-FE7742E58FC9}\mpengine.dll 2012-08-12 09:44 . 2012-08-12 09:44 -------- d-----w- C:\found.001 2012-08-11 23:03 . 2012-08-11 23:03 -------- d-----w- c:\users\Conor\AppData\Local\blekkotb 2012-08-11 09:54 . 2012-08-12 10:07 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-08-11 09:54 . 2012-08-12 09:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-08-10 20:47 . 2012-08-12 10:07 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-08-10 20:46 . 2012-08-12 10:07 -------- d-----w- c:\program files\Microsoft Security Client 2012-08-09 22:20 . 2012-08-12 10:07 -------- d-----w- c:\program files\CCleaner 2012-08-09 21:19 . 2012-08-12 15:33 -------- d-----w- c:\users\Conor\AppData\Roaming\Auslogics 2012-08-09 21:19 . 2012-08-12 15:34 -------- d-----w- c:\program files (x86)\Auslogics 2012-08-05 21:01 . 2012-08-09 21:20 -------- d-----w- c:\users\Conor\Tracing 2012-08-05 20:46 . 2012-08-12 10:07 -------- d-----w- c:\program files (x86)\FileHippo.com 2012-08-01 22:05 . 2012-08-15 21:59 62134624 ----a-w- c:\windows\system32\MRT.exe 2012-08-01 21:57 . 2012-08-01 21:57 388096 ----a-r- c:\users\Conor\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-08-01 21:57 . 2012-08-12 09:59 -------- d-----w- c:\program files (x86)\Trend Micro 2012-08-01 14:18 . 2012-08-01 14:18 203576 ----a-w- c:\windows\SysWow64\richtx32.ocx 2012-08-01 14:18 . 2012-08-01 14:18 124688 ----a-w- c:\windows\SysWow64\mswinsck.ocx 2012-08-01 14:06 . 2012-08-01 14:06 447 ----a-w- C:\user.js 2012-08-01 14:06 . 2012-08-01 14:08 -------- d-----w- c:\program files (x86)\1ClickDownload 2012-08-01 13:10 . 2012-08-12 10:07 -------- d-----w- c:\program files (x86)\smartdl 2012-07-31 18:51 . 2012-07-31 18:51 -------- d-----w- c:\programdata\TomTom 2012-07-30 20:46 . 2012-08-12 10:06 -------- d-----w- c:\users\Conor\AppData\Roaming\TomTom 2012-07-30 20:46 . 2012-08-12 10:05 -------- d-----w- c:\users\Conor\AppData\Local\TomTom 2012-07-30 20:45 . 2012-08-12 10:07 -------- d-----w- c:\program files (x86)\TomTom HOME 2 2012-07-30 20:43 . 2012-08-12 09:59 -------- d-----w- c:\program files (x86)\TomTom International B.V 2012-07-27 21:39 . 2012-07-27 21:39 -------- d-----w- c:\users\Default\AppData\Local\Trusteer . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-05 20:56 . 2011-11-27 21:40 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-29 19:52 . 2012-07-05 11:05 101688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys 2012-07-03 16:21 . 2012-05-03 13:07 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-07-03 16:21 . 2012-05-03 13:07 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-03 16:21 . 2012-05-03 13:07 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-07-03 16:21 . 2012-05-03 13:07 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-07-03 16:21 . 2012-05-03 13:07 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-07-03 16:21 . 2012-05-03 13:07 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-07-03 16:21 . 2012-05-03 13:06 41224 ----a-w- c:\windows\avastSS.scr 2012-07-03 16:21 . 2012-05-03 13:06 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-07-03 16:21 . 2012-05-03 13:07 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-07-03 12:46 . 2012-05-03 13:03 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-22 15:32 . 2012-07-05 23:25 405144 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll 2012-06-20 12:39 . 2012-06-20 12:39 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-06-19 15:02 . 2012-06-19 15:02 53248 ----a-r- c:\users\Conor\AppData\Roaming\Microsoft\Installer\{9064317A-39C7-40D5-8CF5-04A254747B88}\ARPPRODUCTICON.exe 2012-06-09 05:43 . 2012-07-11 13:04 14172672 ----a-w- c:\windows\system32\shell32.dll 2012-06-06 06:06 . 2012-07-11 13:05 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 06:06 . 2012-07-11 13:04 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 06:02 . 2012-07-11 13:04 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-06-06 05:05 . 2012-07-11 13:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-06-06 05:05 . 2012-07-11 13:04 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-06-06 05:03 . 2012-07-11 13:04 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-06-02 22:19 . 2012-06-26 23:01 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-26 23:01 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-26 23:01 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-26 23:01 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-26 23:01 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-26 23:01 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-26 23:01 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 14:19 . 2012-06-26 23:00 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 14:15 . 2012-06-26 23:00 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 05:50 . 2012-07-11 13:04 458704 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 05:48 . 2012-07-11 13:04 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 05:48 . 2012-07-11 13:04 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 05:45 . 2012-07-11 13:04 340992 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 05:44 . 2012-07-11 13:04 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-06-02 04:40 . 2012-07-11 13:04 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-06-02 04:40 . 2012-07-11 13:04 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-06-02 04:39 . 2012-07-11 13:04 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34 . 2012-07-11 13:04 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-05-31 11:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-08-13_21.22.13 ))))))))))))))))))))))))))))))))))))))))) . + 2012-08-15 15:52 . 2012-07-04 21:16 57344 c:\windows\SysWOW64\netapi32.dll + 2012-08-15 22:09 . 2012-06-29 00:01 73216 c:\windows\SysWOW64\mshtmled.dll - 2012-07-15 15:24 . 2012-06-02 08:17 73216 c:\windows\SysWOW64\mshtmled.dll - 2012-07-15 15:23 . 2012-06-02 08:22 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll + 2012-08-15 22:09 . 2012-06-29 00:06 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll + 2012-08-15 22:09 . 2012-06-29 00:06 65024 c:\windows\SysWOW64\jsproxy.dll - 2012-07-15 15:23 . 2012-06-02 08:21 65024 c:\windows\SysWOW64\jsproxy.dll + 2009-07-14 04:54 . 2012-08-19 11:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-08-13 20:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-08-05 21:14 . 2012-08-19 11:23 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2012-08-05 21:14 . 2012-08-13 20:37 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-08-13 20:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-08-19 11:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-11-21 03:09 . 2012-08-19 11:24 53632 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-08-19 11:24 54662 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2012-03-11 14:21 . 2012-08-19 11:24 13844 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3498985405-2854093996-1078918590-1002_UserData.bin - 2012-07-15 15:24 . 2012-06-02 11:57 96768 c:\windows\system32\mshtmled.dll + 2012-08-15 22:09 . 2012-06-29 03:40 96768 c:\windows\system32\mshtmled.dll - 2012-07-15 15:23 . 2012-06-02 12:03 86528 c:\windows\system32\migration\WininetPlugin.dll + 2012-08-15 22:09 . 2012-06-29 03:46 86528 c:\windows\system32\migration\WininetPlugin.dll - 2012-07-15 15:23 . 2012-06-02 12:03 85504 c:\windows\system32\jsproxy.dll + 2012-08-15 22:09 . 2012-06-29 03:45 85504 c:\windows\system32\jsproxy.dll - 2009-07-14 05:30 . 2012-06-19 18:31 86016 c:\windows\system32\DriverStore\infpub.dat + 2009-07-14 05:30 . 2012-08-16 03:58 86016 c:\windows\system32\DriverStore\infpub.dat + 2011-11-27 21:27 . 2011-04-28 03:54 80384 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\BTHUSB.SYS + 2009-07-14 00:06 . 2009-07-14 00:06 41984 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthenum.sys - 2009-07-14 04:46 . 2012-08-05 21:23 99680 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2009-07-14 04:46 . 2012-08-17 13:27 99680 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2012-03-11 14:47 . 2012-07-15 15:26 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe + 2012-03-11 14:47 . 2012-08-15 22:11 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe + 2012-03-11 14:47 . 2012-08-15 22:11 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe - 2012-03-11 14:47 . 2012-07-15 15:26 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe + 2012-03-11 14:47 . 2012-08-15 22:11 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe - 2012-03-11 14:47 . 2012-07-15 15:26 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe - 2012-08-13 20:37 . 2012-08-13 20:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-08-19 11:22 . 2012-08-19 11:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-08-13 20:37 . 2012-08-13 20:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-08-19 11:22 . 2012-08-19 11:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-07-15 15:24 . 2012-06-02 08:23 231936 c:\windows\SysWOW64\url.dll + 2012-08-15 22:09 . 2012-06-29 00:07 231936 c:\windows\SysWOW64\url.dll + 2012-08-15 22:09 . 2012-06-29 00:04 717824 c:\windows\SysWOW64\jscript.dll + 2012-08-15 22:09 . 2012-06-29 00:04 142848 c:\windows\SysWOW64\ieUnatt.exe - 2012-07-15 15:23 . 2012-06-02 08:20 142848 c:\windows\SysWOW64\ieUnatt.exe - 2012-07-15 15:23 . 2012-06-02 08:14 176640 c:\windows\SysWOW64\ieui.dll + 2012-08-15 22:09 . 2012-06-28 23:57 176640 c:\windows\SysWOW64\ieui.dll + 2012-03-16 21:51 . 2012-08-15 14:43 283220 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2012-03-11 16:05 . 2012-08-19 12:02 258390 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2012-08-15 22:09 . 2012-06-29 03:47 237056 c:\windows\system32\url.dll - 2012-07-15 15:24 . 2012-06-02 12:04 237056 c:\windows\system32\url.dll - 2009-07-14 02:36 . 2012-08-12 17:32 664780 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-08-19 12:05 664780 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-08-19 12:05 125484 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-08-12 17:32 125484 c:\windows\system32\perfc009.dat + 2012-08-15 22:09 . 2012-06-29 03:44 816640 c:\windows\system32\jscript.dll - 2012-07-15 15:23 . 2012-06-02 12:01 173056 c:\windows\system32\ieUnatt.exe + 2012-08-15 22:09 . 2012-06-29 03:43 173056 c:\windows\system32\ieUnatt.exe + 2012-08-15 22:09 . 2012-06-29 03:35 248320 c:\windows\system32\ieui.dll - 2012-07-15 15:23 . 2012-06-02 11:54 248320 c:\windows\system32\ieui.dll - 2009-07-14 04:45 . 2012-07-16 05:27 460056 c:\windows\system32\FNTCACHE.DAT + 2009-07-14 04:45 . 2012-08-16 04:00 460056 c:\windows\system32\FNTCACHE.DAT - 2009-07-14 05:30 . 2012-06-19 18:31 143360 c:\windows\system32\DriverStore\infstrng.dat + 2009-07-14 05:30 . 2012-08-16 03:58 143360 c:\windows\system32\DriverStore\infstrng.dat - 2009-07-14 05:30 . 2012-06-19 15:10 143360 c:\windows\system32\DriverStore\infstor.dat + 2009-07-14 05:30 . 2012-08-16 03:58 143360 c:\windows\system32\DriverStore\infstor.dat + 2010-11-21 03:23 . 2010-11-21 03:23 229376 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\fsquirt.exe + 2012-08-15 22:12 . 2012-07-06 20:07 552960 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthport.sys - 2009-07-14 05:31 . 2011-11-27 21:28 399360 c:\windows\system32\DriverStore\drvindex.dat + 2009-07-14 05:31 . 2012-08-16 03:58 399360 c:\windows\system32\DriverStore\drvindex.dat + 2009-07-14 05:01 . 2012-08-19 11:22 424952 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2012-03-11 14:47 . 2012-07-15 15:26 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe + 2012-03-11 14:47 . 2012-08-15 22:11 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe - 2012-03-11 14:47 . 2012-07-15 15:26 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe + 2012-03-11 14:47 . 2012-08-15 22:11 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe - 2012-03-11 14:47 . 2012-07-15 15:26 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe + 2012-03-11 14:47 . 2012-08-15 22:11 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe + 2012-03-11 14:47 . 2012-08-15 22:11 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe - 2012-03-11 14:47 . 2012-07-15 15:26 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe - 2012-03-11 14:47 . 2012-07-15 15:26 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe + 2012-03-11 14:47 . 2012-08-15 22:11 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe + 2012-03-11 14:47 . 2012-08-15 22:11 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe - 2012-03-11 14:47 . 2012-07-15 15:26 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe - 2012-07-15 15:23 . 2012-06-02 08:25 1129472 c:\windows\SysWOW64\wininet.dll + 2012-08-15 22:09 . 2012-06-29 00:09 1129472 c:\windows\SysWOW64\wininet.dll + 2012-08-15 22:09 . 2012-06-29 00:09 1103872 c:\windows\SysWOW64\urlmon.dll - 2012-07-15 15:24 . 2012-06-02 08:26 1103872 c:\windows\SysWOW64\urlmon.dll + 2012-08-15 22:09 . 2012-06-29 00:16 1800704 c:\windows\SysWOW64\jscript9.dll - 2012-07-15 15:23 . 2012-06-02 08:19 1793024 c:\windows\SysWOW64\iertutil.dll + 2012-08-15 22:09 . 2012-06-29 00:01 1793024 c:\windows\SysWOW64\iertutil.dll + 2012-08-15 22:09 . 2012-06-29 00:27 9737728 c:\windows\SysWOW64\ieframe.dll - 2012-07-15 15:22 . 2012-06-02 08:43 9737728 c:\windows\SysWOW64\ieframe.dll - 2012-07-15 15:23 . 2012-06-02 12:05 1392128 c:\windows\system32\wininet.dll + 2012-08-15 22:09 . 2012-06-29 03:49 1392128 c:\windows\system32\wininet.dll + 2012-08-15 22:09 . 2012-06-29 03:49 1346048 c:\windows\system32\urlmon.dll - 2012-07-15 15:24 . 2012-06-02 12:05 1346048 c:\windows\system32\urlmon.dll + 2012-08-15 22:09 . 2012-06-29 03:56 2312704 c:\windows\system32\jscript9.dll - 2012-07-15 15:24 . 2012-06-02 11:59 2144768 c:\windows\system32\iertutil.dll + 2012-08-15 22:09 . 2012-06-29 03:42 2144768 c:\windows\system32\iertutil.dll + 2009-07-14 04:45 . 2012-08-16 04:05 7294260 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2009-07-14 04:45 . 2012-07-16 05:33 7294260 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2012-05-02 23:39 . 2012-08-19 11:22 2112192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2012-03-11 16:37 . 2012-08-19 11:22 2438800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3498985405-2854093996-1078918590-1002-12288.dat + 2012-07-19 01:45 . 2012-07-19 01:45 3464704 c:\windows\Installer\164ce9f.msp - 2012-03-11 14:47 . 2012-07-15 15:26 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe + 2012-03-11 14:47 . 2012-08-15 22:11 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe + 2012-03-11 14:47 . 2012-08-15 22:11 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe - 2012-03-11 14:47 . 2012-07-15 15:26 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe - 2012-03-11 14:47 . 2012-07-15 15:26 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe + 2012-03-11 14:47 . 2012-08-15 22:11 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe + 2012-03-11 14:47 . 2012-08-15 22:11 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe - 2012-03-11 14:47 . 2012-07-15 15:26 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe + 2012-08-15 22:09 . 2012-06-29 00:52 12317184 c:\windows\SysWOW64\mshtml.dll + 2009-07-14 02:34 . 2012-08-16 03:59 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat - 2009-07-14 02:34 . 2012-07-16 05:25 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat + 2012-08-15 22:09 . 2012-06-29 04:55 17809920 c:\windows\system32\mshtml.dll + 2012-08-15 22:09 . 2012-06-29 04:09 10925568 c:\windows\system32\ieframe.dll + 2012-03-11 16:37 . 2012-08-19 11:22 12599256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3498985405-2854093996-1078918590-1002-8192.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="c:\users\Conor\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-10 932528] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-08-06 336384] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544] "NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288] "AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-30 885760] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520] "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448] "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . c:\users\Conor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-3-11 576000] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-1-13 1138464] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 136176] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 136176] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-13 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-06-16 79488] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-06-16 40064] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-07-29 101688] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 RapportCerberus_42020;RapportCerberus_42020;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-08-12 397720] S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-07-29 55096] S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-07-29 297240] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-08-06 204288] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-08-06 365568] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400] S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-07-29 976728] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480] S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-06-21 92632] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-08-06 9361408] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-08-06 309760] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704] S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408] S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-08-18 349736] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-08-18 39464] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-17 533096] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-29 44672] . . Contents of the 'Scheduled Tasks' folder . 2012-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 13:07] . 2012-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 13:07] . 2012-08-14 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11] . 2012-08-19 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448] "Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976] "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-30 2055016] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728] . ------- Supplementary Scan ------- . uStart Page = uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - c:\users\Conor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}\358455D2553535: NameServer = 8.26.56.26,156.154.70.22 FF - ProfilePath - c:\users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\3ookyrzc.default\ FF - prefs.js: browser.startup.homepage - www.google.co.uk . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\03\00\0b\0f\06\05?" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-08-19 13:15:58 ComboFix-quarantined-files.txt 2012-08-19 12:15 ComboFix2.txt 2012-08-14 18:06 ComboFix3.txt 2012-08-13 21:28 . Pre-Run: 417,011,437,568 bytes free Post-Run: 416,473,784,320 bytes free . - - End Of File - - 3A5C7A0249E1607D6F18B10C3AE19D42
-
I've done it again for you ComboFix 12-08-18.03 - Conor 19/08/2012 12:34:22.4.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3692.2237 [GMT 1:00] Running from: C:\Users\Conor\Desktop\ComboFix.exe Command switches used :: C:\Users\Conor\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\ProgramData\PCDr\5907\Downloads\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll ((((((((((((((((((((((((( Files Created from 2012-07-19 to 2012-08-19 ))))))))))))))))))))))))))))))) 2012-08-19 12:10:21 . 2012-08-19 12:10:21 -------- d-----w- C:\Users\Default\AppData\Local\temp 2012-08-15 22:12:40 . 2012-07-06 20:07:42 552960 ----a-w- C:\windows\system32\drivers\bthport.sys 2012-08-15 15:52:27 . 2012-05-14 05:26:34 956928 ----a-w- C:\windows\system32\localspl.dll 2012-08-15 15:52:25 . 2012-05-05 08:36:55 503808 ----a-w- C:\windows\system32\srcore.dll 2012-08-15 15:52:24 . 2012-05-05 07:46:52 43008 ----a-w- C:\windows\SysWow64\srclient.dll 2012-08-15 15:52:17 . 2012-02-11 06:43:47 751104 ----a-w- C:\windows\system32\win32spl.dll 2012-08-15 15:52:16 . 2012-02-11 06:36:02 559104 ----a-w- C:\windows\system32\spoolsv.exe 2012-08-15 15:52:16 . 2012-02-11 06:36:01 67072 ----a-w- C:\windows\splwow64.exe 2012-08-15 15:52:16 . 2012-02-11 05:43:49 492032 ----a-w- C:\windows\SysWow64\win32spl.dll 2012-08-15 15:52:13 . 2012-07-04 22:13:27 59392 ----a-w- C:\windows\system32\browcli.dll 2012-08-15 15:52:13 . 2012-07-04 22:13:27 136704 ----a-w- C:\windows\system32\browser.dll 2012-08-15 15:52:12 . 2012-07-04 22:16:43 73216 ----a-w- C:\windows\system32\netapi32.dll 2012-08-15 15:52:12 . 2012-07-04 21:14:34 41984 ----a-w- C:\windows\SysWow64\browcli.dll 2012-08-15 15:52:07 . 2012-07-18 18:15:06 3148800 ----a-w- C:\windows\system32\win32k.sys 2012-08-15 15:51:05 . 2012-06-29 10:04:29 9133488 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F0A7F8CF-61C5-467C-81FD-FE7742E58FC9}\mpengine.dll 2012-08-12 09:44:49 . 2012-08-12 09:44:49 -------- d-----w- C:\found.001 2012-08-11 23:03:07 . 2012-08-11 23:03:08 -------- d-----w- C:\Users\Conor\AppData\Local\blekkotb 2012-08-11 09:54:13 . 2012-08-12 10:07:21 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-08-11 09:54:13 . 2012-08-12 09:31:29 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-08-10 20:47:12 . 2012-08-12 10:07:21 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2012-08-10 20:46:55 . 2012-08-12 10:07:14 -------- d-----w- C:\Program Files\Microsoft Security Client 2012-08-09 22:20:11 . 2012-08-12 10:07:14 -------- d-----w- C:\Program Files\CCleaner 2012-08-09 21:19:53 . 2012-08-12 15:33:58 -------- d-----w- C:\Users\Conor\AppData\Roaming\Auslogics 2012-08-09 21:19:27 . 2012-08-12 15:34:53 -------- d-----w- C:\Program Files (x86)\Auslogics 2012-08-05 21:01:53 . 2012-08-09 21:20:59 -------- d-----w- C:\Users\Conor\Tracing 2012-08-05 20:46:59 . 2012-08-12 10:07:22 -------- d-----w- C:\Program Files (x86)\FileHippo.com 2012-08-01 22:05:00 . 2012-08-15 21:59:35 62134624 ----a-w- C:\windows\system32\MRT.exe 2012-08-01 21:57:59 . 2012-08-01 21:57:59 388096 ----a-r- C:\Users\Conor\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-08-01 21:57:58 . 2012-08-12 09:59:19 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-08-01 14:18:23 . 2012-08-01 14:18:23 203576 ----a-w- C:\windows\SysWow64\richtx32.ocx 2012-08-01 14:18:22 . 2012-08-01 14:18:22 124688 ----a-w- C:\windows\SysWow64\mswinsck.ocx 2012-08-01 14:06:51 . 2012-08-01 14:06:53 447 ----a-w- C:\user.js 2012-08-01 14:06:06 . 2012-08-01 14:08:32 -------- d-----w- C:\Program Files (x86)\1ClickDownload 2012-08-01 13:10:12 . 2012-08-12 10:07:24 -------- d-----w- C:\Program Files (x86)\smartdl 2012-07-31 18:51:18 . 2012-07-31 18:51:18 -------- d-----w- C:\ProgramData\TomTom 2012-07-30 20:46:19 . 