Inactive very slow laptop

PAUL SHILLAM · 2012/04/13

[Inactive] very slow laptop

Here is the Mailwarebytes log

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.13.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
shillam :: SUES-LAPTOP [administrator]

Protection: Enabled

13/04/2012 09:19:07
mbam-log-2012-04-13 (09-19-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 244989
Time elapsed: 43 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 39
HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\ScreenSaverControl.ScreenSaverInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\ScreenSaverControl.ScreenSaverInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search| (Adware.Hotbar) -> Data: http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm824YYGB -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (PUP.MyWebSearch) -> Data: C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform|FunWebProducts (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

PAUL SHILLAM · 2012/04/13

very slow laptop

Here are a couple more of the logs you have requeste but I can't get DDS to run, I down load it to my desktop but when I double click on the dds icon I get a text box open with a messge saying this programe can not run in DOS mode and then a load of gobbly gook

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-13 10:36:06
-----------------------------
10:36:06.947 OS Version: Windows 6.0.6002 Service Pack 2
10:36:06.947 Number of processors: 2 586 0xF0D
10:36:06.955 ComputerName: SUES-LAPTOP UserName: shillam
10:36:11.959 Initialize success
10:36:28.757 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
10:36:28.767 Disk 0 Vendor: SAMSUNG_ HH10 Size: 152627MB BusType: 3
10:36:28.787 Disk 0 MBR read successfully
10:36:28.797 Disk 0 MBR scan
10:36:28.807 Disk 0 Windows VISTA default MBR code
10:36:28.817 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 117 MB offset 63
10:36:28.827 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 241664
10:36:28.847 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 139708 MB offset 21213184
10:36:28.857 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 307335168
10:36:28.907 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 307337216
10:36:28.917 Disk 0 scanning sectors +312578048
10:36:28.997 Disk 0 scanning C:\Windows\system32\drivers
10:36:41.666 Service scanning
10:37:09.613 Modules scanning
10:37:30.919 Disk 0 trace - called modules:
10:37:30.988 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
10:37:31.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b30e940]
10:37:31.016 3 CLASSPNP.SYS[8d7aa8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a40a030]
10:37:31.029 Scan finished successfully
10:38:52.272 Disk 0 MBR has been saved successfully to "C:\logs\MBR.dat "
10:38:52.288 The log file has been saved successfully to "C:\logs\aswMBR.txt "
.GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-04-13 10:31:13
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.HH10
Running: 82ue3ghj.exe; Driver: C:\Users\shillam\AppData\Local\Temp\pwliypoc.sys

---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8D44B498]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8D44B4AE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8D44B484]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Arie · 2012/04/13

You should have posted that as a reply to your original thread, not a new thread. I'll merge the two.

broni · 2012/04/13

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===========================================================

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

PAUL SHILLAM · 2012/04/14

TDSSKiller Log

Here is the TDSSKiller Log. Bye the way Microsoft word took four minutes to open this morning. The processor meter was showing lots of activity but task manager would not open until Word had opened and then it showed only Word running.

09:29:04.0784 7676 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
09:29:06.0790 7676 ============================================================
09:29:06.0791 7676 Current date / time: 2012/04/14 09:29:06.0790
09:29:06.0791 7676 SystemInfo:
09:29:06.0791 7676
09:29:06.0791 7676 OS Version: 6.0.6002 ServicePack: 2.0
09:29:06.0791 7676 Product type: Workstation
09:29:06.0791 7676 ComputerName: SUES-LAPTOP
09:29:06.0792 7676 UserName: shillam
09:29:06.0792 7676 Windows directory: C:\Windows
09:29:06.0792 7676 System windows directory: C:\Windows
09:29:06.0792 7676 Processor architecture: Intel x86
09:29:06.0792 7676 Number of processors: 2
09:29:06.0792 7676 Page size: 0x1000
09:29:06.0792 7676 Boot type: Normal boot
09:29:06.0792 7676 ============================================================
09:29:09.0503 7676 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:29:09.0509 7676 \Device\Harddisk0\DR0:
09:29:09.0509 7676 MBR used
09:29:09.0510 7676 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3B000, BlocksNum 0x1400000
09:29:09.0510 7676 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x143B000, BlocksNum 0x110DE000
09:29:09.0649 7676 Initialize success
09:29:09.0649 7676 ============================================================
09:29:26.0171 6596 ============================================================
09:29:26.0171 6596 Scan started
09:29:26.0171 6596 Mode: Manual;
09:29:26.0171 6596 ============================================================
09:29:27.0523 6596 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
09:29:27.0538 6596 ACPI - ok
09:29:27.0737 6596 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:29:27.0739 6596 AdobeARMservice - ok
09:29:27.0892 6596 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
09:29:27.0916 6596 adp94xx - ok
09:29:28.0013 6596 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
09:29:28.0027 6596 adpahci - ok
09:29:28.0082 6596 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
09:29:28.0096 6596 adpu160m - ok
09:29:28.0143 6596 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
09:29:28.0156 6596 adpu320 - ok
09:29:28.0274 6596 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
09:29:28.0284 6596 AeLookupSvc - ok
09:29:28.0344 6596 AESTFilters (ef1142512bec12f1c2c87735da1755be) C:\Windows\system32\aestsrv.exe
09:29:28.0454 6596 AESTFilters - ok
09:29:28.0564 6596 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
09:29:28.0933 6596 AFD - ok
09:29:29.0021 6596 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
09:29:29.0132 6596 agp440 - ok
09:29:29.0183 6596 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
09:29:29.0196 6596 aic78xx - ok
09:29:29.0235 6596 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
09:29:29.0243 6596 ALG - ok
09:29:29.0288 6596 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
09:29:29.0509 6596 aliide - ok
09:29:29.0565 6596 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
09:29:29.0676 6596 amdagp - ok
09:29:29.0725 6596 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
09:29:29.0934 6596 amdide - ok
09:29:29.0971 6596 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
09:29:29.0982 6596 AmdK7 - ok
09:29:30.0026 6596 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
09:29:30.0041 6596 AmdK8 - ok
09:29:30.0120 6596 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
09:29:30.0125 6596 Appinfo - ok
09:29:30.0271 6596 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:29:30.0389 6596 Apple Mobile Device - ok
09:29:30.0431 6596 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
09:29:30.0443 6596 arc - ok
09:29:30.0531 6596 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
09:29:30.0542 6596 arcsas - ok
09:29:30.0625 6596 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
09:29:30.0636 6596 AsyncMac - ok
09:29:30.0675 6596 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
09:29:30.0687 6596 atapi - ok
09:29:30.0784 6596 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
09:29:30.0802 6596 AudioEndpointBuilder - ok
09:29:30.0820 6596 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
09:29:30.0825 6596 Audiosrv - ok
09:29:30.0932 6596 Automatic LiveUpdate Scheduler - ok
09:29:31.0026 6596 b57nd60x (32795e299c3aba589a5e04c83d531cdf) C:\Windows\system32\DRIVERS\b57nd60x.sys
09:29:31.0132 6596 b57nd60x - ok
09:29:31.0174 6596 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
09:29:31.0186 6596 Beep - ok
09:29:31.0281 6596 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
09:29:31.0303 6596 BFE - ok
09:29:31.0417 6596 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
09:29:31.0431 6596 BITS - ok
09:29:31.0447 6596 blbdrive - ok
09:29:31.0593 6596 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
09:29:31.0731 6596 Bonjour Service - ok
09:29:31.0767 6596 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
09:29:31.0876 6596 bowser - ok
09:29:31.0968 6596 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
09:29:31.0983 6596 BrFiltLo - ok
09:29:32.0034 6596 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
09:29:32.0046 6596 BrFiltUp - ok
09:29:32.0098 6596 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
09:29:32.0113 6596 Browser - ok
09:29:32.0205 6596 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
09:29:32.0220 6596 Brserid - ok
09:29:32.0281 6596 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
09:29:32.0293 6596 BrSerWdm - ok
09:29:32.0349 6596 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
09:29:32.0355 6596 BrUsbMdm - ok
09:29:32.0405 6596 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
09:29:32.0416 6596 BrUsbSer - ok
09:29:32.0488 6596 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
09:29:32.0502 6596 BthEnum - ok
09:29:32.0597 6596 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
09:29:32.0610 6596 BTHMODEM - ok
09:29:32.0695 6596 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
09:29:32.0707 6596 BthPan - ok
09:29:32.0830 6596 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
09:29:33.0040 6596 BTHPORT - ok
09:29:33.0087 6596 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
09:29:33.0095 6596 BthServ - ok
09:29:33.0135 6596 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
09:29:33.0339 6596 BTHUSB - ok
09:29:33.0442 6596 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
09:29:33.0559 6596 btwaudio - ok
09:29:33.0636 6596 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
09:29:33.0851 6596 btwavdt - ok
09:29:33.0923 6596 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
09:29:34.0180 6596 btwrchid - ok
09:29:34.0269 6596 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
09:29:34.0279 6596 cdfs - ok
09:29:34.0365 6596 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
09:29:34.0380 6596 cdrom - ok
09:29:34.0471 6596 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
09:29:34.0477 6596 CertPropSvc - ok
09:29:34.0563 6596 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\Windows\system32\drivers\cfwids.sys
09:29:34.0721 6596 cfwids - ok
09:29:34.0778 6596 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
09:29:34.0787 6596 circlass - ok
09:29:34.0841 6596 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
09:29:34.0855 6596 CLFS - ok
09:29:34.0932 6596 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:29:34.0941 6596 clr_optimization_v2.0.50727_32 - ok
09:29:35.0080 6596 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:29:35.0215 6596 clr_optimization_v4.0.30319_32 - ok
09:29:35.0298 6596 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
09:29:35.0304 6596 CmBatt - ok
09:29:35.0354 6596 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
09:29:35.0571 6596 cmdide - ok
09:29:35.0606 6596 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
09:29:35.0613 6596 Compbatt - ok
09:29:35.0637 6596 COMSysApp - ok
09:29:35.0665 6596 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
09:29:35.0672 6596 crcdisk - ok
09:29:35.0721 6596 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
09:29:35.0733 6596 Crusoe - ok
09:29:35.0817 6596 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
09:29:35.0821 6596 CryptSvc - ok
09:29:35.0927 6596 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
09:29:35.0947 6596 DcomLaunch - ok
09:29:35.0998 6596 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
09:29:36.0111 6596 DfsC - ok
09:29:36.0242 6596 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
09:29:36.0301 6596 DFSR - ok
09:29:36.0405 6596 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
09:29:36.0414 6596 Dhcp - ok
09:29:36.0508 6596 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
09:29:36.0520 6596 disk - ok
09:29:36.0611 6596 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
09:29:36.0740 6596 Dnscache - ok
09:29:36.0814 6596 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
09:29:36.0828 6596 dot3svc - ok
09:29:36.0861 6596 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
09:29:36.0868 6596 DPS - ok
09:29:36.0944 6596 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
09:29:36.0958 6596 drmkaud - ok
09:29:37.0041 6596 DSBrokerService (245f62a2aa67f4a61f10174bf1017327) C:\Program Files\DellSupport\brkrsvc.exe
09:29:37.0154 6596 DSBrokerService - ok
09:29:37.0188 6596 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
09:29:37.0348 6596 DSproct - ok
09:29:37.0386 6596 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
09:29:37.0401 6596 dsunidrv - ok
09:29:37.0463 6596 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
09:29:37.0605 6596 DXGKrnl - ok
09:29:37.0709 6596 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
09:29:37.0727 6596 e1express - ok
09:29:37.0809 6596 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
09:29:37.0821 6596 E1G60 - ok
09:29:37.0891 6596 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
09:29:37.0907 6596 EapHost - ok
09:29:38.0013 6596 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
09:29:38.0028 6596 Ecache - ok
09:29:38.0086 6596 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
09:29:38.0109 6596 ehRecvr - ok
09:29:38.0147 6596 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
09:29:38.0158 6596 ehSched - ok
09:29:38.0176 6596 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
09:29:38.0183 6596 ehstart - ok
09:29:38.0276 6596 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
09:29:38.0292 6596 elxstor - ok
09:29:38.0367 6596 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
09:29:38.0394 6596 EMDMgmt - ok
09:29:38.0481 6596 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
09:29:38.0490 6596 EventSystem - ok
09:29:38.0595 6596 ew_hwusbdev (57c171ea22f0a7f068fcb0caedd1e8e7) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
09:29:38.0832 6596 ew_hwusbdev - ok
09:29:38.0938 6596 ew_usbenumfilter (61a973f60e94a551ba7b15f3460444fb) C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
09:29:39.0048 6596 ew_usbenumfilter - ok
09:29:39.0148 6596 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
09:29:39.0158 6596 exfat - ok
09:29:39.0218 6596 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
09:29:39.0238 6596 fastfat - ok
09:29:39.0338 6596 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
09:29:39.0348 6596 fdc - ok
09:29:39.0388 6596 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
09:29:39.0398 6596 fdPHost - ok
09:29:39.0458 6596 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
09:29:39.0458 6596 FDResPub - ok
09:29:39.0508 6596 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
09:29:39.0508 6596 FileInfo - ok
09:29:39.0568 6596 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
09:29:39.0568 6596 Filetrace - ok
09:29:39.0628 6596 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
09:29:39.0638 6596 flpydisk - ok
09:29:39.0698 6596 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
09:29:39.0708 6596 FltMgr - ok
09:29:39.0868 6596 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
09:29:39.0971 6596 FontCache - ok
09:29:40.0035 6596 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:29:40.0048 6596 FontCache3.0.0.0 - ok
09:29:40.0145 6596 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
09:29:40.0353 6596 fssfltr - ok
09:29:40.0491 6596 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
09:29:40.0678 6596 fsssvc - ok
09:29:40.0712 6596 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
09:29:40.0857 6596 Fs_Rec - ok
09:29:40.0925 6596 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
09:29:40.0931 6596 gagp30kx - ok
09:29:40.0981 6596 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:29:41.0122 6596 GEARAspiWDM - ok
09:29:41.0254 6596 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
09:29:41.0379 6596 GoogleDesktopManager-051210-111108 - ok
09:29:41.0486 6596 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
09:29:41.0516 6596 gpsvc - ok
09:29:41.0634 6596 gupdate1c989f51756a7fd (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
09:29:41.0638 6596 gupdate1c989f51756a7fd - ok
09:29:41.0694 6596 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
09:29:41.0697 6596 gupdatem - ok
09:29:41.0777 6596 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:29:41.0781 6596 gusvc - ok
09:29:41.0876 6596 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
09:29:41.0896 6596 HdAudAddService - ok
09:29:41.0949 6596 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:29:41.0976 6596 HDAudBus - ok
09:29:42.0020 6596 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
09:29:42.0033 6596 HidBth - ok
09:29:42.0086 6596 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
09:29:42.0096 6596 HidIr - ok
09:29:42.0155 6596 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
09:29:42.0163 6596 hidserv - ok
09:29:42.0200 6596 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
09:29:42.0211 6596 HidUsb - ok
09:29:42.0256 6596 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
09:29:42.0268 6596 hkmsvc - ok
09:29:42.0317 6596 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
09:29:42.0325 6596 HpCISSs - ok
09:29:42.0394 6596 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
09:29:42.0452 6596 HTTP - ok
09:29:42.0525 6596 huawei_cdcacm (fb572c3fc151c308d1dc3a99954d97b7) C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
09:29:42.0667 6596 huawei_cdcacm - ok
09:29:42.0742 6596 huawei_cdcecm (13ccffa7722d7cfc97941f676adf3c42) C:\Windows\system32\DRIVERS\ew_jucdcecm.sys
09:29:42.0883 6596 huawei_cdcecm - ok
09:29:43.0034 6596 huawei_enumerator (00b363d211909fb85bc6300a3214ac03) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