2012-08-12 10:06:01 -------- d-----w- C:\Users\Conor\AppData\Roaming\TomTom 2012-07-30 20:46:19 . 2012-08-12 10:05:42 -------- d-----w- C:\Users\Conor\AppData\Local\TomTom 2012-07-30 20:45:24 . 2012-08-12 10:07:24 -------- d-----w- C:\Program Files (x86)\TomTom HOME 2 2012-07-30 20:43:28 . 2012-08-12 09:59:19 -------- d-----w- C:\Program Files (x86)\TomTom International B.V 2012-07-27 21:39:55 . 2012-07-27 21:39:57 -------- d-----w- C:\Users\Default\AppData\Local\Trusteer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2012-08-05 20:56:03 . 2011-11-27 21:40:04 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-29 19:52:38 . 2012-07-05 11:05:08 101688 ----a-w- C:\windows\system32\drivers\RapportKE64.sys 2012-07-03 16:21:52 . 2012-05-03 13:07:34 355856 ----a-w- C:\windows\system32\drivers\aswSP.sys 2012-07-03 16:21:52 . 2012-05-03 13:07:32 958400 ----a-w- C:\windows\system32\drivers\aswSnx.sys 2012-07-03 16:21:52 . 2012-05-03 13:07:32 59728 ----a-w- C:\windows\system32\drivers\aswTdi.sys 2012-07-03 16:21:52 . 2012-05-03 13:07:32 54072 ----a-w- C:\windows\system32\drivers\aswRdr2.sys 2012-07-03 16:21:52 . 2012-05-03 13:07:31 71064 ----a-w- C:\windows\system32\drivers\aswMonFlt.sys 2012-07-03 16:21:51 . 2012-05-03 13:07:34 25232 ----a-w- C:\windows\system32\drivers\aswFsBlk.sys 2012-07-03 16:21:32 . 2012-05-03 13:06:30 41224 ----a-w- C:\windows\avastSS.scr 2012-07-03 16:21:28 . 2012-05-03 13:06:28 227648 ----a-w- C:\windows\SysWow64\aswBoot.exe 2012-07-03 16:21:18 . 2012-05-03 13:07:31 285328 ----a-w- C:\windows\system32\aswBoot.exe 2012-07-03 12:46:44 . 2012-05-03 13:03:09 24904 ----a-w- C:\windows\system32\drivers\mbam.sys 2012-06-22 15:32:30 . 2012-07-05 23:25:20 405144 ----a-w- C:\windows\SysWow64\Newtonsoft.Json.Net20.dll 2012-06-20 12:39:34 . 2012-06-20 12:39:44 19736 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-06-19 15:02:05 . 2012-06-19 15:02:05 53248 ----a-r- C:\Users\Conor\AppData\Roaming\Microsoft\Installer\{9064317A-39C7-40D5-8CF5-04A254747B88}\ARPPRODUCTICON.exe 2012-06-09 05:43:10 . 2012-07-11 13:04:53 14172672 ----a-w- C:\windows\system32\shell32.dll 2012-06-06 06:06:16 . 2012-07-11 13:05:01 2004480 ----a-w- C:\windows\system32\msxml6.dll 2012-06-06 06:06:16 . 2012-07-11 13:04:59 1881600 ----a-w- C:\windows\system32\msxml3.dll 2012-06-06 06:02:54 . 2012-07-11 13:04:23 1133568 ----a-w- C:\windows\system32\cdosys.dll 2012-06-06 05:05:52 . 2012-07-11 13:05:01 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 . 2012-07-11 13:04:59 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 . 2012-07-11 13:04:27 805376 ----a-w- C:\windows\SysWow64\cdosys.dll 2012-06-02 22:19:46 . 2012-06-26 23:01:10 38424 ----a-w- C:\windows\system32\wups.dll 2012-06-02 22:19:43 . 2012-06-26 23:01:22 2428952 ----a-w- C:\windows\system32\wuaueng.dll 2012-06-02 22:19:42 . 2012-06-26 23:01:23 57880 ----a-w- C:\windows\system32\wuauclt.exe 2012-06-02 22:19:42 . 2012-06-26 23:01:23 44056 ----a-w- C:\windows\system32\wups2.dll 2012-06-02 22:19:23 . 2012-06-26 23:01:10 701976 ----a-w- C:\windows\system32\wuapi.dll 2012-06-02 22:15:31 . 2012-06-26 23:01:23 2622464 ----a-w- C:\windows\system32\wucltux.dll 2012-06-02 22:15:08 . 2012-06-26 23:01:10 99840 ----a-w- C:\windows\system32\wudriver.dll 2012-06-02 14:19:42 . 2012-06-26 23:00:53 186752 ----a-w- C:\windows\system32\wuwebv.dll 2012-06-02 14:15:12 . 2012-06-26 23:00:53 36864 ----a-w- C:\windows\system32\wuapp.exe 2012-06-02 05:50:10 . 2012-07-11 13:04:45 458704 ----a-w- C:\windows\system32\drivers\cng.sys 2012-06-02 05:48:16 . 2012-07-11 13:04:44 151920 ----a-w- C:\windows\system32\drivers\ksecpkg.sys 2012-06-02 05:48:16 . 2012-07-11 13:04:43 95600 ----a-w- C:\windows\system32\drivers\ksecdd.sys 2012-06-02 05:45:31 . 2012-07-11 13:04:44 340992 ----a-w- C:\windows\system32\schannel.dll 2012-06-02 05:44:21 . 2012-07-11 13:04:44 307200 ----a-w- C:\windows\system32\ncrypt.dll 2012-06-02 04:40:42 . 2012-07-11 13:04:43 22016 ----a-w- C:\windows\SysWow64\secur32.dll 2012-06-02 04:40:39 . 2012-07-11 13:04:43 225280 ----a-w- C:\windows\SysWow64\schannel.dll 2012-06-02 04:39:10 . 2012-07-11 13:04:44 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 . 2012-07-11 13:04:42 96768 ----a-w- C:\windows\SysWow64\sspicli.dll 2012-05-31 11:25:12 . 2010-11-21 03:27:21 279656 ------w- C:\windows\system32\MpSigStub.exe ((((((((((((((((((((((((((((( SnapShot@2012-08-13_21.22.13 ))))))))))))))))))))))))))))))))))))))))) + 2012-08-15 15:52:12 . 2012-07-04 21:16:56 57344 C:\windows\SysWOW64\netapi32.dll + 2012-08-15 22:09:43 . 2012-06-29 00:01:01 73216 C:\windows\SysWOW64\mshtmled.dll - 2012-07-15 15:24:06 . 2012-06-02 08:17:15 73216 C:\windows\SysWOW64\mshtmled.dll - 2012-07-15 15:23:23 . 2012-06-02 08:22:01 66048 C:\windows\SysWOW64\migration\WininetPlugin.dll + 2012-08-15 22:09:20 . 2012-06-29 00:06:11 66048 C:\windows\SysWOW64\migration\WininetPlugin.dll + 2012-08-15 22:09:21 . 2012-06-29 00:06:02 65024 C:\windows\SysWOW64\jsproxy.dll - 2012-07-15 15:23:26 . 2012-06-02 08:21:51 65024 C:\windows\SysWOW64\jsproxy.dll + 2009-07-14 04:54:17 . 2012-08-19 11:23:01 16384 C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54:17 . 2012-08-13 20:37:29 16384 C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-08-05 21:14:44 . 2012-08-19 11:23:01 32768 C:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2012-08-05 21:14:44 . 2012-08-13 20:37:29 32768 C:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54:17 . 2012-08-13 20:37:29 16384 C:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54:17 . 2012-08-19 11:23:01 16384 C:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-11-21 03:09:11 . 2012-08-19 11:24:46 53632 C:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10:35 . 2012-08-19 11:24:47 54662 C:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2012-03-11 14:21:56 . 2012-08-19 11:24:47 13844 C:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3498985405-2854093996-1078918590-1002_UserData.bin - 2012-07-15 15:24:06 . 2012-06-02 11:57:36 96768 C:\windows\system32\mshtmled.dll + 2012-08-15 22:09:43 . 2012-06-29 03:40:11 96768 C:\windows\system32\mshtmled.dll - 2012-07-15 15:23:43 . 2012-06-02 12:03:12 86528 C:\windows\system32\migration\WininetPlugin.dll + 2012-08-15 22:09:21 . 2012-06-29 03:46:03 86528 C:\windows\system32\migration\WininetPlugin.dll - 2012-07-15 15:23:49 . 2012-06-02 12:03:00 85504 C:\windows\system32\jsproxy.dll + 2012-08-15 22:09:24 . 2012-06-29 03:45:55 85504 C:\windows\system32\jsproxy.dll - 2009-07-14 05:30:40 . 2012-06-19 18:31:52 86016 C:\windows\system32\DriverStore\infpub.dat + 2009-07-14 05:30:40 . 2012-08-16 03:58:27 86016 C:\windows\system32\DriverStore\infpub.dat + 2011-11-27 21:27:39 . 2011-04-28 03:54:56 80384 C:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\BTHUSB.SYS + 2009-07-14 00:06:53 . 2009-07-14 00:06:53 41984 C:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthenum.sys - 2009-07-14 04:46:26 . 2012-08-05 21:23:43 99680 C:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2009-07-14 04:46:26 . 2012-08-17 13:27:19 99680 C:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2012-03-11 14:47:57 . 2012-07-15 15:26:55 34144 C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe + 2012-03-11 14:47:57 . 2012-08-15 22:11:38 34144 C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe + 2012-03-11 14:47:57 . 2012-08-15 22:11:38 42848 C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe - 2012-03-11 14:47:57 . 2012-07-15 15:26:55 42848 C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe + 2012-03-11 14:47:57 . 2012-08-15 22:11:38 19296 C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe - 2012-03-11 14:47:57 . 2012-07-15 15:26:54 19296 C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe - 2012-08-13 20:37:23 . 2012-08-13 20:37:23 2048 C:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-08-19 11:22:55 . 2012-08-19 11:22:55 2048 C:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-08-13 20:37:23 . 2012-08-13 20:37:23 2048 C:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-08-19 11:22:55 . 2012-08-19 11:22:55 2048 C:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-07-15 15:24:04 . 2012-06-02 08:23:26 231936 C:\windows\SysWOW64\url.dll + 2012-08-15 22:09:39 . 2012-06-29 00:07:44 231936 C:\windows\SysWOW64\url.dll + 2012-08-15 22:09:23 . 2012-06-29 00:04:02 717824 C:\windows\SysWOW64\jscript.dll + 2012-08-15 22:09:33 . 2012-06-29 00:04:43 142848 C:\windows\SysWOW64\ieUnatt.exe - 2012-07-15 15:23:56 . 2012-06-02 08:20:33 142848 C:\windows\SysWOW64\ieUnatt.exe - 2012-07-15 15:23:57 . 2012-06-02 08:14:19 176640 C:\windows\SysWOW64\ieui.dll + 2012-08-15 22:09:34 . 2012-06-28 23:57:46 176640 C:\windows\SysWOW64\ieui.dll + 2012-03-16 21:51:39 . 2012-08-15 14:43:58 283220 C:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2012-03-11 16:05:28 . 2012-08-19 12:02:46 258390 C:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2012-08-15 22:09:39 . 2012-06-29 03:47:35 237056 C:\windows\system32\url.dll - 2012-07-15 15:24:03 . 2012-06-02 12:04:25 237056 C:\windows\system32\url.dll - 2009-07-14 02:36:59 . 2012-08-12 17:32:37 664780 C:\windows\system32\perfh009.dat + 2009-07-14 02:36:59 . 2012-08-19 12:05:25 664780 C:\windows\system32\perfh009.dat + 2009-07-14 02:36:59 . 2012-08-19 12:05:25 125484 C:\windows\system32\perfc009.dat - 2009-07-14 02:36:59 . 2012-08-12 17:32:37 125484 C:\windows\system32\perfc009.dat + 2012-08-15 22:09:21 . 2012-06-29 03:44:51 816640 C:\windows\system32\jscript.dll - 2012-07-15 15:23:56 . 2012-06-02 12:01:40 173056 C:\windows\system32\ieUnatt.exe + 2012-08-15 22:09:33 . 2012-06-29 03:43:49 173056 C:\windows\system32\ieUnatt.exe + 2012-08-15 22:09:33 . 2012-06-29 03:35:21 248320 C:\windows\system32\ieui.dll - 2012-07-15 15:23:57 . 2012-06-02 11:54:06 248320 C:\windows\system32\ieui.dll - 2009-07-14 04:45:34 . 2012-07-16 05:27:12 460056 C:\windows\system32\FNTCACHE.DAT + 2009-07-14 04:45:34 . 2012-08-16 04:00:31 460056 C:\windows\system32\FNTCACHE.DAT - 2009-07-14 05:30:40 . 2012-06-19 18:31:52 143360 C:\windows\system32\DriverStore\infstrng.dat + 2009-07-14 05:30:40 . 2012-08-16 03:58:27 143360 C:\windows\system32\DriverStore\infstrng.dat - 2009-07-14 05:30:40 . 2012-06-19 15:10:18 143360 C:\windows\system32\DriverStore\infstor.dat + 2009-07-14 05:30:40 . 2012-08-16 03:58:27 143360 C:\windows\system32\DriverStore\infstor.dat + 2010-11-21 03:23:47 . 2010-11-21 03:23:47 229376 C:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\fsquirt.exe + 2012-08-15 22:12:40 . 2012-07-06 20:07:42 552960 C:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthport.sys - 2009-07-14 05:31:42 . 2011-11-27 21:28:23 399360 C:\windows\system32\DriverStore\drvindex.dat + 2009-07-14 05:31:42 . 2012-08-16 03:58:27 399360 C:\windows\system32\DriverStore\drvindex.dat + 2009-07-14 05:01:48 . 2012-08-19 11:22:03 424952 C:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2012-03-11 14:47:57 . 2012-07-15 15:26:54 415584 C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe + 2012-03-11 14:47:57 . 2012-08-15 22:11:38 415584 C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe - 2012-03-11 14:47:57 . 2012-07-15 15:26:55 303456 C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe + 2012-03-11 14:47:57 . 2012-08-15 22:11:40 303456 C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe - 2012-03-11 14:47:57 . 2012-07-15 15:26:52 571232 C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe + 2012-03-11 14:47:57 . 2012-08-15 22:11:38 571232 C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe + 2012-03-11 14:47:57 . 2012-08-15 22:11:40 326496 C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe - 2012-03-11 14:47:57 . 2012-07-15 15:26:55 326496 C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe - 2012-03-11 14:47:57 . 2012-07-15 15:26:55 469856 C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe + 2012-03-11 14:47:57 . 2012-08-15 22:11:39 469856 C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe + 2012-03-11 14:47:57 . 2012-08-15 22:11:39 178528 C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe - 2012-03-11 14:47:57 . 2012-07-15 15:26:55 178528 C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe - 2012-07-15 15:23:52 . 2012-06-02 08:25:08 1129472 C:\windows\SysWOW64\wininet.dll + 2012-08-15 22:09:27 . 2012-06-29 00:09:01 1129472 C:\windows\SysWOW64\wininet.dll + 2012-08-15 22:09:36 . 2012-06-29 00:09:32 1103872 C:\windows\SysWOW64\urlmon.dll - 2012-07-15 15:24:01 . 2012-06-02 08:26:05 1103872 C:\windows\SysWOW64\urlmon.dll + 2012-08-15 22:09:24 . 2012-06-29 00:16:58 1800704 C:\windows\SysWOW64\jscript9.dll - 2012-07-15 15:23:59 . 2012-06-02 08:19:19 1793024 C:\windows\SysWOW64\iertutil.dll + 2012-08-15 22:09:37 . 2012-06-29 00:01:33 1793024 C:\windows\SysWOW64\iertutil.dll + 2012-08-15 22:09:04 . 2012-06-29 00:27:10 9737728 C:\windows\SysWOW64\ieframe.dll - 2012-07-15 15:22:58 . 2012-06-02 08:43:51 9737728 C:\windows\SysWOW64\ieframe.dll - 2012-07-15 15:23:49 . 2012-06-02 12:05:28 1392128 C:\windows\system32\wininet.dll + 2012-08-15 22:09:25 . 2012-06-29 03:49:11 1392128 C:\windows\system32\wininet.dll + 2012-08-15 22:09:36 . 2012-06-29 03:49:57 1346048 C:\windows\system32\urlmon.dll - 2012-07-15 15:24:01 . 2012-06-02 12:05:54 1346048 C:\windows\system32\urlmon.dll + 2012-08-15 22:09:28 . 2012-06-29 03:56:34 2312704 C:\windows\system32\jscript9.dll - 2012-07-15 15:24:00 . 2012-06-02 11:59:47 2144768 C:\windows\system32\iertutil.dll + 2012-08-15 22:09:39 . 2012-06-29 03:42:23 2144768 C:\windows\system32\iertutil.dll + 2009-07-14 04:45:55 . 2012-08-16 04:05:55 7294260 C:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2009-07-14 04:45:55 . 2012-07-16 05:33:35 7294260 C:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2012-05-02 23:39:24 . 2012-08-19 11:22:03 2112192 C:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2012-03-11 16:37:21 . 2012-08-19 11:22:03 2438800 C:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3498985405-2854093996-1078918590-1002-12288.dat + 2012-07-19 01:45:30 . 2012-07-19 01:45:30 3464704 C:\windows\Installer\164ce9f.msp - 2012-03-11 14:47:56 . 2012-07-15 15:26:51 1479520 C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe + 2012-03-11 14:47:56 . 2012-08-15 22:11:37 1479520 C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe + 2012-03-11 14:47:57 . 2012-08-15 22:11:38 1858400 C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe - 2012-03-11 14:47:57 . 2012-07-15 15:26:54 1858400 C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe - 2012-03-11 14:47:56 . 2012-07-15 15:26:52 3792736 C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe + 2012-03-11 14:47:56 . 2012-08-15 22:11:38 3792736 C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe + 2012-03-11 14:47:57 . 2012-08-15 22:11:39 1449312 C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe - 2012-03-11 14:47:57 . 2012-07-15 15:26:55 1449312 C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe + 2012-08-15 22:09:16 . 2012-06-29 00:52:30 12317184 C:\windows\SysWOW64\mshtml.dll + 2009-07-14 02:34:08 . 2012-08-16 03:59:07 10485760 C:\windows\system32\SMI\Store\Machine\schema.dat - 2009-07-14 02:34:08 . 2012-07-16 05:25:44 10485760 C:\windows\system32\SMI\Store\Machine\schema.dat + 2012-08-15 22:09:11 . 2012-06-29 04:55:23 17809920 C:\windows\system32\mshtml.dll + 2012-08-15 22:09:05 . 2012-06-29 04:09:35 10925568 C:\windows\system32\ieframe.dll + 2012-03-11 16:37:19 . 2012-08-19 11:22:03 12599256 C:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3498985405-2854093996-1078918590-1002-8192.dat -- Snapshot reset to current date -- ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\Conor\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-10 11:06:06 932528] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell Webcam Central"="C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 16:39:14 503942] "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-08-06 06:58:58 336384] "RoxWatchTray"="c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 11:33:58 240112] "Desktop Disc Tool"="c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 16:35:34 514544] "NeroLauncher"="C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 17:26:08 66872] "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 03:02:24 35736] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 03:02:22 932288] "AccuWeatherWidget"="C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-30 00:18:16 885760] "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 17:22:24 91520] "RIMBBLaunchAgent.exe"="C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 01:00:44 90448] "CanonSolutionMenuEx"="C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 10:18:54 1185112] "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 21:28:32 59240] "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 19:05:34 421736] "avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2012-07-03 16:21:30 4273976] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 10:07:54 252296] C:\Users\Conor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ MagicDisc.lnk - C:\Program Files (x86)\MagicDisc\MagicDisc.exe [2012-3-11 576000] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-1-13 1138464] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 10:28:06 193816] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 20:27:14 138576] R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 13:07:37 136176] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 11:34:18 219632] R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-02-29 08:50:48 158856] R3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 17:59:12 206072] R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 13:07:37 136176] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 17:51:12 30963576] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 20:34:24 4925184] R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 19:04:32 25072] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 11:33:18 1116656] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 00:11:42 250984] R3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys [2010-11-21 03:24:33 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 03:23:47 31232] R3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 11:01:50 52736] R3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe [2012-03-13 17:18:31 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 00:10:10 57184] S0 amd_sata;amd_sata;C:\windows\system32\DRIVERS\amd_sata.sys [2011-06-16 22:08:24 79488] S0 amd_xata;amd_xata;C:\windows\system32\DRIVERS\amd_xata.sys [2011-06-16 22:08:26 40064] S0 PxHlpa64;PxHlpa64;C:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 09:00:00 55856] S0 RapportKE64;RapportKE64;C:\windows\System32\Drivers\RapportKE64.sys [2012-07-29 19:52:38 101688] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 RapportCerberus_42020;RapportCerberus_42020;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-08-12 17:30:21 397720] S1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-07-29 19:52:40 55096] S1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-07-29 19:52:38 297240] S1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 00:07:22 59904] S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2009-03-03 10:42:58 89600] S2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe [2011-08-06 07:44:20 204288] S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-08-06 07:14:06 365568] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;C:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 16:21:52 71064] S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 15:32:36 687400] S2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-07-29 19:52:22 976728] S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 15:05:46 1692480] S2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-06-21 04:01:58 92632] S3 amdiox64;AMD IO Driver;C:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 15:18:24 46136] S3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys [2011-08-06 11:33:18 9361408] S3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys [2011-08-06 07:01:50 309760] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\system32\drivers\AtihdW76.sys [2011-03-30 22:46:46 114704] S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 10:28:06 240408] S3 BTWAMPFL;BTWAMPFL;C:\windows\system32\DRIVERS\btwampfl.sys [2011-08-18 22:39:50 349736] S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys [2011-08-18 22:39:52 39464] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 17:20:46 176096] S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-17 06:55:28 533096] S3 usbfilter;AMD USB Filter Driver;C:\windows\system32\DRIVERS\usbfilter.sys [2010-11-29 12:50:38 44672] Contents of the 'Scheduled Tasks' folder 2012-08-19 C:\windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 13:08:00 . 2012-05-03 13:07:37] 2012-08-19 C:\windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 13:08:00 . 2012-05-03 13:07:37] 2012-08-14 C:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - C:\Program Files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11:58 . 2012-04-13 06:11:58] 2012-08-19 C:\windows\Tasks\SystemToolsDailyTest.job - C:\Program Files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11:58 . 2012-04-13 06:11:58] --------- X64 Entries ----------- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-07-03 16:21:16 133400 ----a-w- C:\Program Files\AVAST Software\Avast\ashShA64.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2011-03-29 20:50:34 608112] "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" [2011-05-27 19:06:16 1128448] "Stage Remote"="C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 01:26:30 2022976] "DellStage"="C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-30 00:17:36 2055016] "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 02:50:00 2726728] ------- Supplementary Scan ------- uStart Page = uLocal Page = C:\windows\system32\blank.htm mLocal Page = C:\Windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - C:\Users\Conor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}\358455D2553535: NameServer = 8.26.56.26,156.154.70.22 FF - ProfilePath - C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\3ookyrzc.default\ FF - prefs.js: browser.startup.homepage - www.google.co.uk
-