09:29:43.0139 6596 huawei_enumerator - ok
09:29:43.0249 6596 huawei_ext_ctrl (7b1ded0be9a4203857ab0ded695983e6) C:\Windows\system32\DRIVERS\ew_juextctrl.sys
09:29:43.0354 6596 huawei_ext_ctrl - ok
09:29:43.0409 6596 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
09:29:43.0417 6596 i2omp - ok
09:29:43.0500 6596 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
09:29:43.0512 6596 i8042prt - ok
09:29:43.0568 6596 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
09:29:43.0572 6596 iaStor - ok
09:29:43.0610 6596 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
09:29:43.0624 6596 iaStorV - ok
09:29:43.0804 6596 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
09:29:43.0829 6596 IDriverT - ok
09:29:43.0963 6596 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:29:43.0996 6596 idsvc - ok
09:29:44.0111 6596 igfx (f7ecd4b9e7fad4a01a0ed889d40e2494) C:\Windows\system32\DRIVERS\igdkmd32.sys
09:29:44.0230 6596 igfx - ok
09:29:44.0284 6596 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
09:29:44.0297 6596 iirsp - ok
09:29:44.0355 6596 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
09:29:44.0376 6596 IKEEXT - ok
09:29:44.0450 6596 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys
09:29:44.0660 6596 intelide - ok
09:29:44.0731 6596 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
09:29:44.0743 6596 intelppm - ok
09:29:44.0786 6596 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
09:29:44.0801 6596 IPBusEnum - ok
09:29:44.0847 6596 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:29:44.0858 6596 IpFilterDriver - ok
09:29:44.0919 6596 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
09:29:44.0936 6596 iphlpsvc - ok
09:29:44.0953 6596 IpInIp - ok
09:29:44.0996 6596 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
09:29:45.0013 6596 IPMIDRV - ok
09:29:45.0078 6596 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
09:29:45.0088 6596 IPNAT - ok
09:29:45.0220 6596 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
09:29:45.0389 6596 iPod Service - ok
09:29:45.0428 6596 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
09:29:45.0441 6596 IRENUM - ok
09:29:45.0487 6596 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
09:29:45.0625 6596 isapnp - ok
09:29:45.0701 6596 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
09:29:45.0731 6596 iScsiPrt - ok
09:29:45.0789 6596 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
09:29:45.0801 6596 iteatapi - ok
09:29:45.0834 6596 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
09:29:45.0846 6596 iteraid - ok
09:29:45.0904 6596 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:29:45.0913 6596 kbdclass - ok
09:29:45.0952 6596 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
09:29:45.0964 6596 kbdhid - ok
09:29:46.0008 6596 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
09:29:46.0012 6596 KeyIso - ok
09:29:46.0073 6596 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
09:29:46.0256 6596 KSecDD - ok
09:29:46.0337 6596 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
09:29:46.0365 6596 KtmRm - ok
09:29:46.0456 6596 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
09:29:46.0463 6596 LanmanServer - ok
09:29:46.0544 6596 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
09:29:46.0565 6596 LanmanWorkstation - ok
09:29:46.0688 6596 LBTServ (80caf1fdebe4e2cdea021bc55cc4c1de) C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
09:29:46.0850 6596 LBTServ - ok
09:29:46.0975 6596 LHidFilt (75415a95c589a07d6c97baa2d4143916) C:\Windows\system32\DRIVERS\LHidFilt.Sys
09:29:47.0130 6596 LHidFilt - ok
09:29:47.0243 6596 LiveUpdate - ok
09:29:47.0322 6596 LiveUpdate Notice Ex - ok
09:29:47.0446 6596 LiveUpdate Notice Service (2d1389e05a807d956829f44bd4b60389) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
09:29:47.0455 6596 LiveUpdate Notice Service - ok
09:29:47.0498 6596 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
09:29:47.0510 6596 lltdio - ok
09:29:47.0572 6596 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
09:29:47.0587 6596 lltdsvc - ok
09:29:47.0655 6596 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
09:29:47.0671 6596 lmhosts - ok
09:29:47.0733 6596 LMouFilt (fcb3f81ac07b8608f921134237823b88) C:\Windows\system32\DRIVERS\LMouFilt.Sys
09:29:47.0842 6596 LMouFilt - ok
09:29:47.0920 6596 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
09:29:47.0951 6596 LSI_FC - ok
09:29:48.0007 6596 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
09:29:48.0027 6596 LSI_SAS - ok
09:29:48.0077 6596 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
09:29:48.0087 6596 LSI_SCSI - ok
09:29:48.0127 6596 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
09:29:48.0137 6596 luafv - ok
09:29:48.0267 6596 lxdjCATSCustConnectService (3de4aa76fbf0674a19af81ddb53ad2a4) C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdjserv.exe
09:29:48.0437 6596 lxdjCATSCustConnectService - ok
09:29:48.0457 6596 lxdj_device - ok
09:29:48.0517 6596 massfilter - ok
09:29:48.0617 6596 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
09:29:48.0857 6596 MBAMProtector - ok
09:29:49.0027 6596 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:29:49.0037 6596 MBAMService - ok
09:29:49.0187 6596 McAfee SiteAdvisor Service (6c3d154fff0a97a6c3d9f78d60c41655) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
09:29:49.0307 6596 McAfee SiteAdvisor Service - ok
09:29:49.0457 6596 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
09:29:49.0587 6596 McComponentHostService - ok
09:29:49.0747 6596 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
09:29:49.0757 6596 McMPFSvc - ok
09:29:49.0807 6596 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
09:29:49.0817 6596 mcmscsvc - ok
09:29:49.0827 6596 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
09:29:49.0837 6596 McNaiAnn - ok
09:29:49.0877 6596 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
09:29:49.0877 6596 McNASvc - ok
09:29:49.0967 6596 McODS (e8c5aae17e8332f5f4f57935238cd5eb) C:\Program Files\McAfee\VirusScan\mcods.exe
09:29:50.0127 6596 McODS - ok
09:29:50.0187 6596 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
09:29:50.0197 6596 McProxy - ok
09:29:50.0297 6596 McShield (16767b4cb7ae8f388e091717db34ff6c) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
09:29:50.0307 6596 McShield - ok
09:29:50.0437 6596 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
09:29:50.0447 6596 Mcx2Svc - ok
09:29:50.0557 6596 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
09:29:50.0567 6596 megasas - ok
09:29:50.0657 6596 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\Windows\system32\drivers\mfeapfk.sys
09:29:50.0657 6596 mfeapfk - ok
09:29:50.0757 6596 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\Windows\system32\drivers\mfeavfk.sys
09:29:50.0907 6596 mfeavfk - ok
09:29:50.0987 6596 mfeavfk01 - ok
09:29:51.0037 6596 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\Windows\system32\drivers\mfebopk.sys
09:29:51.0037 6596 mfebopk - ok
09:29:51.0177 6596 mfefire (3f17534b8867854113df2b45fff3acf5) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
09:29:51.0297 6596 mfefire - ok
09:29:51.0407 6596 mfefirek (215666a8a85023ef019b510cbb67f678) C:\Windows\system32\drivers\mfefirek.sys
09:29:51.0537 6596 mfefirek - ok
09:29:51.0657 6596 mfehidk (56d330981866a72f061dd16cc5004513) C:\Windows\system32\drivers\mfehidk.sys
09:29:51.0945 6596 mfehidk - ok
09:29:52.0008 6596 mfenlfk (b41bacc049cdb916a52b1448bf30d6ab) C:\Windows\system32\DRIVERS\mfenlfk.sys
09:29:52.0125 6596 mfenlfk - ok
09:29:52.0212 6596 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\Windows\system32\drivers\mferkdet.sys
09:29:52.0330 6596 mferkdet - ok
09:29:52.0422 6596 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
09:29:52.0545 6596 mferkdk - ok
09:29:52.0656 6596 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
09:29:52.0773 6596 mfesmfk - ok
09:29:52.0882 6596 mfevtp (ad52269897626d614b31e153f5c5d65c) C:\Windows\system32\mfevtps.exe
09:29:52.0999 6596 mfevtp - ok
09:29:53.0090 6596 mfewfpk (c2ff7473a60c0fb2df145ab686889653) C:\Windows\system32\drivers\mfewfpk.sys
09:29:53.0215 6596 mfewfpk - ok
09:29:53.0266 6596 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
09:29:53.0279 6596 MMCSS - ok
09:29:53.0320 6596 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
09:29:53.0332 6596 Modem - ok
09:29:53.0426 6596 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
09:29:53.0434 6596 monitor - ok
09:29:53.0478 6596 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
09:29:53.0485 6596 mouclass - ok
09:29:53.0528 6596 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
09:29:53.0540 6596 mouhid - ok
09:29:53.0588 6596 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
09:29:53.0595 6596 MountMgr - ok
09:29:53.0649 6596 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
09:29:53.0658 6596 mpio - ok
09:29:53.0705 6596 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
09:29:53.0719 6596 mpsdrv - ok
09:29:53.0786 6596 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
09:29:53.0795 6596 MpsSvc - ok
09:29:53.0886 6596 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
09:29:53.0898 6596 Mraid35x - ok
09:29:53.0955 6596 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
09:29:53.0966 6596 MRxDAV - ok
09:29:54.0017 6596 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:29:54.0254 6596 mrxsmb - ok
09:29:54.0309 6596 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:29:54.0558 6596 mrxsmb10 - ok
09:29:54.0605 6596 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:29:54.0811 6596 mrxsmb20 - ok
09:29:54.0841 6596 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
09:29:55.0087 6596 msahci - ok
09:29:55.0146 6596 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
09:29:55.0161 6596 msdsm - ok
09:29:55.0236 6596 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
09:29:55.0254 6596 MSDTC - ok
09:29:55.0337 6596 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
09:29:55.0349 6596 Msfs - ok
09:29:55.0435 6596 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
09:29:55.0442 6596 msisadrv - ok
09:29:55.0491 6596 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
09:29:55.0508 6596 MSiSCSI - ok
09:29:55.0525 6596 msiserver - ok
09:29:55.0639 6596 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
09:29:55.0651 6596 MSKSSRV - ok
09:29:55.0717 6596 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
09:29:55.0722 6596 MSPCLOCK - ok
09:29:55.0774 6596 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
09:29:55.0785 6596 MSPQM - ok
09:29:55.0832 6596 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
09:29:55.0846 6596 MsRPC - ok
09:29:55.0884 6596 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
09:29:55.0892 6596 mssmbios - ok
09:29:55.0949 6596 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
09:29:55.0959 6596 MSTEE - ok
09:29:55.0979 6596 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
09:29:55.0993 6596 Mup - ok
09:29:56.0068 6596 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
09:29:56.0076 6596 napagent - ok
09:29:56.0109 6596 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
09:29:56.0123 6596 NativeWifiP - ok
09:29:56.0183 6596 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
09:29:56.0207 6596 NDIS - ok
09:29:56.0260 6596 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
09:29:56.0266 6596 NdisTapi - ok
09:29:56.0310 6596 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
09:29:56.0323 6596 Ndisuio - ok
09:29:56.0350 6596 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
09:29:56.0364 6596 NdisWan - ok
09:29:56.0413 6596 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
09:29:56.0422 6596 NDProxy - ok
09:29:56.0464 6596 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
09:29:56.0476 6596 NetBIOS - ok
09:29:56.0536 6596 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
09:29:56.0548 6596 netbt - ok
09:29:56.0583 6596 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
09:29:56.0587 6596 Netlogon - ok
09:29:56.0640 6596 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
09:29:56.0662 6596 Netman - ok
09:29:56.0713 6596 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
09:29:56.0720 6596 netprofm - ok
09:29:56.0800 6596 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:29:56.0809 6596 NetTcpPortSharing - ok
09:29:56.0956 6596 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
09:29:57.0144 6596 NETw4v32 - ok
09:29:57.0211 6596 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
09:29:57.0224 6596 nfrd960 - ok
09:29:57.0278 6596 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
09:29:57.0285 6596 NlaSvc - ok
09:29:57.0374 6596 nmwcd (f6c40e0a565ee3ce5aeeb325e10054f2) C:\Windows\system32\drivers\ccdcmb.sys
09:29:57.0485 6596 nmwcd - ok
09:29:57.0560 6596 nmwcdc (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\Windows\system32\drivers\ccdcmbo.sys
09:29:57.0666 6596 nmwcdc - ok
09:29:57.0725 6596 nmwcdnsu (99b224f8026cb534724aa3c408561e45) C:\Windows\system32\drivers\nmwcdnsu.sys
09:29:57.0977 6596 nmwcdnsu - ok
09:29:58.0013 6596 nmwcdnsuc (d23257682d349a5e2e4507ed33decc16) C:\Windows\system32\drivers\nmwcdnsuc.sys
09:29:58.0214 6596 nmwcdnsuc - ok
09:29:58.0264 6596 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
09:29:58.0270 6596 Npfs - ok
09:29:58.0333 6596 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
09:29:58.0348 6596 nsi - ok
09:29:58.0395 6596 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
09:29:58.0401 6596 nsiproxy - ok
09:29:58.0470 6596 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
09:29:58.0515 6596 Ntfs - ok
09:29:58.0561 6596 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
09:29:58.0573 6596 ntrigdigi - ok
09:29:58.0622 6596 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
09:29:58.0634 6596 Null - ok
09:29:58.0687 6596 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
09:29:58.0699 6596 nvraid - ok
09:29:58.0756 6596 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
09:29:58.0770 6596 nvstor - ok
09:29:58.0833 6596 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
09:29:58.0947 6596 nv_agp - ok
09:29:58.0976 6596 NwlnkFlt - ok
09:29:59.0012 6596 NwlnkFwd - ok
09:29:59.0112 6596 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:29:59.0278 6596 odserv - ok
09:29:59.0363 6596 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
09:29:59.0474 6596 OEM02Dev - ok
09:29:59.0526 6596 OEM02Vfx (

PAUL SHILLAM · 2012/04/14

It86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
09:29:59.0628 6596 OEM02Vfx - ok
09:29:59.0729 6596 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
09:29:59.0737 6596 ohci1394 - ok
09:29:59.0841 6596 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:29:59.0955 6596 ose - ok
09:30:00.0026 6596 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
09:30:00.0062 6596 p2pimsvc - ok
09:30:00.0087 6596 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
09:30:00.0101 6596 p2psvc - ok
09:30:00.0152 6596 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
09:30:00.0162 6596 Parport - ok
09:30:00.0210 6596 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
09:30:00.0219 6596 partmgr - ok
09:30:00.0275 6596 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
09:30:00.0284 6596 Parvdm - ok
09:30:00.0350 6596 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
09:30:00.0362 6596 PcaSvc - ok
09:30:00.0420 6596 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
09:30:00.0557 6596 pccsmcfd - ok
09:30:00.0632 6596 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
09:30:00.0644 6596 pci - ok
09:30:00.0674 6596 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
09:30:00.0684 6596 pciide - ok
09:30:00.0739 6596 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
09:30:00.0753 6596 pcmcia - ok
09:30:00.0839 6596 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
09:30:00.0876 6596 PEAUTH - ok
09:30:00.0997 6596 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
09:30:01.0050 6596 pla - ok
09:30:01.0086 6596 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
09:30:01.0107 6596 PlugPlay - ok
09:30:01.0173 6596 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
09:30:01.0186 6596 PNRPAutoReg - ok
09:30:01.0214 6596 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
09:30:01.0227 6596 PNRPsvc - ok
09:30:01.0314 6596 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
09:30:01.0334 6596 PolicyAgent - ok
09:30:01.0402 6596 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
09:30:01.0420 6596 PptpMiniport - ok
09:30:01.0489 6596 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
09:30:01.0500 6596 Processor - ok
09:30:01.0565 6596 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
09:30:01.0579 6596 ProfSvc - ok
09:30:01.0634 6596 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
09:30:01.0638 6596 ProtectedStorage - ok
09:30:01.0683 6596 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
09:30:01.0688 6596 PSched - ok
09:30:01.0775 6596 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
09:30:01.0888 6596 PxHelp20 - ok
09:30:02.0014 6596 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
09:30:02.0051 6596 ql2300 - ok
09:30:02.0107 6596 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
09:30:02.0115 6596 ql40xx - ok
09:30:02.0179 6596 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
09:30:02.0203 6596 QWAVE - ok
09:30:02.0248 6596 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
09:30:02.0257 6596 QWAVEdrv - ok
09:30:02.0386 6596 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
09:30:02.0445 6596 R300 - ok
09:30:02.0654 6596 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_34302.sys
09:30:02.0866 6596 RapportCerberus_34302 - ok
09:30:03.0019 6596 RapportEI (43b9aa1423bf54367c5a3de1559780e8) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
09:30:03.0287 6596 RapportEI - ok
09:30:03.0462 6596 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
09:30:03.0585 6596 RapportIaso - ok
09:30:03.0779 6596 RapportKELL (118600ab8f15fe27f2c865f3fb4efa58) C:\Windows\system32\Drivers\RapportKELL.sys
09:30:04.0091 6596 RapportKELL - ok
09:30:04.0209 6596 RapportMgmtService (d9ef54568fafcb4be4637068e768409a) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
09:30:04.0381 6596 RapportMgmtService - ok
09:30:04.0473 6596 RapportPG (4af05a67b643a5190dfcbb793273e0bc) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
09:30:04.0693 6596 RapportPG - ok
09:30:04.0742 6596 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
09:30:04.0752 6596 RasAcd - ok
09:30:04.0807 6596 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
09:30:04.0821 6596 RasAuto - ok
09:30:04.0862 6596 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:30:04.0875 6596 Rasl2tp - ok
09:30:04.0965 6596 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
09:30:04.0988 6596 RasMan - ok
09:30:05.0025 6596 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
09:30:05.0035 6596 RasPppoe - ok
09:30:05.0076 6596 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
09:30:05.0090 6596 RasSstp - ok
09:30:05.0143 6596 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
09:30:05.0161 6596 rdbss - ok
09:30:05.0206 6596 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:30:05.0212 6596 RDPCDD - ok
09:30:05.0290 6596 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
09:30:05.0403 6596 rdpdr - ok
09:30:05.0447 6596 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
09:30:05.0458 6596 RDPENCDD - ok
09:30:05.0523 6596 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
09:30:05.0738 6596 RDPWD - ok
09:30:05.0831 6596 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
09:30:05.0845 6596 RemoteAccess - ok
09:30:05.0892 6596 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
09:30:05.0907 6596 RemoteRegistry - ok
09:30:05.0940 6596 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
09:30:05.0956 6596 RFCOMM - ok
09:30:06.0001 6596 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
09:30:06.0021 6596 rimmptsk - ok
09:30:06.0060 6596 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
09:30:06.0375 6596 rimsptsk - ok
09:30:06.0438 6596 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
09:30:06.0635 6596 rismxdp - ok
09:30:06.0755 6596 RoxMediaDB9 (ebcde8b48fadc6479d96a56d0a432160) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
09:30:06.0925 6596 RoxMediaDB9 - ok
09:30:06.0965 6596 RoxWatch9 (ab2b1de1c8f31efce2384b14b3dc4260) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
09:30:07.0135 6596 RoxWatch9 - ok
09:30:07.0205 6596 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
09:30:07.0225 6596 RpcLocator - ok
09:30:07.0285 6596 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
09:30:07.0295 6596 RpcSs - ok
09:30:07.0425 6596 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
09:30:07.0435 6596 rspndr - ok
09:30:07.0465 6596 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
09:30:07.0475 6596 SamSs - ok
09:30:07.0545 6596 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
09:30:07.0555 6596 sbp2port - ok
09:30:07.0645 6596 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
09:30:07.0655 6596 SCardSvr - ok
09:30:07.0715 6596 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
09:30:07.0855 6596 Schedule - ok
09:30:07.0905 6596 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
09:30:07.0915 6596 SCPolicySvc - ok
09:30:07.0965 6596 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
09:30:07.0975 6596 sdbus - ok
09:30:08.0014 6596 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
09:30:08.0027 6596 SDRSVC - ok
09:30:08.0101 6596 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
09:30:08.0227 6596 SeaPort - ok
09:30:08.0273 6596 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:30:08.0280 6596 secdrv - ok
09:30:08.0326 6596 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
09:30:08.0341 6596 seclogon - ok
09:30:08.0388 6596 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
09:30:08.0401 6596 SENS - ok
09:30:08.0437 6596 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
09:30:08.0448 6596 Serenum - ok
09:30:08.0498 6596 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
09:30:08.0518 6596 Serial - ok
09:30:08.0590 6596 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
09:30:08.0597 6596 sermouse - ok
09:30:08.0735 6596 ServiceLayer (f31e9531af225ca25350d5e87e999b31) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
09:30:08.0901 6596 ServiceLayer - ok
09:30:08.0979 6596 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
09:30:08.0991 6596 SessionEnv - ok
09:30:09.0038 6596 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
09:30:09.0045 6596 sffdisk - ok
09:30:09.0116 6596 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
09:30:09.0245 6596 sffp_mmc - ok
09:30:09.0327 6596 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
09:30:09.0340 6596 sffp_sd - ok
09:30:09.0387 6596 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
09:30:09.0398 6596 sfloppy - ok
09:30:09.0595 6596 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
09:30:09.0765 6596 SftService - ok
09:30:09.0815 6596 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
09:30:09.0833 6596 SharedAccess - ok
09:30:09.0889 6596 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
09:30:10.0016 6596 ShellHWDetection - ok
09:30:10.0132 6596 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
09:30:10.0233 6596 sisagp - ok
09:30:10.0273 6596 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
09:30:10.0293 6596 SiSRaid2 - ok
09:30:10.0343 6596 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
09:30:10.0363 6596 SiSRaid4 - ok
09:30:10.0513 6596 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
09:30:10.0613 6596 slsvc - ok
09:30:10.0663 6596 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
09:30:10.0673 6596 SLUINotify - ok
09:30:10.0723 6596 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
09:30:10.0733 6596 Smb - ok
09:30:10.0803 6596 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
09:30:10.0813 6596 SNMPTRAP - ok
09:30:10.0893 6596 Sony SCSI Helper Service (3bb48f7e33c2b76184ddf233000c09cd) C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
09:30:11.0063 6596 Sony SCSI Helper Service - ok
09:30:11.0123 6596 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
09:30:11.0133 6596 spldr - ok
09:30:11.0183 6596 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
09:30:11.0293 6596 Spooler - ok
09:30:11.0443 6596 sprtsvc_dellsupportcenter - ok
09:30:11.0503 6596 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
09:30:11.0763 6596 srv - ok
09:30:11.0853 6596 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
09:30:12.0063 6596 srv2 - ok
09:30:12.0123 6596 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
09:30:12.0273 6596 srvnet - ok
09:30:12.0333 6596 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
09:30:12.0343 6596 SSDPSRV - ok
09:30:12.0443 6596 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
09:30:12.0463 6596 SstpSvc - ok
09:30:12.0553 6596 STacSV (799aa3e04879b3fed31ecea02b1caa9a) C:\Windows\system32\STacSV.exe
09:30:12.0693 6596 STacSV - ok
09:30:12.0783 6596 STHDA (5af135b2e2097d4494b9067ce84e2665) C:\Windows\system32\drivers\stwrt.sys
09:30:13.0028 6596 STHDA - ok
09:30:13.0087 6596 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
09:30:13.0112 6596 stisvc - ok
09:30:13.0213 6596 stllssvr (51778fd315c9882f1cbd932743e62a72) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
09:30:13.0332 6596 stllssvr - ok
09:30:13.0388 6596 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
09:30:13.0396 6596 swenum - ok
09:30:13.0582 6596 SwiCardDetectSvc (9507e7c896fabfb2e89c6e49400f6c4e) C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
09:30:13.0705 6596 SwiCardDetectSvc - ok