Here you go: ComboFix 12-08-13.01 - Conor 15/08/2012 19:54:02.3.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3692.2096 [GMT 1:00] Running from: C:\Users\Conor\Desktop\ComboFix.exe Command switches used :: C:\Users\Conor\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 ))))))))))))))))))))))))))))))) 2012-08-15 19:13:32 . 2012-08-15 19:13:32 -------- d-----w- C:\Users\Default\AppData\Local\temp 2012-08-15 15:51:05 . 2012-06-29 10:04:29 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F0A7F8CF-61C5-467C-81FD-FE7742E58FC9}\mpengine.dll 2012-08-12 09:44:49 . 2012-08-12 09:44:49 -------- d-----w- C:\found.001 2012-08-11 23:03:07 . 2012-08-11 23:03:08 -------- d-----w- C:\Users\Conor\AppData\Local\blekkotb 2012-08-11 09:54:13 . 2012-08-12 10:07:21 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-08-11 09:54:13 . 2012-08-12 09:31:29 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-08-10 20:47:12 . 2012-08-12 10:07:21 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2012-08-10 20:46:55 . 2012-08-12 10:07:14 -------- d-----w- C:\Program Files\Microsoft Security Client 2012-08-09 22:20:11 . 2012-08-12 10:07:14 -------- d-----w- C:\Program Files\CCleaner 2012-08-09 21:19:53 . 2012-08-12 15:33:58 -------- d-----w- C:\Users\Conor\AppData\Roaming\Auslogics 2012-08-09 21:19:27 . 2012-08-12 15:34:53 -------- d-----w- C:\Program Files (x86)\Auslogics 2012-08-05 21:01:53 . 2012-08-09 21:20:59 -------- d-----w- C:\Users\Conor\Tracing 2012-08-05 20:57:35 . 2012-08-12 10:09:11 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2012-08-05 20:46:59 . 2012-08-12 10:07:22 -------- d-----w- C:\Program Files (x86)\FileHippo.com 2012-08-01 22:05:00 . 2012-07-03 02:19:22 59701280 ----a-w- C:\windows\system32\MRT.exe 2012-08-01 21:57:59 . 2012-08-01 21:57:59 388096 ----a-r- C:\Users\Conor\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-08-01 21:57:58 . 2012-08-12 09:59:19 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-08-01 14:18:23 . 2012-08-01 14:18:23 203576 ----a-w- C:\windows\SysWow64\richtx32.ocx 2012-08-01 14:18:22 . 2012-08-01 14:18:22 124688 ----a-w- C:\windows\SysWow64\mswinsck.ocx 2012-08-01 14:06:51 . 2012-08-01 14:06:53 447 ----a-w- C:\user.js 2012-08-01 14:06:06 . 2012-08-01 14:08:32 -------- d-----w- C:\Program Files (x86)\1ClickDownload 2012-08-01 13:10:12 . 2012-08-12 10:07:24 -------- d-----w- C:\Program Files (x86)\smartdl 2012-07-31 18:51:18 . 2012-07-31 18:51:18 -------- d-----w- C:\ProgramData\TomTom 2012-07-30 20:46:19 . 2012-08-12 10:06:01 -------- d-----w- C:\Users\Conor\AppData\Roaming\TomTom 2012-07-30 20:46:19 . 2012-08-12 10:05:42 -------- d-----w- C:\Users\Conor\AppData\Local\TomTom 2012-07-30 20:45:24 . 2012-08-12 10:07:24 -------- d-----w- C:\Program Files (x86)\TomTom HOME 2 2012-07-30 20:43:28 . 2012-08-12 09:59:19 -------- d-----w- C:\Program Files (x86)\TomTom International B.V 2012-07-27 21:39:55 . 2012-07-27 21:39:57 -------- d-----w- C:\Users\Default\AppData\Local\Trusteer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2012-08-05 20:56:03 . 2011-11-27 21:40:04 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-29 19:52:38 . 2012-07-05 11:05:08 101688 ----a-w- C:\windows\system32\drivers\RapportKE64.sys 2012-07-03 16:21:52 . 2012-05-03 13:07:34 355856 ----a-w- C:\windows\system32\drivers\aswSP.sys 2012-07-03 16:21:52 . 2012-05-03 13:07:32 958400 ----a-w- C:\windows\system32\drivers\aswSnx.sys 2012-07-03 16:21:52 . 2012-05-03 13:07:32 59728 ----a-w- C:\windows\system32\drivers\aswTdi.sys 2012-07-03 16:21:52 . 2012-05-03 13:07:32 54072 ----a-w- C:\windows\system32\drivers\aswRdr2.sys 2012-07-03 16:21:52 . 2012-05-03 13:07:31 71064 ----a-w- C:\windows\system32\drivers\aswMonFlt.sys 2012-07-03 16:21:51 . 2012-05-03 13:07:34 25232 ----a-w- C:\windows\system32\drivers\aswFsBlk.sys 2012-07-03 16:21:32 . 2012-05-03 13:06:30 41224 ----a-w- C:\windows\avastSS.scr 2012-07-03 16:21:28 . 2012-05-03 13:06:28 227648 ----a-w- C:\windows\SysWow64\aswBoot.exe 2012-07-03 16:21:18 . 2012-05-03 13:07:31 285328 ----a-w- C:\windows\system32\aswBoot.exe 2012-07-03 12:46:44 . 2012-05-03 13:03:09 24904 ----a-w- C:\windows\system32\drivers\mbam.sys 2012-06-22 15:32:30 . 2012-07-05 23:25:20 405144 ----a-w- C:\windows\SysWow64\Newtonsoft.Json.Net20.dll 2012-06-20 12:39:34 . 2012-06-20 12:39:44 19736 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-06-19 15:02:05 . 2012-06-19 15:02:05 53248 ----a-r- C:\Users\Conor\AppData\Roaming\Microsoft\Installer\{9064317A-39C7-40D5-8CF5-04A254747B88}\ARPPRODUCTICON.exe 2012-06-12 03:08:36 . 2012-07-15 15:29:06 3148800 ----a-w- C:\windows\system32\win32k.sys 2012-06-09 05:43:10 . 2012-07-11 13:04:53 14172672 ----a-w- C:\windows\system32\shell32.dll 2012-06-06 06:06:16 . 2012-07-11 13:05:01 2004480 ----a-w- C:\windows\system32\msxml6.dll 2012-06-06 06:06:16 . 2012-07-11 13:04:59 1881600 ----a-w- C:\windows\system32\msxml3.dll 2012-06-06 06:02:54 . 2012-07-11 13:04:23 1133568 ----a-w- C:\windows\system32\cdosys.dll 2012-06-06 05:05:52 . 2012-07-11 13:05:01 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 . 2012-07-11 13:04:59 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 . 2012-07-11 13:04:27 805376 ----a-w- C:\windows\SysWow64\cdosys.dll 2012-06-02 22:19:46 . 2012-06-26 23:01:10 38424 ----a-w- C:\windows\system32\wups.dll 2012-06-02 22:19:43 . 2012-06-26 23:01:22 2428952 ----a-w- C:\windows\system32\wuaueng.dll 2012-06-02 22:19:42 . 2012-06-26 23:01:23 57880 ----a-w- C:\windows\system32\wuauclt.exe 2012-06-02 22:19:42 . 2012-06-26 23:01:23 44056 ----a-w- C:\windows\system32\wups2.dll 2012-06-02 22:19:23 . 2012-06-26 23:01:10 701976 ----a-w- C:\windows\system32\wuapi.dll 2012-06-02 22:15:31 . 2012-06-26 23:01:23 2622464 ----a-w- C:\windows\system32\wucltux.dll 2012-06-02 22:15:08 . 2012-06-26 23:01:10 99840 ----a-w- C:\windows\system32\wudriver.dll 2012-06-02 14:19:42 . 2012-06-26 23:00:53 186752 ----a-w- C:\windows\system32\wuwebv.dll 2012-06-02 14:15:12 . 2012-06-26 23:00:53 36864 ----a-w- C:\windows\system32\wuapp.exe 2012-06-02 12:49:39 . 2012-07-15 15:23:05 17807360 ----a-w- C:\windows\system32\mshtml.dll 2012-06-02 12:17:39 . 2012-07-15 15:23:01 10924032 ----a-w- C:\windows\system32\ieframe.dll 2012-06-02 12:12:17 . 2012-07-15 15:23:44 2311680 ----a-w- C:\windows\system32\jscript9.dll 2012-06-02 12:05:54 . 2012-07-15 15:24:01 1346048 ----a-w- C:\windows\system32\urlmon.dll 2012-06-02 12:05:28 . 2012-07-15 15:23:49 1392128 ----a-w- C:\windows\system32\wininet.dll 2012-06-02 12:04:50 . 2012-07-15 15:23:45 1494528 ----a-w- C:\windows\system32\inetcpl.cpl 2012-06-02 12:04:25 . 2012-07-15 15:24:03 237056 ----a-w- C:\windows\system32\url.dll 2012-06-02 12:03:00 . 2012-07-15 15:23:49 85504 ----a-w- C:\windows\system32\jsproxy.dll 2012-06-02 12:01:40 . 2012-07-15 15:23:56 173056 ----a-w- C:\windows\system32\ieUnatt.exe 2012-06-02 12:00:33 . 2012-07-15 15:23:28 818688 ----a-w- C:\windows\system32\jscript.dll 2012-06-02 11:59:47 . 2012-07-15 15:24:00 2144768 ----a-w- C:\windows\system32\iertutil.dll 2012-06-02 11:57:36 . 2012-07-15 15:24:06 96768 ----a-w- C:\windows\system32\mshtmled.dll 2012-06-02 11:57:08 . 2012-07-15 15:24:08 2382848 ----a-w- C:\windows\system32\mshtml.tlb 2012-06-02 11:54:06 . 2012-07-15 15:23:57 248320 ----a-w- C:\windows\system32\ieui.dll 2012-06-02 08:33:25 . 2012-07-15 15:23:42 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 . 2012-07-15 15:23:52 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2012-06-02 08:25:03 . 2012-07-15 15:23:47 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 . 2012-07-15 15:23:56 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 . 2012-07-15 15:24:07 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 . 2012-07-11 13:04:45 458704 ----a-w- C:\windows\system32\drivers\cng.sys 2012-06-02 05:48:16 . 2012-07-11 13:04:44 151920 ----a-w- C:\windows\system32\drivers\ksecpkg.sys 2012-06-02 05:48:16 . 2012-07-11 13:04:43 95600 ----a-w- C:\windows\system32\drivers\ksecdd.sys 2012-06-02 05:45:31 . 2012-07-11 13:04:44 340992 ----a-w- C:\windows\system32\schannel.dll 2012-06-02 05:44:21 . 2012-07-11 13:04:44 307200 ----a-w- C:\windows\system32\ncrypt.dll 2012-06-02 04:40:42 . 2012-07-11 13:04:43 22016 ----a-w- C:\windows\SysWow64\secur32.dll 2012-06-02 04:40:39 . 2012-07-11 13:04:43 225280 ----a-w- C:\windows\SysWow64\schannel.dll 2012-06-02 04:39:10 . 2012-07-11 13:04:44 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 . 2012-07-11 13:04:42 96768 ----a-w- C:\windows\SysWow64\sspicli.dll 2012-05-31 11:25:12 . 2010-11-21 03:27:21 279656 ------w- C:\windows\system32\MpSigStub.exe ((((((((((((((((((((((((((((( SnapShot@2012-08-13_21.22.13 ))))))))))))))))))))))))))))))))))))))))) - 2009-07-14 04:54:17 . 2012-08-13 20:37:29 16384 C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54:17 . 2012-08-15 15:41:58 16384 C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-08-05 21:14:44 . 2012-08-13 20:37:29 32768 C:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2012-08-05 21:14:44 . 2012-08-15 15:41:58 32768 C:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54:17 . 2012-08-15 15:41:58 16384 C:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54:17 . 2012-08-13 20:37:29 16384 C:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-11-21 03:09:11 . 2012-08-15 04:33:22 53552 C:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10:35 . 2012-08-15 15:43:45 54526 C:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2012-03-11 14:21:56 . 2012-08-15 15:43:46 13092 C:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3498985405-2854093996-1078918590-1002_UserData.bin - 2012-08-13 20:37:23 . 2012-08-13 20:37:23 2048 C:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-08-15 15:41:53 . 2012-08-15 15:41:53 2048 C:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-08-15 15:41:53 . 2012-08-15 15:41:53 2048 C:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-08-13 20:37:23 . 2012-08-13 20:37:23 2048 C:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-03-16 21:51:39 . 2012-08-15 14:43:58 283220 C:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2012-03-11 16:05:28 . 2012-08-15 18:20:06 255954 C:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2009-07-14 02:36:59 . 2012-08-12 17:32:37 664780 C:\windows\system32\perfh009.dat + 2009-07-14 02:36:59 . 2012-08-15 18:41:41 664780 C:\windows\system32\perfh009.dat - 2009-07-14 02:36:59 . 2012-08-12 17:32:37 125484 C:\windows\system32\perfc009.dat + 2009-07-14 02:36:59 . 2012-08-15 18:41:41 125484 C:\windows\system32\perfc009.dat + 2009-07-14 05:01:48 . 2012-08-15 14:54:22 424464 C:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01:48 . 2012-08-13 20:36:14 424464 C:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-05-02 23:39:24 . 2012-08-15 14:54:23 1862096 C:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2012-05-02 23:39:24 . 2012-08-13 20:36:15 1862096 C:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2012-03-11 16:37:19 . 2012-08-15 14:54:22 12174578 C:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3498985405-2854093996-1078918590-1002-8192.dat - 2012-03-11 16:37:19 . 2012-08-13 20:36:15 12174578 C:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3498985405-2854093996-1078918590-1002-8192.dat ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 23:38:43 5661056] "Spotify Web Helper"="C:\Users\Conor\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-10 11:06:06 932528] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell Webcam Central"="C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 16:39:14 503942] "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-08-06 06:58:58 336384] "RoxWatchTray"="c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 11:33:58 240112] "Desktop Disc Tool"="c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 16:35:34 514544] "NeroLauncher"="C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 17:26:08 66872] "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 03:02:24 35736] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 03:02:22 932288] "AccuWeatherWidget"="C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-30 00:18:16 885760] "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 17:22:24 91520] "RIMBBLaunchAgent.exe"="C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 01:00:44 90448] "CanonSolutionMenuEx"="C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 10:18:54 1185112] "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 21:28:32 59240] "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 19:05:34 421736] "avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2012-07-03 16:21:30 4273976] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 10:07:54 252296] C:\Users\Conor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ MagicDisc.lnk - C:\Program Files (x86)\MagicDisc\MagicDisc.exe [2012-3-11 576000] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-1-13 1138464] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 10:28:06 193816] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 20:27:14 138576] R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 13:07:37 136176] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 11:34:18 219632] R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-02-29 08:50:48 158856] R3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 17:59:12 206072] R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 13:07:37 136176] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 17:51:12 30963576] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 20:34:24 4925184] R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 19:04:32 25072] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 11:33:18 1116656] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 00:11:42 250984] R3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys [2010-11-21 03:24:33 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 03:23:47 31232] R3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 11:01:50 52736] R3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe [2012-03-13 17:18:31 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 00:10:10 57184] S0 amd_sata;amd_sata;C:\windows\system32\DRIVERS\amd_sata.sys [2011-06-16 22:08:24 79488] S0 amd_xata;amd_xata;C:\windows\system32\DRIVERS\amd_xata.sys [2011-06-16 22:08:26 40064] S0 PxHlpa64;PxHlpa64;C:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 09:00:00 55856] S0 RapportKE64;RapportKE64;C:\windows\System32\Drivers\RapportKE64.sys [2012-07-29 19:52:38 101688] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 RapportCerberus_42020;RapportCerberus_42020;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-08-12 17:30:21 397720] S1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-07-29 19:52:40 55096] S1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-07-29 19:52:38 297240] S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 16:26:56 14928] S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 21:55:18 12368] S1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 00:07:22 59904] S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 23:38:04 140672] S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2009-03-03 10:42:58 89600] S2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe [2011-08-06 07:44:20 204288] S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-08-06 07:14:06 365568] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;C:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 16:21:52 71064] S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 15:32:36 687400] S2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-07-29 19:52:22 976728] S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 15:05:46 1692480] S2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-06-21 04:01:58 92632] S3 amdiox64;AMD IO Driver;C:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 15:18:24 46136] S3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys [2011-08-06 11:33:18 9361408] S3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys [2011-08-06 07:01:50 309760] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\system32\drivers\AtihdW76.sys [2011-03-30 22:46:46 114704] S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 10:28:06 240408] S3 BTWAMPFL;BTWAMPFL;C:\windows\system32\DRIVERS\btwampfl.sys [2011-08-18 22:39:50 349736] S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys [2011-08-18 22:39:52 39464] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 17:20:46 176096] S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-17 06:55:28 533096] S3 usbfilter;AMD USB Filter Driver;C:\windows\system32\DRIVERS\usbfilter.sys [2010-11-29 12:50:38 44672] Contents of the 'Scheduled Tasks' folder 2012-08-15 C:\windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 13:08:00 . 2012-05-03 13:07:37] 2012-08-15 C:\windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 13:08:00 . 2012-05-03 13:07:37] 2012-08-14 C:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - C:\Program Files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11:58 . 2012-04-13 06:11:58] 2012-08-15 C:\windows\Tasks\SystemToolsDailyTest.job - C:\Program Files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11:58 . 2012-04-13 06:11:58] --------- X64 Entries ----------- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-07-03 16:21:16 133400 ----a-w- C:\Program Files\AVAST Software\Avast\ashShA64.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2011-03-29 20:50:34 608112] "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" [2011-05-27 19:06:16 1128448] "Stage Remote"="C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 01:26:30 2022976] "DellStage"="C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-30 00:17:36 2055016] "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 02:50:00 2726728] ------- Supplementary Scan ------- uStart Page = uLocal Page = C:\windows\system32\blank.htm mLocal Page = C:\Windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - C:\Users\Conor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}\358455D2553535: NameServer = 8.26.56.26,156.154.70.22 FF - ProfilePath - C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\3ookyrzc.default\ FF - prefs.js: browser.startup.homepage - www.google.co.uk
-
Here you go: ComboFix 12-08-13.01 - Conor 14/08/2012 17:48:20.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3692.1901 [GMT 1:00] Running from: c:\users\Conor\Desktop\ComboFix.exe Command switches used :: c:\users\Conor\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\boost_interprocess c:\programdata\boost_interprocess\3D16F744E86FCD01\{1832B446-3F6D-4880-99C1-0B3B26170D94} c:\programdata\boost_interprocess\5C2BAABCC36ECD01\{1832B446-3F6D-4880-99C1-0B3B26170D94} . . ((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 ))))))))))))))))))))))))))))))) . . 2012-08-14 17:54 . 2012-08-14 17:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-12 16:16 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{47B3DE77-EAE5-4A57-8184-F4320C1C91D7}\mpengine.dll 2012-08-12 09:44 . 2012-08-12 09:44 -------- d-----w- C:\found.001 2012-08-11 23:03 . 2012-08-11 23:03 -------- d-----w- c:\users\Conor\AppData\Local\blekkotb 2012-08-11 09:54 . 2012-08-12 10:07 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-08-11 09:54 . 2012-08-12 09:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-08-10 20:47 . 2012-08-12 10:07 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-08-10 20:46 . 2012-08-12 10:07 -------- d-----w- c:\program files\Microsoft Security Client 2012-08-09 22:20 . 2012-08-12 10:07 -------- d-----w- c:\program files\CCleaner 2012-08-09 21:19 . 2012-08-12 15:33 -------- d-----w- c:\users\Conor\AppData\Roaming\Auslogics 2012-08-09 21:19 . 2012-08-12 15:34 -------- d-----w- c:\program files (x86)\Auslogics 2012-08-05 21:01 . 2012-08-09 21:20 -------- d-----w- c:\users\Conor\Tracing 2012-08-05 20:57 . 2012-08-12 10:09 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-08-05 20:46 . 2012-08-12 10:07 -------- d-----w- c:\program files (x86)\FileHippo.com 2012-08-01 22:05 . 2012-07-03 02:19 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-08-01 21:57 . 2012-08-01 21:57 388096 ----a-r- c:\users\Conor\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-08-01 21:57 . 2012-08-12 09:59 -------- d-----w- c:\program files (x86)\Trend Micro 2012-08-01 14:18 . 2012-08-01 14:18 203576 ----a-w- c:\windows\SysWow64\richtx32.ocx 2012-08-01 14:18 . 2012-08-01 14:18 124688 ----a-w- c:\windows\SysWow64\mswinsck.ocx 2012-08-01 14:06 . 2012-08-01 14:06 447 ----a-w- C:\user.js 2012-08-01 14:06 . 2012-08-01 14:08 -------- d-----w- c:\program files (x86)\1ClickDownload 2012-08-01 13:10 . 2012-08-12 10:07 -------- d-----w- c:\program files (x86)\smartdl 2012-07-31 18:51 . 2012-07-31 18:51 -------- d-----w- c:\programdata\TomTom 2012-07-30 20:46 . 2012-08-12 10:06 -------- d-----w- c:\users\Conor\AppData\Roaming\TomTom 2012-07-30 20:46 . 2012-08-12 10:05 -------- d-----w- c:\users\Conor\AppData\Local\TomTom 2012-07-30 20:45 . 2012-08-12 10:07 -------- d-----w- c:\program files (x86)\TomTom HOME 2 2012-07-30 20:43 . 2012-08-12 09:59 -------- d-----w- c:\program files (x86)\TomTom International B.V 2012-07-27 21:39 . 2012-07-27 21:39 -------- d-----w- c:\users\Default\AppData\Local\Trusteer . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-05 20:56 . 2011-11-27 21:40 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-29 19:52 . 2012-07-05 11:05 101688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys 2012-07-03 16:21 . 2012-05-03 13:07 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-07-03 16:21 . 2012-05-03 13:07 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-03 16:21 . 2012-05-03 13:07 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-07-03 16:21 . 2012-05-03 13:07 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-07-03 16:21 . 2012-05-03 13:07 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-07-03 16:21 . 2012-05-03 13:07 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-07-03 16:21 . 2012-05-03 13:06 41224 ----a-w- c:\windows\avastSS.scr 2012-07-03 16:21 . 2012-05-03 13:06 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-07-03 16:21 . 2012-05-03 13:07 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-07-03 12:46 . 2012-05-03 13:03 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-22 15:32 . 2012-07-05 23:25 405144 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll 2012-06-20 12:39 . 2012-06-20 12:39 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-06-19 15:02 . 2012-06-19 15:02 53248 ----a-r- c:\users\Conor\AppData\Roaming\Microsoft\Installer\{9064317A-39C7-40D5-8CF5-04A254747B88}\ARPPRODUCTICON.exe 2012-06-12 03:08 . 2012-07-15 15:29 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-06-09 05:43 . 2012-07-11 13:04 14172672 ----a-w- c:\windows\system32\shell32.dll 2012-06-06 06:06 . 2012-07-11 13:05 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 06:06 . 2012-07-11 13:04 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 06:02 . 2012-07-11 13:04 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-06-06 05:05 . 2012-07-11 13:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-06-06 05:05 . 2012-07-11 13:04 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-06-06 05:03 . 2012-07-11 13:04 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-06-02 22:19 . 