09:30:13.0758 6596 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
09:30:13.0769 6596 swprv - ok
09:30:13.0844 6596 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
09:30:13.0854 6596 Symc8xx - ok
09:30:13.0913 6596 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
09:30:13.0922 6596 Sym_hi - ok
09:30:13.0990 6596 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
09:30:14.0000 6596 Sym_u3 - ok
09:30:14.0067 6596 SynTP (dd17b63f26430e179ef6bdef5ac735bd) C:\Windows\system32\DRIVERS\SynTP.sys
09:30:14.0193 6596 SynTP - ok
09:30:14.0255 6596 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
09:30:14.0285 6596 SysMain - ok
09:30:14.0333 6596 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
09:30:14.0351 6596 TabletInputService - ok
09:30:14.0397 6596 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
09:30:14.0418 6596 TapiSrv - ok
09:30:14.0460 6596 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
09:30:14.0473 6596 TBS - ok
09:30:14.0556 6596 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
09:30:14.0736 6596 Tcpip - ok
09:30:14.0792 6596 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
09:30:14.0805 6596 Tcpip6 - ok
09:30:14.0859 6596 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
09:30:14.0871 6596 tcpipreg - ok
09:30:14.0926 6596 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
09:30:14.0936 6596 TDPIPE - ok
09:30:15.0011 6596 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
09:30:15.0023 6596 TDTCP - ok
09:30:15.0089 6596 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
09:30:15.0102 6596 tdx - ok
09:30:15.0144 6596 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
09:30:15.0158 6596 TermDD - ok
09:30:15.0210 6596 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
09:30:15.0239 6596 TermService - ok
09:30:15.0292 6596 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
09:30:15.0301 6596 Themes - ok
09:30:15.0343 6596 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
09:30:15.0347 6596 THREADORDER - ok
09:30:15.0409 6596 tosrfbd (eaeddb6c8bbe3e1b753753c2e847fecb) C:\Windows\system32\DRIVERS\tosrfbd.sys
09:30:15.0679 6596 tosrfbd - ok
09:30:15.0736 6596 tosrfusb (18dfe8b766af237119537a12e8401ebf) C:\Windows\system32\DRIVERS\tosrfusb.sys
09:30:15.0976 6596 tosrfusb - ok
09:30:16.0040 6596 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
09:30:16.0059 6596 TrkWks - ok
09:30:16.0112 6596 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
09:30:16.0120 6596 TrustedInstaller - ok
09:30:16.0182 6596 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:30:16.0194 6596 tssecsrv - ok
09:30:16.0275 6596 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
09:30:16.0284 6596 tunmp - ok
09:30:16.0330 6596 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
09:30:16.0344 6596 tunnel - ok
09:30:16.0399 6596 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
09:30:16.0411 6596 uagp35 - ok
09:30:16.0455 6596 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
09:30:16.0475 6596 udfs - ok
09:30:16.0527 6596 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
09:30:16.0542 6596 UI0Detect - ok
09:30:16.0584 6596 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
09:30:16.0697 6596 uliagpkx - ok
09:30:16.0770 6596 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
09:30:16.0786 6596 uliahci - ok
09:30:16.0841 6596 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
09:30:16.0856 6596 UlSata - ok
09:30:16.0916 6596 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
09:30:16.0928 6596 ulsata2 - ok
09:30:16.0980 6596 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
09:30:16.0991 6596 umbus - ok
09:30:17.0050 6596 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
09:30:17.0067 6596 upnphost - ok
09:30:17.0109 6596 upperdev (47f5f9d837d80ffd5882a14db9da0a67) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
09:30:17.0251 6596 upperdev - ok
09:30:17.0391 6596 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
09:30:17.0671 6596 USBAAPL - ok
09:30:17.0742 6596 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
09:30:17.0756 6596 usbccgp - ok
09:30:17.0803 6596 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
09:30:17.0814 6596 usbcir - ok
09:30:17.0896 6596 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
09:30:17.0905 6596 usbehci - ok
09:30:17.0957 6596 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
09:30:17.0974 6596 usbhub - ok
09:30:18.0035 6596 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
09:30:18.0043 6596 usbohci - ok
09:30:18.0115 6596 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
09:30:18.0134 6596 usbprint - ok
09:30:18.0248 6596 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
09:30:18.0258 6596 usbscan - ok
09:30:18.0317 6596 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\DRIVERS\usbser.sys
09:30:18.0325 6596 usbser - ok
09:30:18.0378 6596 UsbserFilt (e44f0d17be0908b58dcc99ccb99c6c32) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
09:30:18.0484 6596 UsbserFilt - ok
09:30:18.0557 6596 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:30:18.0568 6596 USBSTOR - ok
09:30:18.0621 6596 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
09:30:18.0633 6596 usbuhci - ok
09:30:18.0686 6596 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
09:30:18.0697 6596 UxSms - ok
09:30:18.0753 6596 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
09:30:18.0781 6596 vds - ok
09:30:18.0839 6596 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
09:30:18.0851 6596 vga - ok
09:30:18.0913 6596 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
09:30:18.0927 6596 VgaSave - ok
09:30:18.0982 6596 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
09:30:19.0117 6596 viaagp - ok
09:30:19.0184 6596 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
09:30:19.0195 6596 ViaC7 - ok
09:30:19.0263 6596 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
09:30:19.0511 6596 viaide - ok
09:30:19.0750 6596 VmbService (8c267b305216e38376d7fc32203c7ea0) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
09:30:19.0879 6596 VmbService - ok
09:30:19.0995 6596 vodafone_K3805-z_dc_enum (381ba57c1ee2ab1bafcb4a6035cc305f) C:\Windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys
09:30:20.0164 6596 vodafone_K3805-z_dc_enum - ok
09:30:20.0233 6596 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
09:30:20.0245 6596 volmgr - ok
09:30:20.0301 6596 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
09:30:20.0316 6596 volmgrx - ok
09:30:20.0381 6596 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
09:30:20.0395 6596 volsnap - ok
09:30:20.0515 6596 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
09:30:20.0527 6596 vsmraid - ok
09:30:20.0620 6596 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
09:30:20.0657 6596 VSS - ok
09:30:20.0725 6596 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
09:30:20.0742 6596 W32Time - ok
09:30:20.0796 6596 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
09:30:20.0802 6596 WacomPen - ok
09:30:20.0857 6596 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:30:20.0872 6596 Wanarp - ok
09:30:20.0885 6596 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:30:20.0888 6596 Wanarpv6 - ok
09:30:20.0938 6596 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
09:30:20.0961 6596 wcncsvc - ok
09:30:20.0997 6596 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
09:30:21.0014 6596 WcsPlugInService - ok
09:30:21.0077 6596 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
09:30:21.0088 6596 Wd - ok
09:30:21.0156 6596 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
09:30:21.0195 6596 Wdf01000 - ok
09:30:21.0249 6596 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
09:30:21.0264 6596 WdiServiceHost - ok
09:30:21.0273 6596 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
09:30:21.0281 6596 WdiSystemHost - ok
09:30:21.0340 6596 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
09:30:21.0359 6596 WebClient - ok
09:30:21.0419 6596 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
09:30:21.0513 6596 Wecsvc - ok
09:30:21.0560 6596 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
09:30:21.0575 6596 wercplsupport - ok
09:30:21.0653 6596 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
09:30:21.0653 6596 WerSvc - ok
09:30:21.0720 6596 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
09:30:21.0750 6596 WimFltr - ok
09:30:21.0830 6596 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
09:30:21.0850 6596 WinDefend - ok
09:30:21.0870 6596 WinHttpAutoProxySvc - ok
09:30:21.0950 6596 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
09:30:21.0960 6596 Winmgmt - ok
09:30:22.0040 6596 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
09:30:22.0220 6596 WinRM - ok
09:30:22.0310 6596 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
09:30:22.0340 6596 Wlansvc - ok
09:30:22.0510 6596 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:30:22.0660 6596 wlcrasvc - ok
09:30:22.0800 6596 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:30:22.0960 6596 wlidsvc - ok
09:30:23.0130 6596 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:30:23.0140 6596 WmiAcpi - ok
09:30:23.0220 6596 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
09:30:23.0240 6596 wmiApSrv - ok
09:30:23.0330 6596 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
09:30:23.0360 6596 WMPNetworkSvc - ok
09:30:23.0410 6596 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
09:30:23.0420 6596 WPCSvc - ok
09:30:23.0470 6596 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
09:30:23.0490 6596 WPDBusEnum - ok
09:30:23.0580 6596 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
09:30:23.0590 6596 WpdUsb - ok
09:30:23.0760 6596 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:30:23.0960 6596 WPFFontCache_v0400 - ok
09:30:24.0030 6596 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
09:30:24.0060 6596 ws2ifsl - ok
09:30:24.0130 6596 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
09:30:24.0140 6596 wscsvc - ok
09:30:24.0160 6596 WSearch - ok
09:30:24.0290 6596 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
09:30:24.0350 6596 wuauserv - ok
09:30:24.0400 6596 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
09:30:24.0430 6596 WudfPf - ok
09:30:24.0500 6596 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:30:24.0510 6596 WUDFRd - ok
09:30:24.0570 6596 wudfsvc (2c0206ff8d2c75ac027d1096fa2fafda) C:\Windows\System32\WUDFSvc.dll
09:30:24.0700 6596 wudfsvc - ok
09:30:24.0780 6596 ZTEusbmdm6k - ok
09:30:24.0830 6596 ZTEusbnmea - ok
09:30:24.0890 6596 ZTEusbser6k - ok
09:30:24.0950 6596 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
09:30:25.0010 6596 \Device\Harddisk0\DR0 - ok
09:30:25.0030 6596 Boot (0x1200) (4f0c6145ce1e9be120511c49be6a8d14) \Device\Harddisk0\DR0\Partition0
09:30:25.0070 6596 \Device\Harddisk0\DR0\Partition0 - ok
09:30:25.0080 6596 Boot (0x1200) (16e9a19b2c9a8087802b4c9d4c5376b7) \Device\Harddisk0\DR0\Partition1
09:30:25.0080 6596 \Device\Harddisk0\DR0\Partition1 - ok
09:30:25.0080 6596 ============================================================
09:30:25.0080 6596 Scan finished
09:30:25.0080 6596 ============================================================
09:30:25.0100 6348 Detected object count: 0
09:30:25.0100 6348 Actual detected object count: 0 said my post was too long so I have had to split the log into two.

broni · 2012/04/14

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

Double-click on the Rkill icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

PAUL SHILLAM · 2012/04/15

ComboFix 12-04-15.01 - shillam 15/04/2012 9:10.1.2 - x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.44.1033.18.2037.859 [GMT 1:00]
Running from: c:\users\shillam\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\fbsSearchProvider.xml
c:\program files\Search Guard Plus
c:\program files\Search Guard Plus\fbsProtectionI.xml
c:\program files\Search Guard Plus\fbsSearchProvider.xml
c:\program files\Search Guard PlusU
c:\program files\Search Guard PlusU\SGPUpdater.xml
c:\program files\SGPSA
c:\programdata\SPL3890.tmp
c:\programdata\SPL4989.tmp
c:\programdata\SPL5996.tmp
c:\programdata\SPL7177.tmp
c:\programdata\SPL7EC.tmp
c:\programdata\SPL9942.tmp
c:\programdata\SPLBBBA.tmp
c:\programdata\SPLE8D9.tmp
c:\users\shillam\AppData\Roaming\.#
c:\users\shillam\AppData\Roaming\.#\MBX@1038@3D2970.###
c:\users\shillam\AppData\Roaming\.#\MBX@1038@3D29A0.###
c:\users\shillam\AppData\Roaming\.#\MBX@1038@3D29D0.###
c:\users\shillam\AppData\Roaming\.#\MBX@1D4@3E2970.###
c:\users\shillam\AppData\Roaming\.#\MBX@1D4@3E29A0.###
c:\users\shillam\AppData\Roaming\.#\MBX@1D4@3E29D0.###
c:\users\shillam\AppData\Roaming\.#\MBX@4F0@17E2970.###
c:\users\shillam\AppData\Roaming\.#\MBX@4F0@17E29A0.###
c:\users\shillam\AppData\Roaming\.#\MBX@4F0@17E29D0.###
c:\users\shillam\AppData\Roaming\.#\MBX@664@1DB2970.###
c:\users\shillam\AppData\Roaming\.#\MBX@664@1DB29A0.###
c:\users\shillam\AppData\Roaming\.#\MBX@664@1DB29D0.###
c:\users\shillam\AppData\Roaming\.#\MBX@7CC@352970.###
c:\users\shillam\AppData\Roaming\.#\MBX@7CC@3529A0.###
c:\users\shillam\AppData\Roaming\.#\MBX@7CC@3529D0.###
c:\users\shillam\AppData\Roaming\.#\MBX@804@3F2970.###
c:\users\shillam\AppData\Roaming\.#\MBX@804@3F29A0.###
c:\users\shillam\AppData\Roaming\.#\MBX@804@3F29D0.###
c:\users\shillam\AppData\Roaming\.#\MBX@840@1C92970.###
c:\users\shillam\AppData\Roaming\.#\MBX@840@1C929A0.###
c:\users\shillam\AppData\Roaming\.#\MBX@840@1C929D0.###
c:\users\shillam\AppData\Roaming\.#\MBX@8E0@17F2970.###
c:\users\shillam\AppData\Roaming\.#\MBX@8E0@17F29A0.###
c:\users\shillam\AppData\Roaming\.#\MBX@8E0@17F29D0.###
c:\users\shillam\AppData\Roaming\.#\MBX@900@16B2970.###
c:\users\shillam\AppData\Roaming\.#\MBX@900@16B29A0.###
c:\users\shillam\AppData\Roaming\.#\MBX@900@16B29D0.###
c:\users\shillam\AppData\Roaming\.#\MBX@91C@342970.###
c:\users\shillam\AppData\Roaming\.#\MBX@91C@3429A0.###
c:\users\shillam\AppData\Roaming\.#\MBX@91C@3429D0.###
c:\users\shillam\AppData\Roaming\.#\MBX@9B0@1E2970.###
c:\users\shillam\AppData\Roaming\.#\MBX@9B0@1E29A0.###
c:\users\shillam\AppData\Roaming\.#\MBX@9B0@1E29D0.###
c:\users\shillam\AppData\Roaming\.#\MBX@C28@1C92970.###
c:\users\shillam\AppData\Roaming\.#\MBX@C28@1C929A0.###
c:\users\shillam\AppData\Roaming\.#\MBX@C28@1C929D0.###
c:\users\shillam\AppData\Roaming\.#\MBX@C4C@1D92970.###
c:\users\shillam\AppData\Roaming\.#\MBX@C4C@1D929A0.###
c:\users\shillam\AppData\Roaming\.#\MBX@C4C@1D929D0.###
c:\users\shillam\AppData\Roaming\.#\MBX@D24@B12970.###
c:\users\shillam\AppData\Roaming\.#\MBX@D24@B129A0.###
c:\users\shillam\AppData\Roaming\.#\MBX@D24@B129D0.###
c:\users\shillam\AppData\Roaming\.#\MBX@D74@1DE2970.###
c:\users\shillam\AppData\Roaming\.#\MBX@D74@1DE29A0.###
c:\users\shillam\AppData\Roaming\.#\MBX@D74@1DE29D0.###
c:\users\shillam\AppData\Roaming\.#\MBX@DA0@1F72970.###
c:\users\shillam\AppData\Roaming\.#\MBX@DA0@1F729A0.###
c:\users\shillam\AppData\Roaming\.#\MBX@DA0@1F729D0.###
c:\users\shillam\AppData\Roaming\.#\MBX@E80@16F2970.###
c:\users\shillam\AppData\Roaming\.#\MBX@E80@16F29A0.###
c:\users\shillam\AppData\Roaming\.#\MBX@E80@16F29D0.###
c:\users\shillam\AppData\Roaming\.#\MBX@E84@1CA2970.###
c:\users\shillam\AppData\Roaming\.#\MBX@E84@1CA29A0.###
c:\users\shillam\AppData\Roaming\.#\MBX@E84@1CA29D0.###
c:\users\shillam\AppData\Roaming\.#\MBX@EA4@1EB2970.###
c:\users\shillam\AppData\Roaming\.#\MBX@EA4@1EB29A0.###
c:\users\shillam\AppData\Roaming\.#\MBX@EA4@1EB29D0.###
c:\users\shillam\AppData\Roaming\.#\MBX@FC0@1C62970.###
c:\users\shillam\AppData\Roaming\.#\MBX@FC0@1C629A0.###
c:\users\shillam\AppData\Roaming\.#\MBX@FC0@1C629D0.###
c:\users\shillam\Favorites\ehthumbs_vista.db
c:\users\shillam\GoToAssistDownloadHelper.exe
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))
.
.
2012-04-15 08:36 . 2012-04-15 08:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-13 17:29 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{922E8FA2-DA2E-4CA4-A4D9-5F8A4F514238}\mpengine.dll
2012-04-13 09:32 . 2012-04-13 09:32 -------- d-----w- C:\New Folder
2012-04-13 08:17 . 2012-04-13 08:17 -------- d-----w- c:\users\shillam\AppData\Roaming\Malwarebytes
2012-04-13 08:16 . 2012-04-13 08:16 -------- d-----w- c:\programdata\Malwarebytes
2012-04-13 08:16 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-13 08:16 . 2012-04-13 08:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-12 10:07 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 10:07 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 10:07 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 10:07 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 10:05 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 10:05 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 08:23 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-12 07:17 . 2012-04-12 07:18 -------- d-----w- C:\ce1298e75c0f1e5f6f2e28393d53d7
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-11 12:48 . 2012-03-11 12:48 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-03-08 08:28 . 2011-11-27 08:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 09:18 . 2009-10-03 11:20 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-18 14:22 . 2012-02-18 14:22 784144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-14 15:45 . 2012-03-14 08:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 08:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-14 08:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-14 08:46 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-14 08:46 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-07 10:02 . 2012-02-07 10:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-02 15:16 . 2012-03-14 08:46 2044416 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-22 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-10 857648]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2007-05-24 138008]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2007-05-24 154392]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2007-05-24 133912]
"Symantec PIF AlertEng "= "c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1318816]
"MobileBroadband "= "c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2011-03-29 408576]
"Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-11-22 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@= "Service "
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^shillam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\shillam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 23:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-07-27 16:43 118784 ------w- c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 12:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2011-05-15 08:39 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2011-11-16 11:38 126976 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 11:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 17:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-09-21 03:10 55824 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdjamon]
2007-03-05 20:40 20480 ----a-w- c:\program files\Lexmark 1400 Series\lxdjamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 01:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-08-29 05:54 36864 ----a-w- c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-04-16 16:10 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader Library Launcher]
2010-07-13 00:34 906648 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 11:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-09-07 18:23 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-05-26 18:41 24264488 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-11-22 12:08 77824 ----a-w- c:\program files\Java\jre1.6.0\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-11-22 12:22 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-22 12:30]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 13:56]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 13:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=2071122
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.254
.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
MSConfigStartUp-dscactivate - c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
MSConfigStartUp-lxdjmon - c:\program files\Lexmark 1400 Series\lxdjmon.exe
MSConfigStartUp-YOP - c:\progra~1\Yahoo!\YOP\yop.exe
AddRemove-LiveUpdate - c:\program files\Symantec\LiveUpdate\LSETUP.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-15 09:44
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,ff,75,fb,06,7b,6b,40,81,4f,d3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,ff,75,fb,06,7b,6b,40,81,4f,d3,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
Completion time: 2012-04-15 09:50:44
ComboFix-quarantined-files.txt 2012-04-15 08:50
.
Pre-Run: 89,231,364,096 bytes free
Post-Run: 91,778,199,552 bytes free
.
- - End Of File - - EF3C538ABF1AC11DAC7D17D624FAD8E3