2012-06-26 23:01 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-26 23:01 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-26 23:01 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-26 23:01 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-26 23:01 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-26 23:01 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-26 23:01 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 14:19 . 2012-06-26 23:00 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 14:15 . 2012-06-26 23:00 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 12:49 . 2012-07-15 15:23 17807360 ----a-w- c:\windows\system32\mshtml.dll 2012-06-02 12:17 . 2012-07-15 15:23 10924032 ----a-w- c:\windows\system32\ieframe.dll 2012-06-02 12:12 . 2012-07-15 15:23 2311680 ----a-w- c:\windows\system32\jscript9.dll 2012-06-02 12:05 . 2012-07-15 15:24 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-06-02 12:05 . 2012-07-15 15:23 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-06-02 12:04 . 2012-07-15 15:23 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-02 12:04 . 2012-07-15 15:24 237056 ----a-w- c:\windows\system32\url.dll 2012-06-02 12:03 . 2012-07-15 15:23 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-06-02 12:01 . 2012-07-15 15:23 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-02 12:00 . 2012-07-15 15:23 818688 ----a-w- c:\windows\system32\jscript.dll 2012-06-02 11:59 . 2012-07-15 15:24 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-06-02 11:57 . 2012-07-15 15:24 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-06-02 11:57 . 2012-07-15 15:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-02 11:54 . 2012-07-15 15:23 248320 ----a-w- c:\windows\system32\ieui.dll 2012-06-02 08:33 . 2012-07-15 15:23 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-06-02 08:25 . 2012-07-15 15:23 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-06-02 08:25 . 2012-07-15 15:23 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-06-02 08:20 . 2012-07-15 15:23 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-06-02 08:16 . 2012-07-15 15:24 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-06-02 05:50 . 2012-07-11 13:04 458704 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 05:48 . 2012-07-11 13:04 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 05:48 . 2012-07-11 13:04 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 05:45 . 2012-07-11 13:04 340992 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 05:44 . 2012-07-11 13:04 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-06-02 04:40 . 2012-07-11 13:04 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-06-02 04:40 . 2012-07-11 13:04 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-06-02 04:39 . 2012-07-11 13:04 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34 . 2012-07-11 13:04 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-05-31 11:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-08-13_21.22.13 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2012-08-13 20:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-08-14 16:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-08-05 21:14 . 2012-08-13 20:37 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2012-08-05 21:14 . 2012-08-14 16:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-08-14 16:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-08-13 20:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-11-21 03:09 . 2012-08-13 20:39 53442 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2010-11-21 03:09 . 2012-08-14 16:09 53442 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-08-14 16:09 54310 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2012-03-11 14:21 . 2012-08-14 16:09 13044 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3498985405-2854093996-1078918590-1002_UserData.bin + 2012-08-14 16:07 . 2012-08-14 16:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-08-13 20:37 . 2012-08-13 20:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-08-13 20:37 . 2012-08-13 20:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-08-14 16:07 . 2012-08-14 16:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2012-08-13 20:36 424464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-08-13 22:19 424464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-03-11 16:37 . 2012-08-13 22:19 12174578 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3498985405-2854093996-1078918590-1002-8192.dat - 2012-03-11 16:37 . 2012-08-13 20:36 12174578 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3498985405-2854093996-1078918590-1002-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056] "Spotify Web Helper"="c:\users\Conor\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-10 932528] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-08-06 336384] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544] "NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288] "AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-30 885760] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520] "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448] "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . c:\users\Conor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-3-11 576000] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-1-13 1138464] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 136176] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 136176] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-13 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-06-16 79488] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-06-16 40064] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-07-29 101688] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 RapportCerberus_42020;RapportCerberus_42020;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-08-12 397720] S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-07-29 55096] S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-07-29 297240] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-08-06 204288] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-08-06 365568] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400] S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-07-29 976728] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480] S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-06-21 92632] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-08-06 9361408] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-08-06 309760] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704] S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408] S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-08-18 349736] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-08-18 39464] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096] S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-17 533096] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-29 44672] . . Contents of the 'Scheduled Tasks' folder . 2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 13:07] . 2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 13:07] . 2012-08-14 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11] . 2012-08-14 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448] "Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976] "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-30 2055016] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728] . ------- Supplementary Scan ------- . uStart Page = uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - c:\users\Conor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}\358455D2553535: NameServer = 8.26.56.26,156.154.70.22 FF - ProfilePath - c:\users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\3ookyrzc.default\ FF - prefs.js: browser.startup.homepage - www.google.co.uk . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\03\00\0b\0f\06\05?" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-08-14 19:06:52 ComboFix-quarantined-files.txt 2012-08-14 18:06 ComboFix2.txt 2012-08-13 21:28 . Pre-Run: 419,664,695,296 bytes free Post-Run: 418,989,629,440 bytes free . - - End Of File - - 33B225DCA5D73B8135928C45E9D0B47F
-
Here you go ComboFix 12-08-13.01 - Conor 13/08/2012 21:52:09.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3692.2196 [GMT 1:00] Running from: c:\users\Conor\Desktop\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\programdata\PCDr\5907\Downloads\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll . . ((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 ))))))))))))))))))))))))))))))) . . 2012-08-13 21:21 . 2012-08-13 21:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-13 20:48 . 2012-08-13 20:48 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{47B3DE77-EAE5-4A57-8184-F4320C1C91D7}\offreg.dll 2012-08-12 16:16 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{47B3DE77-EAE5-4A57-8184-F4320C1C91D7}\mpengine.dll 2012-08-12 09:44 . 2012-08-12 09:44 -------- d-----w- C:\found.001 2012-08-11 23:03 . 2012-08-11 23:03 -------- d-----w- c:\users\Conor\AppData\Local\blekkotb 2012-08-11 09:54 . 2012-08-12 10:07 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-08-11 09:54 . 2012-08-12 09:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-08-10 20:47 . 2012-08-12 10:07 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-08-10 20:46 . 2012-08-12 10:07 -------- d-----w- c:\program files\Microsoft Security Client 2012-08-09 22:20 . 2012-08-12 10:07 -------- d-----w- c:\program files\CCleaner 2012-08-09 21:19 . 2012-08-12 15:33 -------- d-----w- c:\users\Conor\AppData\Roaming\Auslogics 2012-08-09 21:19 . 2012-08-12 15:34 -------- d-----w- c:\program files (x86)\Auslogics 2012-08-05 21:01 . 2012-08-09 21:20 -------- d-----w- c:\users\Conor\Tracing 2012-08-05 20:57 . 2012-08-12 10:09 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-08-05 20:46 . 2012-08-12 10:07 -------- d-----w- c:\program files (x86)\FileHippo.com 2012-08-01 22:05 . 2012-07-03 02:19 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-08-01 21:57 . 2012-08-01 21:57 388096 ----a-r- c:\users\Conor\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-08-01 21:57 . 2012-08-12 09:59 -------- d-----w- c:\program files (x86)\Trend Micro 2012-08-01 14:18 . 2012-08-01 14:18 203576 ----a-w- c:\windows\SysWow64\richtx32.ocx 2012-08-01 14:18 . 2012-08-01 14:18 124688 ----a-w- c:\windows\SysWow64\mswinsck.ocx 2012-08-01 14:06 . 2012-08-01 14:06 447 ----a-w- C:\user.js 2012-08-01 14:06 . 2012-08-01 14:08 -------- d-----w- c:\program files (x86)\1ClickDownload 2012-08-01 13:10 . 2012-08-12 10:07 -------- d-----w- c:\program files (x86)\smartdl 2012-07-31 19:43 . 2012-08-01 13:21 -------- d-----w- c:\programdata\boost_interprocess 2012-07-31 18:51 . 2012-07-31 18:51 -------- d-----w- c:\programdata\TomTom 2012-07-30 20:46 . 2012-08-12 10:06 -------- d-----w- c:\users\Conor\AppData\Roaming\TomTom 2012-07-30 20:46 . 2012-08-12 10:05 -------- d-----w- c:\users\Conor\AppData\Local\TomTom 2012-07-30 20:45 . 2012-08-12 10:07 -------- d-----w- c:\program files (x86)\TomTom HOME 2 2012-07-30 20:43 . 2012-08-12 09:59 -------- d-----w- c:\program files (x86)\TomTom International B.V 2012-07-27 21:39 . 2012-07-27 21:39 -------- d-----w- c:\users\Default\AppData\Local\Trusteer 2012-07-15 15:29 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-05 20:56 . 2011-11-27 21:40 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-29 19:52 . 2012-07-05 11:05 101688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys 2012-07-03 16:21 . 2012-05-03 13:07 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-07-03 16:21 . 2012-05-03 13:07 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-03 16:21 . 2012-05-03 13:07 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-07-03 16:21 . 2012-05-03 13:07 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-07-03 16:21 . 2012-05-03 13:07 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-07-03 16:21 . 2012-05-03 13:07 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-07-03 16:21 . 2012-05-03 13:06 41224 ----a-w- c:\windows\avastSS.scr 2012-07-03 16:21 . 2012-05-03 13:06 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-07-03 16:21 . 2012-05-03 13:07 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-07-03 12:46 . 2012-05-03 13:03 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-22 15:32 . 2012-07-05 23:25 405144 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll 2012-06-20 12:39 . 2012-06-20 12:39 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-06-19 15:02 . 2012-06-19 15:02 53248 ----a-r- c:\users\Conor\AppData\Roaming\Microsoft\Installer\{9064317A-39C7-40D5-8CF5-04A254747B88}\ARPPRODUCTICON.exe 2012-06-09 05:43 . 2012-07-11 13:04 14172672 ----a-w- c:\windows\system32\shell32.dll 2012-06-06 06:06 . 2012-07-11 13:05 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 06:06 . 2012-07-11 13:04 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 06:02 . 2012-07-11 13:04 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-06-06 05:05 . 2012-07-11 13:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-06-06 05:05 . 2012-07-11 13:04 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-06-06 05:03 . 2012-07-11 13:04 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-06-02 22:19 . 2012-06-26 23:01 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-26 23:01 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-26 23:01 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-26 23:01 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-26 23:01 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-26 23:01 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-26 23:01 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 14:19 . 2012-06-26 23:00 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 14:15 . 2012-06-26 23:00 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 05:50 . 2012-07-11 13:04 458704 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 05:48 . 2012-07-11 13:04 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 05:48 . 2012-07-11 13:04 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 05:45 . 2012-07-11 13:04 340992 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 05:44 . 2012-07-11 13:04 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-06-02 04:40 . 2012-07-11 13:04 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-06-02 04:40 . 2012-07-11 13:04 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-06-02 04:39 . 2012-07-11 13:04 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34 . 2012-07-11 13:04 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-05-31 11:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056] "Spotify Web Helper"="c:\users\Conor\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-10 932528] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-08-06 336384] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544] "NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288] "AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-30 885760] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520] "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448] "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . c:\users\Conor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-3-11 576000] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-1-13 1138464] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 136176] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 136176] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-13 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-06-16 79488] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-06-16 40064] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-07-29 101688] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 RapportCerberus_42020;RapportCerberus_42020;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-08-12 397720] S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-07-29 55096] S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-07-29 297240] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-08-06 204288] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-08-06 365568] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400] S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-07-29 976728] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480] S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-06-21 92632] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-08-06 9361408] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-08-06 309760] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704] S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408] S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-08-18 349736] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-08-18 39464] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096] S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-17 533096] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-29 44672] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 13:07] . 2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 13:07] . 2012-07-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11] . 2012-08-13 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448] "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-03-24 3668336] "Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976] "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-30 2055016] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . ------- Supplementary Scan ------- . uStart Page = uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - c:\users\Conor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}\358455D2553535: NameServer = 8.26.56.26,156.154.70.22 FF - ProfilePath - c:\users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\3ookyrzc.default\ FF - prefs.js: browser.startup.homepage - www.google.co.uk FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQFeVAurz&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - 7c4e86d40000000000009439e5ea3a11 FF - user.js: extensions.incredibar_i.instlDay - 15553 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1415:06 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6PQFeVAurz FF - user.js: extensions.incredibar_i.upn2n - 92543331108400405 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10658 FF - user.js: extensions.incredibar_i.ppd - . - - - - ORPHANS REMOVED - - - - . AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\03\00\0b\0f\06\05?" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-08-13 22:28:39 ComboFix-quarantined-files.txt 2012-08-13 21:28 . Pre-Run: 420,603,080,704 bytes free Post-Run: 419,856,719,872 bytes free . - - End Of File - - 66569B4D74B412196F9A79BAF82D96D8
-
Here you are 17:25:58.0632 5544 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 17:26:00.0655 5544 ============================================================ 17:26:00.0655 5544 Current date / time: 2012/08/12 17:26:00.0655 17:26:00.0655 5544 SystemInfo: 17:26:00.0655 5544 17:26:00.0655 5544 OS Version: 6.1.7601 ServicePack: 1.0 17:26:00.0655 5544 Product type: Workstation 17:26:00.0656 5544 ComputerName: CONOR-PC 17:26:00.0656 5544 UserName: Conor 17:26:00.0656 5544 Windows directory: C:\windows 17:26:00.0656 5544 System windows directory: C:\windows 17:26:00.0657 5544 Running under WOW64 17:26:00.0657 5544 Processor architecture: Intel x64 17:26:00.0657 5544 Number of processors: 2 17:26:00.0657 5544 Page size: 0x1000 17:26:00.0657 5544 Boot type: Normal boot 17:26:00.0657 5544 ============================================================ 17:26:02.0222 5544 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 17:26:02.0319 5544 ============================================================ 17:26:02.0319 5544 \Device\Harddisk0\DR0: 17:26:02.0322 5544 MBR partitions: 17:26:02.0322 5544 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000 17:26:02.0322 5544 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030 17:26:02.0322 5544 ============================================================ 17:26:02.0363 5544 C: <-> \Device\Harddisk0\DR0\Partition1 17:26:02.0364 5544 ============================================================ 17:26:02.0364 5544 Initialize success 17:26:02.0364 5544 ============================================================ 17:26:34.0136 8080 ============================================================ 17:26:34.0136 8080 Scan started 17:26:34.0137 8080 Mode: Manual; SigCheck; TDLFS; 17:26:34.0137 8080 ============================================================ 17:26:34.0724 8080 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE 17:26:34.0890 8080 !SASCORE - ok 17:26:35.0121 8080 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys 17:26:35.0310 8080 1394ohci - ok 17:26:35.0375 8080 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys 17:26:35.0426 8080 ACPI - ok 17:26:35.0473 8080 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys 17:26:35.0597 8080 AcpiPmi - ok 17:26:35.0689 8080 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys 17:26:35.0751 8080 adp94xx - ok 17:26:35.0837 8080 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys 17:26:35.0880 8080 adpahci - ok 17:26:35.0908 8080 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys 17:26:35.0949 8080 adpu320 - ok 17:26:35.0993 8080 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll 17:26:36.0194 8080 AeLookupSvc - ok 17:26:36.0284 8080 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe 17:26:36.0391 8080 AESTFilters - ok 17:26:36.0478 8080 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys 17:26:36.0570 8080 AFD - ok 17:26:36.0620 8080 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys 17:26:36.0655 8080 agp440 - ok 17:26:36.0710 8080 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe 17:26:36.0803 8080 ALG - ok 17:26:36.0834 8080 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys 17:26:36.0869 8080 aliide - ok 17:26:36.0911 8080 AMD External Events Utility (7922823ab3210517660712ed01b8a2b5) C:\windows\system32\atiesrxx.exe 17:26:37.0056 8080 AMD External Events Utility - ok 17:26:37.0109 8080 AMD FUEL Service - ok 17:26:37.0158 8080 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys 17:26:37.0192 8080 amdide - ok 17:26:37.0235 8080 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\windows\system32\DRIVERS\amdiox64.sys 17:26:39.0002 8080 amdiox64 - ok 17:26:39.0099 8080 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys 17:26:39.0161 8080 AmdK8 - ok 17:26:39.0913 8080 amdkmdag (b3fe665c2d7dde331bb05e0fd2292457) C:\windows\system32\DRIVERS\atikmdag.sys 17:26:40.0287 8080 amdkmdag - ok 17:26:40.0456 8080 amdkmdap (6264a490e9e825185895e8ff290545c8) C:\windows\system32\DRIVERS\atikmpag.sys 17:26:40.0542 8080 amdkmdap - ok 17:26:40.0587 8080 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys 17:26:40.0648 8080 AmdPPM - ok 17:26:40.0716 8080 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys 17:26:40.0759 8080 amdsata - ok 17:26:40.0812 8080 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys 17:26:40.0862 8080 amdsbs - ok 17:26:40.0883 8080 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys 17:26:40.0916 8080 amdxata - ok 17:26:40.0947 8080 amd_sata (bb4fe7889db9cbbe61a308e99697f53c) C:\windows\system32\DRIVERS\amd_sata.sys 17:26:40.0979 8080 amd_sata - ok 17:26:40.0997 8080 amd_xata (5631cba53f1cbea3f9e88348e6723391) C:\windows\system32\DRIVERS\amd_xata.sys 17:26:41.0029 8080 amd_xata - ok 17:26:41.0104 8080 ApfiltrService (6690e42ced5d067233abad42da141213) C:\windows\system32\DRIVERS\Apfiltr.sys 17:26:41.0158 8080 ApfiltrService - ok 17:26:41.0224 8080 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys 17:26:41.0486 8080 AppID - ok 17:26:41.0517 8080 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll 17:26:41.0630 8080 AppIDSvc - ok 17:26:41.0679 8080 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll 17:26:41.0805 8080 Appinfo - ok 17:26:41.0900 8080 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 17:26:41.0943 8080 Apple Mobile Device - ok 17:26:41.0987 8080 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys 17:26:42.0038 8080 arc - ok 17:26:42.0065 8080 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys 17:26:42.0101 8080 arcsas - ok 17:26:42.0210 8080 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 17:26:42.0243 8080 aspnet_state - ok 17:26:42.0307 8080 aswFsBlk (df59b8e8df0bd2e0e303778a3806a17d) C:\windows\system32\drivers\aswFsBlk.sys 17:26:42.0340 8080 aswFsBlk - ok 17:26:42.0385 8080 aswMonFlt (f8e6ab4f876feff69250f2e0c29ef004) C:\windows\system32\drivers\aswMonFlt.sys 17:26:42.0420 8080 aswMonFlt - ok 17:26:42.0440 8080 aswRdr (aa92bc4bcba40ca3aa3ffd1be24f0c09) C:\windows\System32\Drivers\aswrdr2.sys 17:26:42.0474 8080 aswRdr - ok 17:26:42.0566 8080 aswSnx (f06e230e1e8ca9437a6474b7b551cd37) C:\windows\system32\drivers\aswSnx.sys 17:26:42.0647 8080 aswSnx - ok 17:26:42.0695 8080 aswSP (3610ca74a69e380424f0452dec5c1317) C:\windows\system32\drivers\aswSP.sys 17:26:42.0744 8080 aswSP - ok 17:26:42.0775 8080 aswTdi (87de3e31cb0091d22351349869324065) C:\windows\system32\drivers\aswTdi.sys 17:26:42.0809 8080 aswTdi - ok 17:26:42.0866 8080 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys 17:26:43.0001 8080 AsyncMac - ok 17:26:43.0052 8080 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys 17:26:43.0086 8080 atapi - ok 17:26:43.0172 8080 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\windows\system32\drivers\AtihdW76.sys 17:26:43.0213 8080 AtiHDAudioService - ok 17:26:43.0314 8080 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll 17:26:43.0482 8080 AudioEndpointBuilder - ok 17:26:43.0496 8080 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll 17:26:43.0602 8080 AudioSrv - ok 17:26:43.0691 8080 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe 17:26:43.0728 8080 avast! Antivirus - ok 17:26:43.0812 8080 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll 17:26:43.0959 8080 AxInstSV - ok 17:26:44.0043 8080 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys 17:26:44.0154 8080 b06bdrv - ok 17:26:44.0204 8080 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys 17:26:44.0331 8080 b57nd60a - ok 17:26:44.0524 8080 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe 17:26:44.0581 8080 BBSvc - ok 17:26:44.0642 8080 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe 17:26:44.0686 8080 BBUpdate - ok 17:26:45.0072 8080 BCM43XX (783f1c7ed6b39454a8d1028d4f30768d) C:\windows\system32\DRIVERS\bcmwl664.sys 17:26:45.0308 8080 BCM43XX - ok 17:26:45.0449 8080 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll 17:26:45.0536 8080 BDESVC - ok 17:26:45.0592 8080 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys 17:26:45.0708 8080 Beep - ok 17:26:45.0813 8080 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll 17:26:45.0929 8080 BFE - ok 17:26:46.0026 8080 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll 17:26:46.0150 8080 BITS - ok 17:26:46.0223 8080 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys 17:26:46.0282 8080 blbdrive - ok 17:26:46.0399 8080 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 17:26:46.0456 8080 Bonjour Service - ok 17:26:46.0493 8080 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys 17:26:46.0563 8080 bowser - ok 17:26:46.0592 8080 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys 17:26:46.0652 8080 BrFiltLo - ok 17:26:46.0660 8080 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys 17:26:46.0721 8080 BrFiltUp - ok 17:26:46.0760 8080 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll 17:26:46.0889 8080 Browser - ok 17:26:46.0935 8080 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys 17:26:47.0008 8080 Brserid - ok 17:26:47.0020 8080 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys 17:26:47.0084 8080 BrSerWdm - ok 17:26:47.0093 8080 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys 17:26:47.0151 8080 BrUsbMdm - ok 17:26:47.0160 8080 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys 17:26:47.0211 8080 BrUsbSer - ok 17:26:47.0264 8080 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys 17:26:47.0337 8080 BthEnum - ok 17:26:47.0371 8080 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys 17:26:47.0433 8080 BTHMODEM - ok 17:26:47.0475 8080 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys 17:26:47.0542 8080 BthPan - ok 17:26:47.0624 8080 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\system32\Drivers\BTHport.sys 17:26:47.0723 8080 BTHPORT - ok 17:26:47.0780 8080 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll 17:26:47.0898 8080 bthserv - ok 17:26:47.0958 8080 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\system32\Drivers\BTHUSB.sys 17:26:48.0129 8080 BTHUSB - ok 17:26:48.0207 8080 BTWAMPFL (a0dfb69ade3444c78b17636fcf28e898) C:\windows\system32\DRIVERS\btwampfl.sys 17:26:48.0255 8080 BTWAMPFL - ok 17:26:48.0306 8080 btwaudio (f6135859a582a7294ba7a3336e08baa1) C:\windows\system32\drivers\btwaudio.sys 17:26:48.0349 8080 btwaudio - ok 17:26:48.0377 8080 btwavdt (3def2370e414b4e299673558ba171a51) C:\windows\system32\DRIVERS\btwavdt.sys 17:26:48.0413 8080 btwavdt - ok 17:26:48.0612 8080 btwdins (b7dea77ee893806859072274ee8ec8fc) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 17:26:48.0691 8080 btwdins - ok 17:26:48.0745 8080 btwl2cap (9ad0fa253ed531d39fb2d74fe12a5fa9) C:\windows\system32\DRIVERS\btwl2cap.sys 17:26:48.0787 8080 btwl2cap - ok 17:26:48.0821 8080 btwrchid (9937e0e4dfc0030560a6dfe9d3a94b39) C:\windows\system32\DRIVERS\btwrchid.sys 17:26:48.0853 8080 btwrchid - ok 17:26:48.0883 8080 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys 17:26:48.0986 8080 cdfs - ok 17:26:49.0044 8080 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys 17:26:49.0123 8080 cdrom - ok 17:26:49.0178 8080 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll 17:26:49.0294 8080 CertPropSvc - ok 17:26:49.0325 8080 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys 17:26:49.0436 8080 circlass - ok 17:26:49.0485 8080 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys 17:26:49.0539 8080 CLFS - ok 17:26:49.0619 8080 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:26:49.0666 8080 clr_optimization_v2.0.50727_32 - ok 17:26:49.0716 8080 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 17:26:49.0756 8080 clr_optimization_v2.0.50727_64 - ok 17:26:49.0879 8080 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 17:26:49.0921 8080 clr_optimization_v4.0.30319_32 - ok 17:26:49.0969 8080 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 17:26:50.0005 8080 clr_optimization_v4.0.30319_64 - ok 17:26:50.0051 8080 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys 17:26:50.0100 8080 CmBatt - ok 17:26:50.0131 8080 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys 17:26:50.0164 8080 cmdide - ok 17:26:50.0240 8080 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys 17:26:50.0346 8080 CNG - ok 17:26:50.0390 8080 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys 17:26:50.0425 8080 Compbatt - ok 17:26:50.0462 8080 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys 17:26:50.0540 8080 CompositeBus - ok 17:26:50.0555 8080 COMSysApp - ok 17:26:50.0587 8080 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys 17:26:50.0621 8080 crcdisk - ok 17:26:50.0712 8080 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll 17:26:50.0772 8080 CryptSvc - ok 17:26:50.0836 8080 CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\windows\system32\DRIVERS\CtClsFlt.sys 17:26:50.0918 8080 CtClsFlt - ok 17:26:51.0021 8080 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll 17:26:51.0157 8080 DcomLaunch - ok 17:26:51.0197 8080 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll 17:26:51.0384 8080 defragsvc - ok 17:26:51.0416 8080 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys 17:26:51.0516 8080 DfsC - ok 17:26:51.0578 8080 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll 17:26:51.0690 8080 Dhcp - ok 17:26:51.0722 8080 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys 17:26:51.0825 8080 discache - ok 17:26:51.0870 8080 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys 17:26:51.0905 8080 Disk - ok 17:26:51.0950 8080 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll 17:26:52.0025 8080 Dnscache - ok 17:26:52.0066 8080 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll 17:26:52.0177 8080 dot3svc - ok 17:26:52.0217 8080 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll 17:26:52.0325 8080 DPS - ok 17:26:52.0369 8080 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys 17:26:52.0433 8080 drmkaud - ok 17:26:52.0523 8080 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys 17:26:52.0604 8080 DXGKrnl - ok 17:26:52.0641 8080 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll 17:26:52.0740 8080 EapHost - ok 17:26:53.0157 8080 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys 17:26:53.0338 8080 ebdrv - ok 17:26:53.0479 8080 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe 17:26:53.0578 8080 EFS - ok 17:26:53.0684 8080 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe 17:26:53.0794 8080 ehRecvr - ok 17:26:53.0815 8080 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe 17:26:53.0863 8080 ehSched - ok 17:26:53.0958 8080 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys 17:26:54.0028 8080 elxstor - ok 17:26:54.0040 8080 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys 17:26:54.0103 8080 ErrDev - ok 17:26:54.0184 8080 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll 17:26:54.0298 8080 EventSystem - ok 17:26:54.0337 8080 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys 17:26:54.0441 8080 exfat - ok 17:26:54.0507 8080 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys 17:26:54.0646 8080 fastfat - ok 17:26:54.0733 8080 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe 17:26:54.0845 8080 Fax - ok 17:26:54.0864 8080 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys 17:26:54.0927 8080 fdc - ok 17:26:54.0961 8080 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll 17:26:55.0075 8080 fdPHost - ok 17:26:55.0097 8080 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll 17:26:55.0185 8080 FDResPub - ok 17:26:55.0214 8080 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys 17:26:55.0252 8080 FileInfo - ok 17:26:55.0274 8080 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys 17:26:55.0385 8080 Filetrace - ok 17:26:55.0395 8080 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys 17:26:55.0439 8080 flpydisk - ok 17:26:55.0494 8080 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys 17:26:55.0554 8080 FltMgr - ok 17:26:55.0659 8080 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll 17:26:55.0791 8080 FontCache - ok 17:26:55.0855 8080 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 17:26:55.0888 8080 FontCache3.0.0.0 - ok 17:26:55.0934 8080 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys 17:26:55.0972 8080 FsDepends - ok 17:26:56.0001 8080 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys 17:26:56.0037 8080 Fs_Rec - ok 17:26:56.0093 8080 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys 17:26:56.0160 8080 fvevol - ok 17:26:56.0191 8080 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys 17:26:56.0229 8080 gagp30kx - ok 17:26:56.0327 8080 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 17:26:56.0385 8080 GamesAppService - ok 17:26:56.0426 8080 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys 17:26:56.0469 8080 GEARAspiWDM - ok 17:26:56.0556 8080 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll 17:26:56.0678 8080 gpsvc - ok 17:26:56.0733 8080 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:26:56.0776 8080 gupdate - ok 17:26:56.0805 8080 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:26:56.0836 8080 gupdatem - ok 17:26:56.0865 8080 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys 17:26:56.0928 8080 hcw85cir - ok 17:26:56.0983 8080 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys 17:26:57.0065 8080 HdAudAddService - ok 17:26:57.0097 8080 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys 17:26:57.0157 8080 HDAudBus - ok 17:26:57.0167 8080 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys 17:26:57.0219 8080 HidBatt - ok 17:26:57.0259 8080 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys 17:26:57.0330 8080 HidBth - ok 17:26:57.0344 8080 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys 17:26:57.0396 8080 HidIr - ok 17:26:57.0432 8080 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll 17:26:57.0534 8080 hidserv - ok 17:26:57.0580 8080 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys 17:26:57.0626 8080 HidUsb - ok 17:26:57.0664 8080 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll 17:26:57.0772 8080 hkmsvc - ok 17:26:57.0833 8080 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll 17:26:57.0916 8080 HomeGroupListener - ok 17:26:57.0962 8080 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll 17:26:58.0047 8080 HomeGroupProvider - ok 17:26:58.0081 8080 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys 17:26:58.0119 8080 HpSAMD - ok 17:26:58.0225 8080 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys 17:26:58.0357 8080 HTTP - ok 17:26:58.0383 8080 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys 17:26:58.0417 8080 hwpolicy - ok 17:26:58.0465 8080 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys 17:26:58.0512 8080 i8042prt - ok 17:26:58.0595 8080 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys 17:26:58.0668 8080 iaStorV - ok 17:26:58.0816 8080 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 17:26:58.0895 8080 idsvc - ok 17:26:58.0922 8080 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys 17:26:58.0958 8080 iirsp - ok 17:26:59.0033 8080 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll 17:26:59.0171 8080 IKEEXT - ok 17:26:59.0189 8080 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys 17:26:59.0223 8080 intelide - ok 17:26:59.0246 8080 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys 17:26:59.0307 8080 intelppm - ok 17:26:59.0353 8080 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll 17:26:59.0460 8080 IPBusEnum - ok 17:26:59.0476 8080 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys 17:26:59.0585 8080 IpFilterDriver - ok 17:26:59.0644 8080 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll 17:26:59.0780 8080 iphlpsvc - ok 17:26:59.0801 8080 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys 17:26:59.0875 8080 IPMIDRV - ok 17:26:59.0928 8080 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys 17:27:00.0032 8080 IPNAT - ok 17:27:00.0177 8080 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe 17:27:00.0255 8080 iPod Service - ok 17:27:00.0292 8080 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys 17:27:00.0344 8080 IRENUM - ok 17:27:00.0362 8080 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys 17:27:00.0400 8080 isapnp - ok 17:27:00.0473 8080 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys 17:27:00.0542 8080 iScsiPrt - ok 17:27:00.0584 8080 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys 17:27:00.0620 8080 kbdclass - ok 17:27:00.0634 8080 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys 17:27:00.0703 8080 kbdhid - ok 17:27:00.0731 8080 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 17:27:00.0777 8080 KeyIso - ok 17:27:00.0813 8080 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys 17:27:00.0852 8080 KSecDD - ok 17:27:00.0889 8080 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys 17:27:00.0927 8080 KSecPkg - ok 17:27:01.0004 8080 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys 17:27:01.0121 8080 ksthunk - ok 17:27:01.0187 8080 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll 17:27:01.0308 8080 KtmRm - ok 17:27:01.0383 8080 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll 17:27:01.0506 8080 LanmanServer - ok 17:27:01.0543 8080 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll 17:27:01.0651 8080 LanmanWorkstation - ok 17:27:01.0711 8080 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys 17:27:01.0813 8080 lltdio - ok 17:27:01.0870 8080 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll 17:27:01.0991 8080 lltdsvc - ok 17:27:02.0010 8080 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll 17:27:02.0098 8080 lmhosts - ok 17:27:02.0156 8080 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys 17:27:02.0195 8080 LSI_FC - ok 17:27:02.0222 8080 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys 17:27:02.0257 8080 LSI_SAS - ok 17:27:02.0273 8080 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys 17:27:02.0308 8080 LSI_SAS2 - ok 17:27:02.0330 8080 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys 17:27:02.0366 8080 LSI_SCSI - ok 17:27:02.0411 8080 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys 17:27:02.0532 8080 luafv - ok 17:27:02.0593 8080 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\windows\system32\DRIVERS\mcdbus.sys 17:27:02.0657 8080 mcdbus - ok 17:27:02.0684 8080 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll 17:27:02.0746 8080 Mcx2Svc - ok 17:27:02.0770 8080 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys 17:27:02.0804 8080 megasas - ok 17:27:02.0893 8080 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys 17:27:02.0947 8080 MegaSR - ok 17:27:03.0063 8080 Microsoft SharePoint Workspace Audit Service - ok 17:27:03.0093 8080 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll 17:27:03.0196 8080 MMCSS - ok 17:27:03.0230 8080 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys 17:27:03.0340 8080 Modem - ok 17:27:03.0385 8080 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys 17:27:03.0448 8080 monitor - ok 17:27:03.0476 8080 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys 17:27:03.0509 8080 mouclass - ok 17:27:03.0552 8080 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys 17:27:03.0628 8080 mouhid - ok 17:27:03.0646 8080 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys 17:27:03.0681 8080 mountmgr - ok 17:27:03.0713 8080 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys 17:27:03.0765 8080 mpio - ok 17:27:03.0781 8080 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys 17:27:03.0933 8080 mpsdrv - ok 17:27:04.0032 8080 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll 17:27:04.0161 8080 MpsSvc - ok 17:27:04.0187 8080 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys 17:27:04.0250 8080 MRxDAV - ok 17:27:04.0298 8080 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys 17:27:04.0397 8080 mrxsmb - ok 17:27:04.0438 8080 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys 17:27:04.0500 8080 mrxsmb10 - ok 17:27:04.0526 8080 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys 17:27:04.0580 8080 mrxsmb20 - ok 17:27:04.0608 8080 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys 17:27:04.0642 8080 msahci - ok 17:27:04.0665 8080 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys 17:27:04.0702 8080 msdsm - ok 17:27:04.0738 8080 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe 17:27:04.0809 8080 MSDTC - ok 17:27:04.0853 8080 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys 17:27:04.0937 8080 Msfs - ok 17:27:04.0953 8080 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys 17:27:05.0043 8080 mshidkmdf - ok 17:27:05.0053 8080 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys 17:27:05.0088 8080 msisadrv - ok 17:27:05.0162 8080 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll 17:27:05.0356 8080 MSiSCSI - ok 17:27:05.0364 8080 msiserver - ok 17:27:05.0402 8080 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys 17:27:05.0499 8080 MSKSSRV - ok 17:27:05.0507 8080 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys 17:27:05.0599 8080 MSPCLOCK - ok 17:27:05.0607 8080 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys 17:27:05.0702 8080 MSPQM - ok 17:27:05.0745 8080 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys 17:27:05.0801 8080 MsRPC - ok 17:27:05.0823 8080 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys 17:27:05.0865 8080 mssmbios - ok 17:27:05.0908 8080 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys 17:27:06.0017 8080 MSTEE - ok 17:27:06.0026 8080 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys 17:27:06.0070 8080 MTConfig - ok 17:27:06.0104 8080 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys 17:27:06.0140 8080 Mup - ok 17:27:06.0220 8080 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll 17:27:06.0367 8080 napagent - ok 17:27:06.0433 8080 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys 17:27:06.0519 8080 NativeWifiP - ok 17:27:06.0674 8080 NAUpdate (934bb0d23a25c8c136570800a5a149b6) C:\Program Files (x86)\Nero\Update\NASvc.exe 17:27:06.0745 8080 NAUpdate - ok 17:27:06.0902 8080 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys 17:27:06.0994 8080 NDIS - ok 17:27:07.0036 8080 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys 17:27:07.0143 8080 NdisCap - ok 17:27:07.0165 8080 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys 17:27:07.0252 8080 NdisTapi - ok 17:27:07.0311 8080 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys 17:27:07.0395 8080 Ndisuio - ok 17:27:07.0421 8080 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys 17:27:07.0536 8080 NdisWan - ok 17:27:07.0564 8080 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys 17:27:07.0647 8080 NDProxy - ok 17:27:07.0678 8080 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys 17:27:07.0778 8080 NetBIOS - ok 17:27:07.0828 8080 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys 17:27:07.0928 8080 NetBT - ok 17:27:07.0950 8080 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 17:27:07.0994 8080 Netlogon - ok 17:27:08.0069 8080 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll 17:27:08.0201 8080 Netman - ok 17:27:08.0318 8080 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:27:08.0398 8080 NetMsmqActivator - ok 17:27:08.0406 8080 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:27:08.0439 8080 NetPipeActivator - ok 17:27:08.0513 