PAUL SHILLAM · 2012/04/15

After running COMBOFIX and posting the log I clicked on start t shut the PC down and it just hung, had to power off. Later went to open Windows mail and it took five minutes to open, the CPU and the clock were both going whilst I waited.

Regards Paul

broni · 2012/04/15

Combofix log looks good.

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

PAUL SHILLAM · 2012/04/16

OTL logfile created on: 16/04/2012 08:53:28 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\shillam\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 44.29% Memory free
4.21 Gb Paging File | 2.56 Gb Available in Paging File | 60.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.43 Gb Total Space | 85.10 Gb Free Space | 62.38% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.43 Gb Free Space | 34.32% Space Free | Partition Type: NTFS

Computer Name: SUES-LAPTOP | User Name: shillam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/16 08:46:19 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\shillam\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/11 13:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/03/08 09:28:50 | 000,250,528 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11g_ActiveX.exe
PRC - [2012/01/13 12:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/22 18:18:26 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/10/18 15:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2011/10/18 15:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/10/18 15:28:18 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/09/06 18:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 16:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 16:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 18:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/06/24 13:10:22 | 000,238,960 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
PRC - [2011/03/29 08:48:10 | 000,408,576 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
PRC - [2011/03/29 08:47:46 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/09/07 19:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/08/29 22:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/04/27 09:34:18 | 001,123,872 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/04/27 08:26:30 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxdjcoms.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/13 09:47:20 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\86f6e2383ca898849c321080b32b66f8\System.ServiceProcess.ni.dll
MOD - [2012/04/12 11:08:10 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll
MOD - [2012/04/12 11:07:45 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll
MOD - [2012/04/12 11:07:41 | 010,683,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\8aecbf36fdca99c85361b43e565f2604\System.Design.ni.dll
MOD - [2012/04/12 11:07:06 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a8100864c7dd9ecf5d9f07fdaf5ba246\PresentationFramework.ni.dll
MOD - [2012/04/12 11:05:45 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\89b3b18de5d2cc945c24c0333d78f665\PresentationCore.ni.dll
MOD - [2012/02/18 12:04:46 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll
MOD - [2012/02/18 11:59:24 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1a5853155c4e5ab3f91cd37da331e89b\System.Web.Services.ni.dll
MOD - [2012/02/18 11:48:48 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll
MOD - [2012/02/18 11:48:40 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\0ef893bbf33d38a1f7a63b9cee2dabfe\System.Transactions.ni.dll
MOD - [2012/02/18 11:47:24 | 000,679,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\96b4cdba0397f94416df0fa211f73441\System.Security.ni.dll
MOD - [2012/02/18 11:47:14 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
MOD - [2012/02/17 13:41:27 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f4c98b14c32dde050bcf79b7e6c5e8e3\System.Xml.ni.dll
MOD - [2012/02/17 13:37:31 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\029217106fa24787ff7a61b754f8ebf7\System.Data.ni.dll
MOD - [2012/02/17 13:37:00 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\bc01d91f95947c7f25f3ae4e16db2cb5\System.Core.ni.dll
MOD - [2012/02/17 13:36:45 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d48e106e015d0f8cb2d5295015cee508\PresentationFramework.Aero.ni.dll
MOD - [2012/02/17 13:34:53 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll
MOD - [2012/02/17 13:34:11 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2011/10/14 09:51:34 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll
MOD - [2011/10/14 09:24:57 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/08/18 16:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2009/04/11 07:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009/03/30 05:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2007/05/24 13:41:04 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007/04/27 09:34:24 | 000,103,968 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - File not found [On_Demand | Stopped] -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/11 13:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/01/13 12:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/01/04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/18 17:59:54 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/10/18 15:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011/10/18 15:28:34 | 000,160,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/10/18 15:28:18 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/08/18 16:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/06/24 13:10:22 | 000,238,960 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe -- (SwiCardDetectSvc)
SRV - [2011/03/29 08:47:46 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/04/02 21:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/15 11:09:42 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/09/07 19:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/08/29 22:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/04/27 08:26:30 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdjcoms.exe -- (lxdj_device)
SRV - [2007/04/27 08:26:09 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe -- (lxdjCATSCustConnectService)
SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\shillam\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/11 13:50:34 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2012/03/11 13:48:52 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/03/11 13:48:50 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/03/11 13:48:50 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/11/01 11:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/11/01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/11/01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/11/01 11:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011/11/01 11:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/11/01 11:07:24 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2011/10/15 14:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/10/15 14:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/10/15 14:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/10/15 14:16:16 | 000,165,680 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/10/15 14:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/10/15 14:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/10/15 14:16:16 | 000,064,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/10/15 14:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/10/15 14:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/08/07 13:34:48 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
DRV - [2011/03/24 08:53:02 | 000,085,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011/03/24 08:53:02 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/03/24 08:53:02 | 000,051,456 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2011/03/24 08:53:02 | 000,026,496 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2011/03/24 08:53:02 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2011/03/24 08:53:00 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/09/01 15:33:12 | 000,080,000 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum)
DRV - [2009/11/04 17:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 17:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/02 04:30:08 | 000,168,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008/11/07 06:15:00 | 000,041,984 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/10/10 18:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/26 09:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/09/21 04:10:46 | 000,036,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/09/21 04:10:40 | 000,035,088 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/09/07 19:26:04 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/08/29 06:55:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/02/28 12:25:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/28 12:25:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/02/28 12:25:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 08:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/01 19:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUK

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\shillam\Desktop
IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=2071122
IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_en-GB&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=HjM5IuhmCax6o_40SD8gaQJ0agw?q={searchTerms}
IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..\SearchScopes\{8EE20609-FAF4-420A-8D57-37A0A3DDB8D8}: "URL" = http://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_uk&p={searchTerms}
IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80275&lng=en
IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
Ihave had to post this log in two parts as it said it was too long

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/02/24 09:24:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/04/16 08:20:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012/01/18 11:47:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/01/18 11:47:58 | 000,000,000 | ---D | M]

PAUL SHILLAM · 2012/04/16

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/01/18 11:47:58 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUK_en-GB
CHR - default_search_provider: suggest_url =
CHR - Extension: SiteAdvisor = C:\Users\shillam\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\