8080 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll 17:27:08.0658 8080 netprofm - ok 17:27:08.0668 8080 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:27:08.0701 8080 NetTcpActivator - ok 17:27:08.0711 8080 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:27:08.0744 8080 NetTcpPortSharing - ok 17:27:08.0803 8080 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys 17:27:08.0844 8080 nfrd960 - ok 17:27:08.0917 8080 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll 17:27:09.0038 8080 NlaSvc - ok 17:27:09.0063 8080 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys 17:27:09.0149 8080 Npfs - ok 17:27:09.0167 8080 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll 17:27:09.0269 8080 nsi - ok 17:27:09.0297 8080 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys 17:27:09.0381 8080 nsiproxy - ok 17:27:09.0540 8080 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys 17:27:09.0673 8080 Ntfs - ok 17:27:09.0811 8080 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys 17:27:09.0905 8080 Null - ok 17:27:09.0954 8080 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys 17:27:10.0022 8080 nvraid - ok 17:27:10.0044 8080 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys 17:27:10.0093 8080 nvstor - ok 17:27:10.0114 8080 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys 17:27:10.0153 8080 nv_agp - ok 17:27:10.0169 8080 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys 17:27:10.0238 8080 ohci1394 - ok 17:27:10.0342 8080 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 17:27:10.0397 8080 ose - ok 17:27:10.0831 8080 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 17:27:11.0106 8080 osppsvc - ok 17:27:11.0278 8080 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll 17:27:11.0363 8080 p2pimsvc - ok 17:27:11.0435 8080 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll 17:27:11.0507 8080 p2psvc - ok 17:27:11.0578 8080 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys 17:27:11.0637 8080 Parport - ok 17:27:11.0682 8080 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys 17:27:11.0745 8080 partmgr - ok 17:27:11.0801 8080 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll 17:27:11.0888 8080 PcaSvc - ok 17:27:11.0992 8080 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms 17:27:12.0038 8080 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok 17:27:12.0089 8080 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys 17:27:12.0157 8080 pci - ok 17:27:12.0172 8080 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys 17:27:12.0207 8080 pciide - ok 17:27:12.0235 8080 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys 17:27:12.0288 8080 pcmcia - ok 17:27:12.0308 8080 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys 17:27:12.0343 8080 pcw - ok 17:27:12.0430 8080 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys 17:27:12.0561 8080 PEAUTH - ok 17:27:12.0664 8080 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe 17:27:12.0739 8080 PerfHost - ok 17:27:12.0900 8080 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll 17:27:13.0044 8080 pla - ok 17:27:13.0118 8080 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll 17:27:13.0229 8080 PlugPlay - ok 17:27:13.0259 8080 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll 17:27:13.0326 8080 PNRPAutoReg - ok 17:27:13.0374 8080 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll 17:27:13.0424 8080 PNRPsvc - ok 17:27:13.0487 8080 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll 17:27:13.0635 8080 PolicyAgent - ok 17:27:13.0681 8080 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll 17:27:13.0806 8080 Power - ok 17:27:13.0895 8080 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys 17:27:14.0004 8080 PptpMiniport - ok 17:27:14.0038 8080 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys 17:27:14.0100 8080 Processor - ok 17:27:14.0159 8080 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll 17:27:14.0252 8080 ProfSvc - ok 17:27:14.0290 8080 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 17:27:14.0341 8080 ProtectedStorage - ok 17:27:14.0400 8080 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys 17:27:14.0519 8080 Psched - ok 17:27:14.0583 8080 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys 17:27:14.0623 8080 PxHlpa64 - ok 17:27:14.0768 8080 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys 17:27:14.0870 8080 ql2300 - ok 17:27:14.0972 8080 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys 17:27:15.0008 8080 ql40xx - ok 17:27:15.0054 8080 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll 17:27:15.0126 8080 QWAVE - ok 17:27:15.0140 8080 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys 17:27:15.0212 8080 QWAVEdrv - ok 17:27:15.0391 8080 RapportCerberus_34302 (5e0459ed0a8f540d2f7b6e52da12c9d4) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_34302.sys 17:27:15.0449 8080 RapportCerberus_34302 - ok 17:27:15.0552 8080 RapportEI64 (54bcd50f96236f28cefea58b30b26591) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys 17:27:15.0603 8080 RapportEI64 - ok 17:27:15.0639 8080 RapportKE64 (fffbcf4d62276dd719a2e29e54d34760) C:\windows\system32\Drivers\RapportKE64.sys 17:27:15.0674 8080 RapportKE64 - ok 17:27:15.0804 8080 RapportMgmtService (c862053be4168c0bb6191af76b9fc878) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe 17:27:15.0876 8080 RapportMgmtService - ok 17:27:15.0960 8080 RapportPG64 (f23ca0cd061363f7664a76313dde26e0) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys 17:27:16.0013 8080 RapportPG64 - ok 17:27:16.0145 8080 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys 17:27:16.0235 8080 RasAcd - ok 17:27:16.0300 8080 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys 17:27:16.0390 8080 RasAgileVpn - ok 17:27:16.0432 8080 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll 17:27:16.0541 8080 RasAuto - ok 17:27:16.0578 8080 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys 17:27:16.0682 8080 Rasl2tp - ok 17:27:16.0737 8080 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll 17:27:16.0855 8080 RasMan - ok 17:27:16.0898 8080 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys 17:27:16.0996 8080 RasPppoe - ok 17:27:17.0022 8080 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys 17:27:17.0118 8080 RasSstp - ok 17:27:17.0163 8080 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys 17:27:17.0289 8080 rdbss - ok 17:27:17.0318 8080 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys 17:27:17.0376 8080 rdpbus - ok 17:27:17.0400 8080 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys 17:27:17.0529 8080 RDPCDD - ok 17:27:17.0580 8080 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys 17:27:17.0674 8080 RDPENCDD - ok 17:27:17.0720 8080 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys 17:27:17.0805 8080 RDPREFMP - ok 17:27:17.0866 8080 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys 17:27:17.0943 8080 RDPWD - ok 17:27:17.0999 8080 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys 17:27:18.0044 8080 rdyboost - ok 17:27:18.0085 8080 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll 17:27:18.0190 8080 RemoteAccess - ok 17:27:18.0226 8080 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll 17:27:18.0330 8080 RemoteRegistry - ok 17:27:18.0383 8080 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys 17:27:18.0455 8080 RFCOMM - ok 17:27:18.0531 8080 RimUsb (ad42432d22940b4215177be113e4919c) C:\windows\system32\Drivers\RimUsb_AMD64.sys 17:27:18.0615 8080 RimUsb - ok 17:27:18.0670 8080 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\windows\system32\DRIVERS\RimSerial_AMD64.sys 17:27:18.0767 8080 RimVSerPort - ok 17:27:18.0799 8080 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\windows\system32\Drivers\RootMdm.sys 17:27:18.0896 8080 ROOTMODEM - ok 17:27:19.0090 8080 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe 17:27:19.0175 8080 RoxMediaDB12OEM - ok 17:27:19.0241 8080 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe 17:27:19.0301 8080 RoxWatch12 - ok 17:27:19.0433 8080 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll 17:27:19.0547 8080 RpcEptMapper - ok 17:27:19.0581 8080 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe 17:27:19.0690 8080 RpcLocator - ok 17:27:19.0745 8080 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll 17:27:19.0839 8080 RpcSs - ok 17:27:19.0921 8080 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys 17:27:20.0016 8080 rspndr - ok 17:27:20.0084 8080 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\windows\system32\Drivers\RtsUStor.sys 17:27:20.0144 8080 RSUSBSTOR - ok 17:27:20.0202 8080 RTL8167 (e50cfb92986dcab49de93788fd695813) C:\windows\system32\DRIVERS\Rt64win7.sys 17:27:20.0266 8080 RTL8167 - ok 17:27:20.0288 8080 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 17:27:20.0331 8080 SamSs - ok 17:27:20.0438 8080 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 17:27:20.0474 8080 SASDIFSV - ok 17:27:20.0483 8080 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 17:27:20.0513 8080 SASKUTIL - ok 17:27:20.0554 8080 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys 17:27:20.0593 8080 sbp2port - ok 17:27:20.0631 8080 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll 17:27:20.0738 8080 SCardSvr - ok 17:27:20.0750 8080 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys 17:27:20.0866 8080 scfilter - ok 17:27:20.0952 8080 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll 17:27:21.0093 8080 Schedule - ok 17:27:21.0139 8080 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll 17:27:21.0225 8080 SCPolicySvc - ok 17:27:21.0261 8080 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll 17:27:21.0347 8080 SDRSVC - ok 17:27:21.0426 8080 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys 17:27:21.0532 8080 secdrv - ok 17:27:21.0558 8080 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll 17:27:21.0646 8080 seclogon - ok 17:27:21.0671 8080 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll 17:27:21.0783 8080 SENS - ok 17:27:21.0831 8080 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll 17:27:21.0925 8080 SensrSvc - ok 17:27:21.0953 8080 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys 17:27:22.0006 8080 Serenum - ok 17:27:22.0035 8080 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys 17:27:22.0131 8080 Serial - ok 17:27:22.0166 8080 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys 17:27:22.0220 8080 sermouse - ok 17:27:22.0282 8080 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll 17:27:22.0409 8080 SessionEnv - ok 17:27:22.0418 8080 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys 17:27:22.0469 8080 sffdisk - ok 17:27:22.0495 8080 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys 17:27:22.0552 8080 sffp_mmc - ok 17:27:22.0561 8080 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys 17:27:22.0620 8080 sffp_sd - ok 17:27:22.0636 8080 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys 17:27:22.0685 8080 sfloppy - ok 17:27:22.0872 8080 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE 17:27:22.0974 8080 SftService - ok 17:27:23.0108 8080 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll 17:27:23.0223 8080 SharedAccess - ok 17:27:23.0281 8080 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll 17:27:23.0413 8080 ShellHWDetection - ok 17:27:23.0457 8080 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys 17:27:23.0502 8080 SiSRaid2 - ok 17:27:23.0519 8080 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys 17:27:23.0555 8080 SiSRaid4 - ok 17:27:23.0634 8080 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe 17:27:23.0687 8080 SkypeUpdate - ok 17:27:23.0740 8080 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys 17:27:23.0836 8080 Smb - ok 17:27:23.0892 8080 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe 17:27:23.0961 8080 SNMPTRAP - ok 17:27:23.0998 8080 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys 17:27:24.0032 8080 spldr - ok 17:27:24.0091 8080 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe 17:27:24.0224 8080 Spooler - ok 17:27:24.0514 8080 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe 17:27:24.0757 8080 sppsvc - ok 17:27:24.0879 8080 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll 17:27:24.0979 8080 sppuinotify - ok 17:27:25.0063 8080 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys 17:27:25.0167 8080 srv - ok 17:27:25.0227 8080 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys 17:27:25.0306 8080 srv2 - ok 17:27:25.0345 8080 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys 17:27:25.0395 8080 srvnet - ok 17:27:25.0463 8080 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll 17:27:25.0588 8080 SSDPSRV - ok 17:27:25.0606 8080 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll 17:27:25.0697 8080 SstpSvc - ok 17:27:25.0805 8080 STacSV (a6b2ec3a2b6ad7c3f7b2f3495cade4c0) C:\Program Files\IDT\WDM\STacSV64.exe 17:27:25.0877 8080 STacSV - ok 17:27:25.0928 8080 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys 17:27:25.0963 8080 stexstor - ok 17:27:26.0047 8080 STHDA (eba98394a7d58f7552c52192bd8fa7e6) C:\windows\system32\DRIVERS\stwrt64.sys 17:27:26.0143 8080 STHDA - ok 17:27:26.0239 8080 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll 17:27:26.0330 8080 stisvc - ok 17:27:26.0427 8080 stllssvr (7731f46ec0d687a931cba063e8f90ef0) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe 17:27:26.0460 8080 stllssvr - ok 17:27:26.0484 8080 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys 17:27:26.0530 8080 swenum - ok 17:27:26.0599 8080 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll 17:27:26.0749 8080 swprv - ok 17:27:26.0901 8080 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll 17:27:27.0041 8080 SysMain - ok 17:27:27.0175 8080 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll 17:27:27.0261 8080 TabletInputService - ok 17:27:27.0306 8080 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll 17:27:27.0431 8080 TapiSrv - ok 17:27:27.0453 8080 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll 17:27:27.0634 8080 TBS - ok 17:27:27.0899 8080 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys 17:27:27.0982 8080 Tcpip - ok 17:27:28.0270 8080 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys 17:27:28.0360 8080 TCPIP6 - ok 17:27:28.0492 8080 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys 17:27:28.0609 8080 tcpipreg - ok 17:27:28.0634 8080 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys 17:27:28.0683 8080 TDPIPE - ok 17:27:28.0718 8080 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys 17:27:28.0776 8080 TDTCP - ok 17:27:28.0816 8080 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys 17:27:28.0917 8080 tdx - ok 17:27:28.0942 8080 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys 17:27:28.0976 8080 TermDD - ok 17:27:29.0049 8080 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll 17:27:29.0191 8080 TermService - ok 17:27:29.0215 8080 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll 17:27:29.0272 8080 Themes - ok 17:27:29.0310 8080 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll 17:27:29.0398 8080 THREADORDER - ok 17:27:29.0515 8080 TomTomHOMEService (e9ca6ed72ea9f56bd6e98c7042092a1c) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe 17:27:29.0548 8080 TomTomHOMEService - ok 17:27:29.0617 8080 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll 17:27:29.0741 8080 TrkWks - ok 17:27:29.0803 8080 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe 17:27:29.0930 8080 TrustedInstaller - ok 17:27:29.0994 8080 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys 17:27:30.0104 8080 tssecsrv - ok 17:27:30.0142 8080 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys 17:27:30.0195 8080 TsUsbFlt - ok 17:27:30.0209 8080 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys 17:27:30.0252 8080 TsUsbGD - ok 17:27:30.0315 8080 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys 17:27:30.0434 8080 tunnel - ok 17:27:30.0475 8080 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys 17:27:30.0515 8080 uagp35 - ok 17:27:30.0563 8080 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys 17:27:30.0721 8080 udfs - ok 17:27:30.0795 8080 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe 17:27:30.0854 8080 UI0Detect - ok 17:27:30.0918 8080 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys 17:27:30.0954 8080 uliagpkx - ok 17:27:31.0004 8080 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys 17:27:31.0065 8080 umbus - ok 17:27:31.0082 8080 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys 17:27:31.0137 8080 UmPass - ok 17:27:31.0192 8080 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll 17:27:31.0319 8080 upnphost - ok 17:27:31.0373 8080 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys 17:27:31.0454 8080 USBAAPL64 - ok 17:27:31.0493 8080 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\windows\system32\DRIVERS\usbccgp.sys 17:27:31.0574 8080 usbccgp - ok 17:27:31.0619 8080 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys 17:27:31.0677 8080 usbcir - ok 17:27:31.0707 8080 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys 17:27:31.0763 8080 usbehci - ok 17:27:31.0797 8080 usbfilter (76e2ffad301490ba27b947c6507752fb) C:\windows\system32\DRIVERS\usbfilter.sys 17:27:31.0831 8080 usbfilter - ok 17:27:31.0923 8080 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys 17:27:32.0010 8080 usbhub - ok 17:27:32.0041 8080 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys 17:27:32.0094 8080 usbohci - ok 17:27:32.0131 8080 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys 17:27:32.0188 8080 usbprint - ok 17:27:32.0226 8080 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys 17:27:32.0276 8080 usbscan - ok 17:27:32.0324 8080 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS 17:27:32.0405 8080 USBSTOR - ok 17:27:32.0444 8080 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys 17:27:32.0502 8080 usbuhci - ok 17:27:32.0542 8080 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys 17:27:32.0599 8080 usbvideo - ok 17:27:32.0629 8080 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll 17:27:32.0742 8080 UxSms - ok 17:27:32.0791 8080 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 17:27:32.0842 8080 VaultSvc - ok 17:27:32.0897 8080 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys 17:27:32.0931 8080 vdrvroot - ok 17:27:33.0009 8080 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe 17:27:33.0144 8080 vds - ok 17:27:33.0194 8080 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys 17:27:33.0253 8080 vga - ok 17:27:33.0281 8080 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys 17:27:33.0385 8080 VgaSave - ok 17:27:33.0435 8080 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys 17:27:33.0477 8080 vhdmp - ok 17:27:33.0491 8080 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys 17:27:33.0529 8080 viaide - ok 17:27:33.0554 8080 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys 17:27:33.0591 8080 volmgr - ok 17:27:33.0644 8080 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys 17:27:33.0700 8080 volmgrx - ok 17:27:33.0764 8080 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys 17:27:33.0829 8080 volsnap - ok 17:27:33.0875 8080 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys 17:27:33.0922 8080 vsmraid - ok 17:27:34.0097 8080 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe 17:27:34.0265 8080 VSS - ok 17:27:34.0382 8080 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys 17:27:34.0442 8080 vwifibus - ok 17:27:34.0473 8080 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys 17:27:34.0524 8080 vwififlt - ok 17:27:34.0593 8080 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll 17:27:34.0704 8080 W32Time - ok 17:27:34.0728 8080 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys 17:27:34.0786 8080 WacomPen - ok 17:27:34.0828 8080 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 17:27:34.0931 8080 WANARP - ok 17:27:34.0939 8080 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 17:27:35.0022 8080 Wanarpv6 - ok 17:27:35.0190 8080 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe 17:27:35.0279 8080 WatAdminSvc - ok 17:27:35.0415 8080 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe 17:27:35.0541 8080 wbengine - ok 17:27:35.0662 8080 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll 17:27:35.0747 8080 WbioSrvc - ok 17:27:35.0785 8080 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll 17:27:35.0865 8080 wcncsvc - ok 17:27:35.0894 8080 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll 17:27:35.0955 8080 WcsPlugInService - ok 17:27:36.0019 8080 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys 17:27:36.0069 8080 Wd - ok 17:27:36.0152 8080 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys 17:27:36.0234 8080 Wdf01000 - ok 17:27:36.0256 8080 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll 17:27:36.0422 8080 WdiServiceHost - ok 17:27:36.0430 8080 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll 17:27:36.0491 8080 WdiSystemHost - ok 17:27:36.0540 8080 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll 17:27:36.0628 8080 WebClient - ok 17:27:36.0672 8080 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll 17:27:36.0795 8080 Wecsvc - ok 17:27:36.0834 8080 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll 17:27:36.0945 8080 wercplsupport - ok 17:27:36.0977 8080 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll 17:27:37.0078 8080 WerSvc - ok 17:27:37.0155 8080 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys 17:27:37.0242 8080 WfpLwf - ok 17:27:37.0305 8080 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys 17:27:37.0365 8080 WimFltr - ok 17:27:37.0393 8080 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys 17:27:37.0427 8080 WIMMount - ok 17:27:37.0449 8080 WinDefend - ok 17:27:37.0475 8080 WinHttpAutoProxySvc - ok 17:27:37.0555 8080 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll 17:27:37.0643 8080 Winmgmt - ok 17:27:37.0826 8080 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll 17:27:38.0000 8080 WinRM - ok 17:27:38.0172 8080 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys 17:27:38.0233 8080 WinUsb - ok 17:27:38.0348 8080 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll 17:27:38.0455 8080 Wlansvc - ok 17:27:38.0544 8080 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 17:27:38.0588 8080 wlcrasvc - ok 17:27:38.0845 8080 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 17:27:38.0970 8080 wlidsvc - ok 17:27:39.0125 8080 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys 17:27:39.0188 8080 WmiAcpi - ok 17:27:39.0270 8080 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe 17:27:39.0340 8080 wmiApSrv - ok 17:27:39.0397 8080 WMPNetworkSvc - ok 17:27:39.0445 8080 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll 17:27:39.0504 8080 WPCSvc - ok 17:27:39.0535 8080 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll 17:27:39.0598 8080 WPDBusEnum - ok 17:27:39.0629 8080 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys 17:27:39.0713 8080 ws2ifsl - ok 17:27:39.0737 8080 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll 17:27:39.0812 8080 wscsvc - ok 17:27:39.0828 8080 WSearch - ok 17:27:40.0063 8080 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll 17:27:40.0165 8080 wuauserv - ok 17:27:40.0299 8080 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys 17:27:40.0404 8080 WudfPf - ok 17:27:40.0454 8080 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys 17:27:40.0569 8080 WUDFRd - ok 17:27:40.0618 8080 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll 17:27:40.0736 8080 wudfsvc - ok 17:27:40.0770 8080 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll 17:27:40.0856 8080 WwanSvc - ok 17:27:40.0938 8080 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 17:27:41.0469 8080 \Device\Harddisk0\DR0 - ok 17:27:41.0477 8080 Boot (0x1200) (b4a651ea79a9998884da67ecffb5e2e7) \Device\Harddisk0\DR0\Partition0 17:27:41.0480 8080 \Device\Harddisk0\DR0\Partition0 - ok 17:27:41.0515 8080 Boot (0x1200) (9353cf31a6ec515e78353d1600509a2f) \Device\Harddisk0\DR0\Partition1 17:27:41.0520 8080 \Device\Harddisk0\DR0\Partition1 - ok 17:27:41.0521 8080 ============================================================ 17:27:41.0521 8080 Scan finished 17:27:41.0521 8080 ============================================================ 17:27:41.0550 7144 Detected object count: 0 17:27:41.0550 7144 Actual detected object count: 0 17:27:53.0634 5284 Deinitialize success
-
Thank you logs are below: MiniToolBox log: MiniToolBox by Farbar Version: 23-07-2012 Ran by Conor (administrator) on 12-08-2012 at 16:47:29 Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= ========================= IP Configuration: ================================ Dell Wireless 1701 802.11b/g/n = Wireless Network Connection (Connected) Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected) Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global icmpredirects=enabled set subinterface interface=?@ subinterface=ethernet_6 mtu=1477 popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : Conor-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Dell Wireless 1701 802.11b/g/n Physical Address. . . . . . . . . : 94-39-E5-EA-3A-11 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::a1c1:1b9a:88d1:1742%14(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.2.6(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : 12 August 2012 11:12:23 Lease Expires . . . . . . . . . . : 12 August 2013 16:10:31 Default Gateway . . . . . . . . . : 192.168.2.1 DHCP Server . . . . . . . . . . . : 192.168.2.1 DHCPv6 IAID . . . . . . . . . . . : 362035685 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-64-6A-8E-18-03-73-9F-39-6D DNS Servers . . . . . . . . . . . : 192.168.2.1 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek PCIe FE Family Controller Physical Address. . . . . . . . . : 18-03-73-9F-39-6D DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Bluetooth Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) Physical Address. . . . . . . . . : 94-39-E5-EA-3A-12 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 11: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:c2:1004:3f57:fdf9(Preferred) Link-local IPv6 Address . . . . . : fe80::c2:1004:3f57:fdf9%16(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter isatap.{BA778979-A30E-4822-B18E-7E8FE2E428FD}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{B512E631-5A5E-4138-A7FD-90203EC4A5F3}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{4A92C260-D31D-47C8-8A74-6B120C7909E3}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes DNS request timed out. timeout was 2 seconds. Server: UnKnown Address: 192.168.2.1 DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. Name: google.com Address: 2a00:1450:4009:808::1005 Pinging google.com [173.194.41.137] with 32 bytes of data: Reply from 173.194.41.137: bytes=32 time=33ms TTL=54 Reply from 173.194.41.137: bytes=32 time=33ms TTL=54 Ping statistics for 173.194.41.137: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 33ms, Maximum = 33ms, Average = 33ms Server: UnKnown Address: 192.168.2.1 DNS request timed out. timeout was 2 seconds. Name: yahoo.com Addresses: 72.30.38.140 98.139.183.24 209.191.122.70 Ping request could not find host yahoo.com. Please check the name and try again. DNS request timed out. timeout was 2 seconds. Server: UnKnown Address: 192.168.2.1 DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. Name: bleepingcomputer.com Address: 208.43.87.2 Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data: Reply from 208.43.87.2: Destination host unreachable. Reply from 208.43.87.2: Destination host unreachable. Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 14...94 39 e5 ea 3a 11 ......Dell Wireless 1701 802.11b/g/n 13...18 03 73 9f 39 6d ......Realtek PCIe FE Family Controller 12...94 39 e5 ea 3a 12 ......Bluetooth Device (Personal Area Network) 1...........................Software Loopback Interface 1 16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.6 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.2.0 255.255.255.0 On-link 192.168.2.6 281 192.168.2.6 255.255.255.255 On-link 192.168.2.6 281 192.168.2.255 255.255.255.255 On-link 192.168.2.6 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.2.6 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.2.6 281 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 16 58 ::/0 On-link 1 306 ::1/128 On-link 16 58 2001::/32 On-link 16 306 2001:0:5ef5:79fb:c2:1004:3f57:fdf9/128 On-link 14 281 fe80::/64 On-link 16 306 fe80::/64 On-link 16 306 fe80::c2:1004:3f57:fdf9/128 On-link 14 281 fe80::a1c1:1b9a:88d1:1742/128 On-link 1 306 ff00::/8 On-link 16 306 ff00::/8 On-link 14 281 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation) Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation) Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation) Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog5 10 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation) x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation) x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.) x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.) x64-Catalog5 10 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.) x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (08/12/2012 04:10:33 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2164062 Error: (08/12/2012 04:10:33 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2164062 Error: (08/12/2012 04:10:33 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/12/2012 03:34:31 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1794 Error: (08/12/2012 03:34:31 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1794 Error: (08/12/2012 03:34:31 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/12/2012 02:40:59 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1373 Error: (08/12/2012 02:40:59 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1373 Error: (08/12/2012 02:40:59 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/12/2012 02:40:20 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 75349 System errors: ============= Error: (08/12/2012 04:12:44 PM) (Source: bowser) (User: ) Description: The master browser has received a server announcement from the computer LIAM-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B512E631-5A5E-4138-A7FD-90203EC4A5F3}. The master browser is stopping or an election is being forced. Error: (08/12/2012 04:10:30 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the btwdins service. Error: (08/12/2012 01:22:35 PM) (Source: bowser) (User: ) Description: The master browser has received a server announcement from the computer LIAM-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B512E631-5A5E-4138-A7FD-90203EC4A5F3}. The master browser is stopping or an election is being forced. Error: (08/12/2012 11:10:46 AM) (Source: Service Control Manager) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (08/12/2012 11:10:46 AM) (Source: Service Control Manager) (User: ) Description: The Windows Search service terminated with service-specific error %%-1073473535. Error: (08/12/2012 11:10:14 AM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. Error: (08/12/2012 10:53:37 AM) (Source: DCOM) (User: ) Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (08/12/2012 10:53:32 AM) (Source: Service Control Manager) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (08/12/2012 10:53:32 AM) (Source: Service Control Manager) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (08/12/2012 10:53:32 AM) (Source: Service Control Manager) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Microsoft Office Sessions: ========================= Error: (08/12/2012 04:10:33 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2164062 Error: (08/12/2012 04:10:33 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2164062 Error: (08/12/2012 04:10:33 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/12/2012 03:34:31 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1794 Error: (08/12/2012 03:34:31 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1794 Error: (08/12/2012 03:34:31 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/12/2012 02:40:59 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1373 Error: (08/12/2012 02:40:59 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1373 Error: (08/12/2012 02:40:59 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/12/2012 02:40:20 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 75349 =========================== Installed Programs ============================ 7-Zip 9.22beta Adobe AIR (Version: 2.6.0.19120) Adobe Flash Player 10 Plugin (Version: 10.3.183.10) Adobe Flash Player 11 ActiveX (Version: 11.1.102.55) Adobe Reader X MUI (Version: 10.0.0) Advanced Audio FX Engine (Version: 1.12.05) AMD APP SDK Runtime (Version: 2.4.650.9) AMD Fuel (Version: 2011.0806.105.31) AMD Media Foundation Decoders (Version: 1.0.60805.2350) AMD VISION Engine Control Center (Version: 2011.0806.105.31) Apple Application Support (Version: 2.1.7) Apple Mobile Device Support (Version: 5.1.1.4) Apple Software Update (Version: 2.1.3.127) ATI AVIVO64 Codecs (Version: 11.6.0.10806) ATI Catalyst Install Manager (Version: 3.0.829.0) Audacity 2.0 Auslogics Disk Defrag (Version: 3.5) avast! Free Antivirus (Version: 7.0.1456.0) Bejeweled 2 Deluxe (Version: 2.2.0.95) Bing Bar (Version: 7.1.361.0) Bing Rewards Client Installer (Version: 16.0.345.0) BlackBerry Desktop Software 7.0 (Version: 7.0.0.59) BlackBerry Device Software Updater (Version: 7.0.0.31) Blackhawk Striker 2 (Version: 2.2.0.95) Blio (Version: 2.3.7140) Bonjour (Version: 3.0.0.10) Bounce Symphony (Version: 2.2.0.95) Build-a-lot 2 (Version: 2.2.0.95) Cake Mania (Version: 2.2.0.95) Canon Easy-PhotoPrint EX Canon Easy-WebPrint EX Canon MP Navigator EX 4.0 Canon MP280 series MP Drivers Canon MP280 series User Registration Canon My Printer Canon Solution Menu EX Catalyst Control Center - Branding (Version: 1.00.0000) Catalyst Control Center Graphics Previews Common (Version: 2011.0806.105.31) Catalyst Control Center InstallProxy (Version: 2011.0806.105.31) Catalyst Control Center Localization All (Version: 2011.0806.105.31) Catalyst Control Center Profiles Mobile (Version: 2011.0806.105.31) ccc-utility64 (Version: 2011.0806.105.31) CCC Help Chinese Standard (Version: 2011.0806.0104.31) CCC Help Chinese Traditional (Version: 2011.0806.0104.31) CCC Help Czech (Version: 2011.0806.0104.31) CCC Help Danish (Version: 2011.0806.0104.31) CCC Help Dutch (Version: 2011.0806.0104.31) CCC Help English (Version: 2011.0806.0104.31) CCC Help Finnish (Version: 2011.0806.0104.31) CCC Help French (Version: 2011.0806.0104.31) CCC Help German (Version: 2011.0806.0104.31) CCC Help Greek (Version: 2011.0806.0104.31) CCC Help Hungarian (Version: 2011.0806.0104.31) CCC Help Italian (Version: 2011.0806.0104.31) CCC Help Japanese (Version: 2011.0806.0104.31) CCC Help Korean (Version: 2011.0806.0104.31) CCC Help Norwegian (Version: 2011.0806.0104.31) CCC Help Polish (Version: 2011.0806.0104.31) CCC Help Portuguese (Version: 2011.0806.0104.31) CCC Help Russian (Version: 2011.0806.0104.31) CCC Help Spanish (Version: 2011.0806.0104.31) CCC Help Swedish (Version: 2011.0806.0104.31) CCC Help Thai (Version: 2011.0806.0104.31) CCC Help Turkish (Version: 2011.0806.0104.31) Chuzzle Deluxe (Version: 2.2.0.95) D3DX10 (Version: 15.4.2368.0902) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell DataSafe Local Backup - Support Software (Version: 9.4.60) Dell DataSafe Local Backup (Version: 9.4.60) Dell Edoc Viewer (Version: 1.0.0) Dell Getting Started Guide (Version: 1.00.0000) Dell MusicStage (Version: 1.5.201.0) Dell PhotoStage (Version: 1.5.0.65) Dell Stage (Version: 1.5.201.0) Dell Stage Remote (Version: 2.0.0.43) Dell Support Center (Version: 3.1.5907.39) Dell Touchpad (Version: 7.1207.101.225) Dell VideoStage (Version: 1.2.0.1712) Dell Webcam Central (Version: 2.00.44) Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95) DirectX 9 Runtime (Version: 1.00.0000) Dora's World Adventure (Version: 2.2.0.95) DW WLAN Card (Version: 5.100.82.88) eBay (Version: 1.4.0) Escape Whisper Valley (Version: 2.2.0.95) Farm Frenzy (Version: 2.2.0.95) FATE (Version: 2.2.0.95) FileHippo.com Update Checker Final Drive Fury (Version: 2.2.0.95) Final Drive Nitro (Version: 2.2.0.95) Free YouTube to MP3 Converter version 3.11.25.627 (Version: 3.11.25.627) Google Chrome (Version: 21.0.1180.75) Google Update Helper (Version: 1.3.21.115) HI-TECH C Compiler for the PIC10/12/16 MCUs V9.83PL0 (Version: 9.83) High-Definition Video Playback (Version: 11.1.11100.4.196) HiJackThis (Version: 1.0.0) IDT Audio (Version: 1.0.6341.0) iTunes (Version: 10.6.0.40) IZArc 4.1.7 (Version: 4.1.7) Java Auto Updater (Version: 2.1.6.0) Java 6 Update 27 (64-bit) (Version: 6.0.270) Java 6 Update 27 (Version: 6.0.270) Java 7 Update 4 (Version: 7.0.40) JavaFX 2.1.0 (Version: 2.1.0) Jewel Quest (Version: 2.2.0.95) Jewel Quest Solitaire 2 (Version: 2.2.0.95) Junk Mail filter update (Version: 15.4.3502.0922) LAME v3.99.3 (for Windows) LTspice IV Luxor (Version: 2.2.0.95) MagicDisc 2.7.106 Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300) MATLAB R2011b (Version: 7.13) Mesh Runtime (Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2010 (Version: 14.0.4763.1000) Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000) Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000) Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000) Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000) Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000) Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000) Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000) Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000) Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000) Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000) Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000) Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000) Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000) Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000) Microsoft Silverlight (Version: 5.1.10411.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1) Mozilla Maintenance Service (Version: 12.0) MPLAB Tools v8.84 (Version: 8.84) MSVCRT (Version: 15.4.2862.0708) MSVCRT_amd64 (Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) Namco All-Stars PAC-MAN (Version: 2.2.0.95) Nero 10 Movie ThemePack Basic (Version: 10.6.10000.1.0) Nero Control Center 10 (Version: 10.6.13000.0.11) Nero ControlCenter 10 Help (CHM) (Version: 10.2.10800) Nero Core Components 10 (Version: 2.0.20000.9.12) Nero Update (Version: 11.0.11500.28.0) Penguins! (Version: 2.2.0.95) PhotoShowExpress (Version: 2.0.063) Plants vs. Zombies - Game of the Year (Version: 2.2.0.95) PlayReady PC Runtime x86 (Version: 1.3.0) Poker Superstars III (Version: 2.2.0.95) Polar Bowler (Version: 2.2.0.95) Polar Golfer (Version: 2.2.0.95) PSpice Student 9.1 Quickset64 (Version: 10.09.25) Rapport (Version: 3.5.1201.84) RBVirtualFolder64Inst (Version: 1.00.0000) Realtek Ethernet Controller Driver (Version: 7.45.516.2011) Realtek USB 2.0 Card Reader (Version: 6.1.7600.30126) Roxio Activation Module (Version: 1.0) Roxio BackOnTrack (Version: 1.3.3) Roxio Burn (Version: 1.8) Roxio Creator Starter (Version: 1.0.439) Roxio Creator Starter (Version: 12.1.77.0) Roxio Creator Starter (Version: 5.0.0) Roxio Express Labeler 3 (Version: 3.2.2) Roxio File Backup (Version: 1.3.2) Samantha Swift (Version: 2.2.0.95) Skype™ 5.8 (Version: 5.8.158) Sonic CinePlayer Decoder Pack (Version: 4.3.0) Spotify (Version: 0.8.3.222.g317ab79d) SUPERAntiSpyware (Version: 5.5.1012) SyncUP (Version: 1.12.11200.10.102) SyncUP (Version: 10.2.15400) TomTom HOME (Version: 2.9.0) TomTom HOME Visual Studio Merge Modules (Version: 1.0.2) Unity Web Player (Version: ) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553092) Update Installer for WildTangent Games App Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95) VLC media player 2.0.3 (Version: 2.0.3) VoiceOver Kit (Version: 1.42.128.0) Vuze (Version: 4.7) Wedding Dash - Ready, Aim, Love! (Version: 2.2.0.95) WIDCOMM Bluetooth Software (Version: 6.3.0.7600) WildTangent Games (Version: 1.0.2.5) WildTangent Games App (Dell Games) (Version: 4.0.5.2) Windows Live Communications Platform (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3555.0308) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3555.0308) Windows Live Mail (Version: 15.4.3502.0922) Windows Live Mesh (Version: 15.4.3502.0922) Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2) Windows Live Messenger (Version: 15.4.3538.0513) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (Version: 15.4.3502.0922) Windows Live Photo Common (Version: 15.4.3502.0922) Windows Live Photo Gallery (Version: 15.4.3502.0922) Windows Live PIMT Platform (Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (Version: 15.4.3502.0922) Windows Live SOXE Definitions (Version: 15.4.3502.0922) Windows Live UX Platform (Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (Version: 15.4.3508.1109) Windows Live Writer (Version: 15.4.3502.0922) Windows Live Writer Resources (Version: 15.4.3502.0922) Zinio Reader 4 (Version: 4.2.4164) Zuma Deluxe (Version: 2.2.0.95) ========================= Devices: ================================ ========================= Memory info: =================================== Percentage of memory in use: 57% Total physical RAM: 3692.02 MB Available physical RAM: 1560.07 MB Total Pagefile: 7382.23 MB Available Pagefile: 4422.83 MB Total Virtual: 4095.88 MB Available Virtual: 3978.14 MB ========================= Partitions: ===================================== 1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:391.94 GB) NTFS ========================= Users: ======================================== User accounts for \\CONOR-PC Administrator Conor Guest ========================= Minidump Files ================================== No minidump file found **** End of log **** Farbar Service Scanner log Farbar Service Scanner Version: 06-08-2012 Ran by Conor (administrator) on 12-08-2012 at 16:50:16 Running from "C:\Users\Conor\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Attempt to access Google.com returned error: Other errors Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
-
It seems like the partner37 thing has gone Laptp/internet's still slow though :/ is there a possiblity you could look deeper to see there is nothing else that could be causing it? Thanks for your help so far btw
-
EDIT: Not sure what happened earlier but I did a system restore and its back to normal Updated logs are below: 1. Spam Free Search Bar uninstalled: 2. Malwarebytes log: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.12.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Conor :: CONOR-PC [administrator] 12/08/2012 11:15:58 mbam-log-2012-08-12 (11-15-58).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 194941 Time elapsed: 7 minute(s), 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) 3. aswMBR log: aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-08-12 11:23:53 ----------------------------- 11:23:53.777 OS Version: Windows x64 6.1.7601 Service Pack 1 11:23:53.777 Number of processors: 2 586 0x200 11:23:53.780 ComputerName: CONOR-PC UserName: Conor 11:23:57.802 Initialize success 11:23:58.919 AVAST engine defs: 12081200 11:24:01.974 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000070 11:24:01.979 Disk 0 Vendor: ST950032 D005 Size: 476940MB BusType: 11 11:24:02.000 Disk 0 MBR read successfully 11:24:02.005 Disk 0 MBR scan 11:24:02.012 Disk 0 Windows 7 default MBR code 11:24:02.021 Disk 0 Partition 1 00 DE Dell Utility DELL 8.0 100 MB offset 2048 11:24:02.038 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848 11:24:02.058 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461838 MB offset 30926848 11:24:02.105 Disk 0 scanning C:\windows\system32\drivers 11:24:11.735 Service scanning 11:24:37.728 Modules scanning 11:24:37.755 Disk 0 trace - called modules: 11:24:37.777 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys 11:24:37.789 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045a1410] 11:24:37.800 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8004103040] 11:24:37.812 5 amd_xata.sys[fffff8800117ab3f] -> nt!IofCallDriver -> \Device\00000070[0xfffffa80040ff930] 11:24:39.492 AVAST engine scan C:\windows 11:24:43.422 AVAST engine scan C:\windows\system32 11:29:07.804 AVAST engine scan C:\windows\system32\drivers 11:29:23.257 AVAST engine scan C:\Users\Conor 11:39:06.628 AVAST engine scan C:\ProgramData 11:41:59.116 Scan finished successfully 11:42:22.101 Disk 0 MBR has been saved successfully to "C:\Users\Conor\Desktop\MBR.dat" 11:42:22.125 The log file has been saved successfully to "C:\Users\Conor\Desktop\aswMBR.txt" 4. A fresh DDS log: DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1 Run by Conor at 11:43:26 on 2012-08-12 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3692.1547 [GMT 1:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe C:\windows\system32\atiesrxx.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\atieclxx.exe C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\WLANExt.exe C:\windows\system32\conhost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe C:\windows\system32\svchost.exe -k bthsvcs C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Users\Conor\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\MagicDisc\MagicDisc.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files\DellTPad\Apntex.exe C:\windows\system32\conhost.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\iPod\bin\iPodService.exe C:\windows\splwow64.exe C:\windows\system32\SearchIndexer.exe C:\windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\windows\System32\svchost.exe -k secsvcs C:\windows\SysWOW64\RunDll32.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\windows\system32\SearchFilterHost.exe C:\windows\system32\DllHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe uRun: [spotify Web Helper] "C:\Users\Conor\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [<NO NAME>] mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\Conor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - C:\Users\Conor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{4A92C260-D31D-47C8-8A74-6B120C7909E3} : NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}\358455D2553535 : NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}\358455D2553535 : DhcpNameServer = 10.14.72.10 10.11.73.10 143.52.2.91 TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}\358455D27455543545 : DhcpNameServer = 10.14.72.10 10.11.73.10 143.52.2.91 TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}\35B4953383737373 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}\4514C4B44514C4B4D2145423641403 : DhcpNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL AppInit_DLLs: SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll BHO-X64: Canon Easy-WebPrint EX BHO - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [(Default)] mRun-x64: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm AppInit_DLLs-X64: SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\3ookyrzc.default\ FF - prefs.js: browser.startup.homepage - www.google.co.uk FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Conor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\windows\SysWOW64\npmproxy.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQFeVAurz&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - 7c4e86d40000000000009439e5ea3a11 FF - user.js: extensions.incredibar_i.instlDay - 15553 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1415:06:51 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6PQFeVAurz FF - user.js: extensions.incredibar_i.upn2n - 92543331108400405 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10658 FF - user.js: extensions.incredibar_i.ppd - . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\windows\system32\DRIVERS\amd_sata.sys --> C:\windows\system32\DRIVERS\amd_sata.sys [?] R0 amd_xata;amd_xata;C:\windows\system32\DRIVERS\amd_xata.sys --> C:\windows\system32\DRIVERS\amd_xata.sys [?] R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?] R0 RapportKE64;RapportKE64;C:\windows\system32\Drivers\RapportKE64.sys --> C:\windows\system32\Drivers\RapportKE64.sys [?] R1 aswSnx;aswSnx;C:\windows\system32\drivers\aswSnx.sys --> C:\windows\system32\drivers\aswSnx.sys [?] R1 aswSP;aswSP;C:\windows\system32\drivers\aswSP.sys --> C:\windows\system32\drivers\aswSP.sys [?] R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_34302.sys [2012-7-5 397520] R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-7-8 55096] R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-7-8 297048] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-11-27 89600] R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-8-6 365568] R2 aswFsBlk;aswFsBlk;C:\windows\system32\drivers\aswFsBlk.sys --> C:\windows\system32\drivers\aswFsBlk.sys [?] R2 aswMonFlt;aswMonFlt;\??\C:\windows\system32\drivers\aswMonFlt.sys --> C:\windows\system32\drivers\aswMonFlt.sys [?] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-8-1 44808] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400] R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-7-8 976728] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-11-28 1692480] R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-6-21 92632] R3 amdiox64;AMD IO Driver;C:\windows\system32\DRIVERS\amdiox64.sys --> C:\windows\system32\DRIVERS\amdiox64.sys [?] R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\system32\drivers\AtihdW76.sys --> C:\windows\system32\drivers\AtihdW76.sys [?] R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408] R3 BTWAMPFL;BTWAMPFL;C:\windows\system32\DRIVERS\btwampfl.sys --> C:\windows\system32\DRIVERS\btwampfl.sys [?] R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\system32\DRIVERS\CtClsFlt.sys --> C:\windows\system32\DRIVERS\CtClsFlt.sys [?] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?] R3 usbfilter;AMD USB Filter Driver;C:\windows\system32\DRIVERS\usbfilter.sys --> C:\windows\system32\DRIVERS\usbfilter.sys [?] S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-3 136176] S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-3 136176] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576] S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-4-10 25072] S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184] . =============== Created Last 30 ================ . 2012-08-12 10:13:45 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{355494F9-2E5E-4109-91E8-2A26B4C8EA20}\mpengine.dll 2012-08-12 09:44:49 -------- d-sh--w- C:\found.001 2012-08-11 23:03:07 -------- d-----w- C:\Users\Conor\AppData\Local\blekkotb 2012-08-11 18:51:53 -------- d-----w- C:\Users\Conor\AppData\Local\{04D2246A-5816-4A1F-8A0B-A21AC21814BF} 2012-08-11 18:51:40 -------- d-----w- C:\Users\Conor\AppData\Local\{0D62A33A-F082-4211-B383-A54E11C0A491} 2012-08-11 09:54:13 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-08-11 09:54:13 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-08-10 22:20:59 -------- d-----w- C:\Users\Conor\AppData\Local\{538A0B49-DDA4-4D6E-ABCF-C43B1EEA1FE3} 2012-08-10 22:20:15 -------- d-----w- C:\Users\Conor\AppData\Local\{B38A521B-5601-4AF6-990D-29798169518D} 2012-08-10 20:47:12 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2012-08-10 20:46:55 -------- d-----w- C:\Program Files\Microsoft Security Client 2012-08-09 22:20:11 -------- d-----w- C:\Program Files\CCleaner 2012-08-09 21:19:53 -------- d-----w- C:\Users\Conor\AppData\Roaming\Auslogics 2012-08-09 21:19:27 -------- d-----w- C:\Program Files (x86)\Auslogics 2012-08-09 17:59:36 -------- d-----w- C:\Users\Conor\AppData\Local\{45BDF70A-CF60-4785-B98E-C8F267D5A0C7} 2012-08-09 17:59:23 -------- d-----w- C:\Users\Conor\AppData\Local\{1805E12F-01DE-4F4F-8019-C0846BBC107F} 2012-08-08 19:09:45 -------- d-----w- C:\Users\Conor\AppData\Local\{3966E704-090F-490C-85C8-864BC135F5F6} 2012-08-08 19:09:32 -------- d-----w- C:\Users\Conor\AppData\Local\{D21133A8-6EC2-4C35-87F9-D8B20824879D} 2012-08-06 17:08:48 -------- d-----w- C:\Users\Conor\AppData\Local\{B68F97F3-6AE2-469B-AE86-559BFB25FF63} 2012-08-06 17:08:34 -------- d-----w- C:\Users\Conor\AppData\Local\{450A9525-0FC0-4E39-9C13-EA2815215BB8} 2012-08-05 21:01:53 -------- d-----w- C:\Users\Conor\Tracing 2012-08-05 20:57:35 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2012-08-05 20:46:59 -------- d-----w- C:\Program Files (x86)\FileHippo.com 2012-08-01 21:57:59 388096 ----a-r- C:\Users\Conor\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-08-01 21:57:58 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-08-01 14:18:23 203576 ----a-w- C:\windows\SysWow64\richtx32.ocx 2012-08-01 14:18:22 124688 ----a-w- C:\windows\SysWow64\mswinsck.ocx 2012-08-01 14:06:06 -------- d-----w- C:\Program Files (x86)\1ClickDownload 2012-08-01 13:10:12 -------- d-----w- C:\Program Files (x86)\smartdl 2012-07-31 19:43:30 -------- d-----w- C:\ProgramData\boost_interprocess 2012-07-31 18:51:18 -------- d-----w- C:\ProgramData\TomTom 2012-07-30 20:46:19 -------- d-----w- C:\Users\Conor\AppData\Roaming\TomTom 2012-07-30 20:46:19 -------- d-----w- C:\Users\Conor\AppData\Local\TomTom 2012-07-30 20:45:24 -------- d-----w- C:\Program Files (x86)\TomTom HOME 2 2012-07-30 20:43:28 -------- d-----w- C:\Program Files (x86)\TomTom International B.V 2012-07-15 15:29:06 3148800 ----a-w- C:\windows\System32\win32k.sys . ==================== Find3M ==================== . 2012-08-05 20:56:03 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-08 06:19:18 101464 ----a-w- C:\windows\System32\drivers\RapportKE64.sys 2012-07-03 16:21:52 958400 ----a-w- C:\windows\System32\drivers\aswSnx.sys 2012-07-03 16:21:52 71064 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys 2012-07-03 16:21:52 54072 ----a-w- C:\windows\System32\drivers\aswRdr2.sys 2012-07-03 16:21:32 41224 ----a-w- C:\windows\avastSS.scr 2012-07-03 12:46:44 24904 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-06-22 15:32:30 405144 ----a-w- C:\windows\SysWow64\Newtonsoft.Json.Net20.dll 2012-06-06 06:06:16 2004480 ----a-w- C:\windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll 2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll 2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll 2012-06-02 14:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll 2012-06-02 14:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe 2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll 2012-05-31 11:25:12 279656 ----a-w- C:\windows\System32\MpSigStub.exe . ============= FINISH: 11:49:36.43 ===============
-
Hi thanks for getting back to me One problem that did hapen was after doing the logs (Malwarebytes and aswMBR) I was unable to restart my PC normally (after about 5 mins a window popped up asking to 'end process') Any idea why that is? Could it be an issue that happens when downloading one of the programs to help me? What I have done anyway was to complete the DDS log in Safe Mode with Networking and that has enabled me to reply to you now. Logs are below: MalwareBytes Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.11.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Conor :: CONOR-PC [administrator] 11/08/2012 21:46:04 mbam-log-2012-08-11 (21-46-04).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 195189 Time elapsed: 7 minute(s), 37 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) aswMBR aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-08-12 00:05:38 ----------------------------- 00:05:38.470 OS Version: Windows x64 6.1.7601 Service Pack 1 00:05:38.470 Number of processors: 2 586 0x200 00:05:38.473 ComputerName: CONOR-PC UserName: Conor 00:05:40.573 Initialize success 00:05:41.481 AVAST engine defs: 12081101 00:05:52.998 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000070 00:05:53.006 Disk 0 Vendor: ST950032 D005 Size: 476940MB BusType: 11 00:05:53.029 Disk 0 MBR read successfully 00:05:53.034 Disk 0 MBR scan 00:05:53.049 Disk 0 Windows 7 default MBR code 00:05:53.070 Disk 0 Partition 1 00 DE Dell Utility DELL 8.0 100 MB offset 2048 00:05:53.087 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848 00:05:53.107 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461838 MB offset 30926848 00:05:53.165 Disk 0 scanning C:\windows\system32\drivers 00:06:08.096 Service scanning 00:06:35.213 Modules scanning 00:06:35.239 Disk 0 trace - called modules: 00:06:35.254 00:06:36.527 AVAST engine scan C:\windows 00:06:40.416 AVAST engine scan C:\windows\system32 00:10:55.815 AVAST engine scan C:\windows\system32\drivers 00:11:08.696 AVAST engine scan C:\Users\Conor 00:13:52.169 Disk 0 MBR has been saved successfully to "C:\Users\Conor\Desktop\MBR.dat" 00:17:00.682 The log file has been saved successfully to "C:\Users\Conor\Desktop\aswMBR.txt" DDS . DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1 Run by Conor at 10:16:17 on 2012-08-12 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3692.3034 [GMT 1:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Microsoft Security Essentials Prerelease *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials Prerelease *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\windows\Explorer.EXE C:\windows\system32\ctfmon.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://blekko.com?source=c3348dd4&tbp=homepage&toolbarid=blekkotb&u=BBA1457895073553F18E0C2C uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Updater For Spam Free Search Bar: {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll BHO: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe uRun: [spotify Web Helper] "C:\Users\Conor\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRunOnce: [blekkotb] reg.exe delete "HKCU\Software\AppDataLow\Software\blekkotb" /f uRunOnce: [blekkotb_XP] reg.exe delete "HKCU\Software\blekkotb" /f mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [<NO NAME>] mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\Conor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - C:\Users\Conor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{4A92C260-D31D-47C8-8A74-6B120C7909E3} : NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}\358455D2553535 : NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}\358455D2553535 : DhcpNameServer = 10.14.72.10 10.11.73.10 143.52.2.91 TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}\358455D27455543545 : DhcpNameServer = 10.14.72.10 10.11.73.10 143.52.2.91 TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}\35B4953383737373 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}\4514C4B44514C4B4D2145423641403 : DhcpNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs: SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Updater For Spam Free Search Bar: {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll BHO-X64: Updater For Spam Free Search Bar - No File BHO-X64: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll BHO-X64: Spam Free Search Bar - No File BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll BHO-X64: Canon Easy-WebPrint EX BHO - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB-X64: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [(Default)] mRun-x64: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm AppInit_DLLs-X64: SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\3ookyrzc.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Conor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\windows\system32\DRIVERS\amd_sata.sys --> C:\windows\system32\DRIVERS\amd_sata.sys [?] R0 amd_xata;amd_xata;C:\windows\system32\DRIVERS\amd_xata.sys --> C:\windows\system32\DRIVERS\amd_xata.sys [?] R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672] R3 amdiox64;AMD IO Driver;C:\windows\system32\DRIVERS\amdiox64.sys --> C:\windows\system32\DRIVERS\amdiox64.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?] R3 usbfilter;AMD USB Filter Driver;C:\windows\system32\DRIVERS\usbfilter.sys --> C:\windows\system32\DRIVERS\usbfilter.sys [?] S0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?] S1 aswSnx;aswSnx;C:\windows\system32\drivers\aswSnx.sys --> C:\windows\system32\drivers\aswSnx.sys [?] S1 aswSP;aswSP;C:\windows\system32\drivers\aswSP.sys --> C:\windows\system32\drivers\aswSP.sys [?] S1 RapportCerberus_42020;RapportCerberus_42020;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-8-10 397720] S1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-7-29 55096] S1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-7-29 297240] S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-11-27 89600] S2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?] S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-8-6 365568] S2 aswFsBlk;aswFsBlk;C:\windows\system32\drivers\aswFsBlk.sys --> C:\windows\system32\drivers\aswFsBlk.sys [?] S2 aswMonFlt;aswMonFlt;\??\C:\windows\system32\drivers\aswMonFlt.sys --> C:\windows\system32\drivers\aswMonFlt.sys [?] S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-8-10 44808] S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-3 136176] S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400] S2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-7-29 976728] S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-11-28 1692480] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856] S3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?] S3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\system32\drivers\AtihdW76.sys --> C:\windows\system32\drivers\AtihdW76.sys [?] S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408] S3 BTWAMPFL;BTWAMPFL;C:\windows\system32\DRIVERS\btwampfl.sys --> C:\windows\system32\DRIVERS\btwampfl.sys [?] S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\system32\DRIVERS\CtClsFlt.sys --> C:\windows\system32\DRIVERS\CtClsFlt.sys [?] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-3 136176] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576] S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-6-12 357976] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-4-10 25072] S3 RapportKE64;RapportKE64;C:\windows\system32\Drivers\RapportKE64.sys --> C:\windows\system32\Drivers\RapportKE64.sys [?] S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184] . =============== Created Last 30 ================ . 2012-08-11 23:03:07 -------- d-----w- C:\Users\Conor\AppData\Local\blekkotb 2012-08-11 18:51:53 -------- d-----w- C:\Users\Conor\AppData\Local\{04D2246A-5816-4A1F-8A0B-A21AC21814BF} 2012-08-11 18:51:40 -------- d-----w- C:\Users\Conor\AppData\Local\{0D62A33A-F082-4211-B383-A54E11C0A491} 2012-08-11 09:54:13 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-08-11 09:54:13 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-08-10 22:20:59 -------- d-----w- C:\Users\Conor\AppData\Local\{538A0B49-DDA4-4D6E-ABCF-C43B1EEA1FE3} 2012-08-10 22:20:15 -------- d-----w- C:\Users\Conor\AppData\Local\{B38A521B-5601-4AF6-990D-29798169518D} 2012-08-10 20:56:54 9133488 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F0E24849-ED09-4315-AE37-7DF9486267DE}\mpengine.dll 2012-08-10 20:47:12 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2012-08-10 20:46:55 -------- d-----w- C:\Program Files\Microsoft Security Client 2012-08-10 14:48:56 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2012-08-10 14:43:12 -------- d-----w- C:\Program Files (x86)\FileHippo.com 2012-08-10 14:14:40 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-08-10 14:04:43 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0F19D966-A61B-47AD-9582-386A07050498}\mpengine.dll 2012-08-09 22:20:11 -------- d-----w- C:\Program Files\CCleaner 2012-08-09 21:19:53 -------- d-----w- C:\Users\Conor\AppData\Roaming\Auslogics 2012-08-09 21:19:27 -------- d-----w- C:\Program Files (x86)\Auslogics 2012-08-09 17:59:36 -------- d-----w- C:\Users\Conor\AppData\Local\{45BDF70A-CF60-4785-B98E-C8F267D5A0C7} 2012-08-09 17:59:23 -------- d-----w- C:\Users\Conor\AppData\Local\{1805E12F-01DE-4F4F-8019-C0846BBC107F} 2012-08-08 19:09:45 -------- d-----w- C:\Users\Conor\AppData\Local\{3966E704-090F-490C-85C8-864BC135F5F6} 2012-08-08 19:09:32 -------- d-----w- C:\Users\Conor\AppData\Local\{D21133A8-6EC2-4C35-87F9-D8B20824879D} 2012-08-06 17:08:48 -------- d-----w- C:\Users\Conor\AppData\Local\{B68F97F3-6AE2-469B-AE86-559BFB25FF63} 2012-08-06 17:08:34 -------- d-----w- C:\Users\Conor\AppData\Local\{450A9525-0FC0-4E39-9C13-EA2815215BB8} 2012-08-05 21:01:53 -------- d-----w- C:\Users\Conor\Tracing 2012-08-01 14:06:06 -------- d-----w- C:\Program Files (x86)\1ClickDownload 2012-08-01 13:10:12 -------- d-----w- C:\Program Files (x86)\smartdl 2012-07-31 19:43:30 -------- d-----w- C:\ProgramData\boost_interprocess 2012-07-31 18:51:18 -------- d-----w- C:\ProgramData\TomTom 2012-07-30 20:46:19 -------- d-----w- C:\Users\Conor\AppData\Roaming\TomTom 2012-07-30 20:46:19 -------- d-----w- C:\Users\Conor\AppData\Local\TomTom 2012-07-30 20:45:24 -------- d-----w- C:\Program Files (x86)\TomTom HOME 2 2012-07-30 20:43:28 -------- d-----w- C:\Program Files (x86)\TomTom International B.V 2012-07-15 15:29:06 3148800 ----a-w- C:\windows\System32\win32k.sys . ==================== Find3M ==================== . 2012-07-29 19:52:38 101688 ----a-w- C:\windows\System32\drivers\RapportKE64.sys 2012-07-03 16:21:52 958400 ----a-w- C:\windows\System32\drivers\aswSnx.sys 2012-07-03 16:21:52 71064 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys 2012-07-03 16:21:52 54072 ----a-w- C:\windows\System32\drivers\aswRdr2.sys 2012-07-03 16:21:32 41224 ----a-w- C:\windows\avastSS.scr 2012-06-22 15:32:30 405144 ----a-w- C:\windows\SysWow64\Newtonsoft.Json.Net20.dll 2012-06-06 06:06:16 2004480 ----a-w- C:\windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll 2012-06-05 06:29:26 227688 ----a-w- C:\windows\System32\drivers\MpFilter.sys 2012-06-05 06:29:26 117464 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys 2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll 2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll 2012-06-02 14:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll 2012-06-02 14:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe 2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll . ============= FINISH: 10:17:37.89 ===============
-
Hey guys Yep thats right I'm infected again! It was only a week or so back I needed help with an infection, but nope, I'm not completely clear! This time its partner37.mydomain.com which Ive heard is pretty nasty! And I'm sure it's the reason why my computer is extremely slow along with my internet. Also can I ask whoever helps me could make sure my system is 101% clear as I don't want to be posting here in a weeks time again! Thanks a lot DDS logs are attached. I have also done a HJT log too which is below: HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:23:27, on 10/08/2012 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v9.00 (9.00.8112.16447) Boot mode: Normal Running processes: C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe C:\Users\Conor\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\MagicDisc\MagicDisc.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\windows\SysWOW64\RunDll32.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blekko.com?source=c3348dd4&tbp=homepage&toolbarid=blekkotb&u=BBA1457895073553F18E0C2C R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file) F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Updater For Spam Free Search Bar - {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll O2 - BHO: Spam Free Search Bar - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O3 - Toolbar: Spam Free Search Bar - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing) O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" O4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\RunOnce: [aswAhAScr.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\AhAScr.dll" O4 - HKLM\..\RunOnce: [aswasOutExt.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\asOutExt.dll" O4 - HKLM\..\RunOnce: [aswasOutExt64.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr64.exe" "C:\Program Files\AVAST Software\Avast\asOutExt64.dll" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Conor\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Conor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CS1\Services\Tcpip\..\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CS2\Services\Tcpip\..\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 8.26.56.26,156.154.70.22 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: RoxMediaDB12OEM - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 16213 bytes Attach.txt DDS.txt