O1 HOSTS File: ([2012/04/15 09:44:19 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111227093410.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..\Toolbar\WebBrowser: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No CLSID value found.
O3 - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AE2B734-CE77-4B1F-83F0-1662C4429131}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAE608C5-7E8C-453E-BCC0-0C7111AF8BE4}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\shillam\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\shillam\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.divxa32 - C:\Windows\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.tssoft32 - C:\Windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.wmv3 - C:\Windows\System32\WMV9VCM.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/16 09:00:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/04/16 08:46:13 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\shillam\Desktop\OTL.exe
[2012/04/15 09:51:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/15 09:36:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/15 09:04:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/15 09:04:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/15 09:04:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/15 09:04:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/15 09:04:06 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/15 09:03:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/13 10:32:34 | 000,000,000 | ---D | C] -- C:\New Folder
[2012/04/13 09:17:20 | 000,000,000 | ---D | C] -- C:\Users\shillam\AppData\Roaming\Malwarebytes
[2012/04/13 09:17:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/13 09:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/13 09:16:44 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/13 09:16:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/12 08:17:24 | 000,000,000 | ---D | C] -- C:\ce1298e75c0f1e5f6f2e28393d53d7

========== Files - Modified Within 30 Days ==========

[2012/04/16 08:46:54 | 000,000,680 | ---- | M] () -- C:\Users\shillam\AppData\Local\d3d9caps.dat
[2012/04/16 08:46:19 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\shillam\Desktop\OTL.exe
[2012/04/16 08:35:08 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/16 08:35:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/16 08:15:52 | 000,048,720 | ---- | M] () -- C:\ProgramData\lxdj
[2012/04/16 08:01:42 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/16 08:01:42 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/16 08:01:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/15 13:42:08 | 000,003,131 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/04/15 09:44:19 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/14 10:57:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/04/13 18:55:54 | 000,280,729 | ---- | M] () -- C:\Users\shillam\Desktop\File0147.pdf
[2012/04/13 09:17:02 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/13 09:12:40 | 017,611,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/13 09:12:37 | 008,980,666 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/27 10:55:39 | 000,153,051 | ---- | M] () -- C:\Users\shillam\Desktop\BLO 080305.pdf

========== Files Created - No Company Name ==========

[2012/04/15 09:04:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/15 09:04:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/15 09:04:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/15 09:04:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/15 09:04:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/13 18:55:52 | 000,280,729 | ---- | C] () -- C:\Users\shillam\Desktop\File0147.pdf
[2012/04/13 18:11:44 | 003,179,480 | ---- | C] () -- C:\Users\shillam\Documents\BLO_Drawing Package_29-02-12.zip
[2012/04/13 09:17:02 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/27 10:55:39 | 000,153,051 | ---- | C] () -- C:\Users\shillam\Desktop\BLO 080305.pdf
[2011/03/24 09:50:52 | 000,226,366 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2011/03/16 10:21:41 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdjcoin.dll
[2011/03/16 10:17:49 | 000,000,060 | ---- | C] () -- C:\Windows\System32\lxdjrwrd.ini
[2011/03/16 10:17:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxdjinpa.dll
[2011/03/16 10:17:32 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxdjiesc.dll
[2011/03/16 10:17:32 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxdjhcp.dll
[2011/03/16 10:17:32 | 000,286,720 | ---- | C] () -- C:\Windows\System32\lxdjinst.dll
[2011/03/16 10:17:31 | 001,232,896 | ---- | C] ( ) -- C:\Windows\System32\lxdjserv.dll
[2011/03/16 10:17:31 | 000,999,424 | ---- | C] ( ) -- C:\Windows\System32\lxdjusb1.dll
[2011/03/16 10:17:30 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdjpmui.dll
[2011/03/16 10:17:30 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxdjlmpm.dll
[2011/03/16 10:17:30 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxdjprox.dll
[2011/03/16 10:17:30 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxdjpplc.dll
[2011/03/16 10:17:28 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxdjih.exe
[2011/03/16 10:17:27 | 000,700,416 | ---- | C] ( ) -- C:\Windows\System32\lxdjhbn3.dll
[2011/03/16 10:17:27 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdjgrd.dll
[2011/03/16 10:17:25 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxdjcoms.exe
[2011/03/16 10:17:24 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxdjcomc.dll
[2011/03/16 10:17:24 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\lxdjcomm.dll
[2011/03/16 10:17:24 | 000,394,160 | ---- | C] ( ) -- C:\Windows\System32\lxdjcfg.exe
[2011/03/07 15:00:48 | 000,019,945 | ---- | C] () -- C:\Users\shillam\AppData\Roaming\UserTile.png
[2010/09/17 12:13:04 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/08/27 17:06:06 | 000,000,760 | ---- | C] () -- C:\Users\shillam\AppData\Roaming\setup_ldm.iss

========== LOP Check ==========

[2011/07/05 15:26:12 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
[2011/07/05 15:26:12 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
[2011/12/16 13:31:38 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\Autodesk
[2011/09/17 15:05:48 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\calibre
[2009/08/19 13:31:34 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\Canon
[2010/12/29 11:53:19 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\ChessBase
[2009/01/04 15:06:35 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\GetRightToGo
[2008/07/16 16:02:42 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\Lexmark Productivity Studio
[2012/01/18 11:50:59 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\Nokia
[2010/08/13 13:57:42 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\Nokia Ovi Suite
[2012/01/21 16:09:04 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\Nokia Suite
[2010/08/13 13:54:04 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\PC Suite
[2011/03/03 18:35:17 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\PCDr
[2008/09/02 12:13:16 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\Serif
[2010/09/16 15:08:33 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\SmartDraw
[2008/08/29 16:16:05 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\Template
[2007/11/27 13:09:55 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\tmp
[2011/06/05 09:37:23 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\Trusteer
[2011/08/09 16:28:48 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\Vodafone
[2008/10/28 16:14:22 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\Wallpapers from MSN
[2011/05/21 10:06:26 | 000,000,000 | ---D | M] -- C:\Users\shillam\AppData\Roaming\Windows Live Writer
[2011/06/23 08:40:36 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\Trusteer
[2012/04/15 13:42:01 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/05/15 15:13:41 | 000,001,308 | ---- | M] () -- C:\aaw7boot.log
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/11/10 14:22:24 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2012/04/15 09:50:45 | 000,019,523 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/01/29 13:10:52 | 000,008,211 | ---- | M] () -- C:\debug.txt
[2007/11/22 20:52:02 | 000,004,588 | RH-- | M] () -- C:\dell.sdr
[2008/05/09 13:14:06 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/04/16 08:02:41 | 005,533,836 | ---- | M] () -- C:\logmon.log
[2011/03/16 10:08:26 | 000,000,152 | ---- | M] () -- C:\lxdj.log
[2008/05/09 13:14:06 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/04/16 08:01:24 | 2450,845,696 | -HS- | M] () -- C:\pagefile.sys
[2012/04/14 09:30:25 | 000,134,784 | ---- | M] () -- C:\TDSSKiller.2.7.28.0_14.04.2012_09.29.04_log.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/05/27 10:13:46 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 10:46:04 | 000,032,768 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\system32\spool\prtprocs\w32x86\EP0NPP01.DLL
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2007/08/21 15:55:54 | 000,028,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\lmdippr.dll
[2007/02/27 18:16:25 | 000,103,936 | ---- | M] () -- C:\Windows\system32\spool\prtprocs\w32x86\lxdjdrpp.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/04/27 21:15:11 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/03/16 21:06:39 | 000,000,574 | -HS- | M] () -- C:\Users\shillam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/04/16 08:46:19 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\shillam\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/04/14 10:57:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/04/16 08:35:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/16 08:35:08 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/16 08:01:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/04/15 13:42:01 | 000,032,644 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2007/11/26 14:32:33 | 000,557,056 | ---- | M] (Citrix Online) -- C:\Users\shillam\GoToAssist_phone__319_en.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/01/15 10:34:36 | 000,000,402 | -HS- | M] () -- C:\Users\shillam\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/03/24 09:50:52 | 000,226,366 | R--- | M] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009/03/11 11:02:05 | 000,008,085 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2012/04/16 08:15:52 | 000,048,720 | ---- | M] () -- C:\ProgramData\lxdj

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 809 bytes -> C:\Users\shillam\Documents\House Information.eml:OECustomProperty
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\OneNote Notebooks:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Movies:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\Pfizer Stuff:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\Ovi:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\Orchard Close:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\My Kindle Content:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\My Books:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\Job Stuff:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\Hemblington website:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\Hemblington Events:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\Hemblington Church Fundraising:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\Geneology:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\Funny stuff from chums:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\Blofield Website:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\Blofield Support Documents:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\Blofield PCC and Synod:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\Blofield Outcomes:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\Blofield Events:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\Blofield Church Open day:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\Blofield Church fundraising:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\Blofield Church architect:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Dell Webcam Center:Roxio EMC Stream
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMPFC5A2B2

< End of report >

PAUL SHILLAM · 2012/04/16

OTL Extras logfile created on: 16/04/2012 08:53:28 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\shillam\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 44.29% Memory free
4.21 Gb Paging File | 2.56 Gb Available in Paging File | 60.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.43 Gb Total Space | 85.10 Gb Free Space | 62.38% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.43 Gb Free Space | 34.32% Space Free | Partition Type: NTFS

Computer Name: SUES-LAPTOP | User Name: shillam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5BF19E9F-FBE5-4520-AD5A-C8E3CFF918E6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{724D7B43-9CA5-43E7-8C12-FF9E3DEF1F66}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{792A6E52-92FC-4159-B72F-3280BBC1C230}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B77B310C-DC44-4777-87AC-E13C68943DB9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{096C3337-690F-4481-9FCF-033BCC96FFB7}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjjswx.exe |
"{1359274C-489A-4F05-87C1-615DBEA62EBB}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{1458BDBE-8C14-4D4C-B442-57B059E803D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{156E18A6-F4D9-41E4-8242-C51FCB3002CD}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjjswx.exe |
"{16A9D1F1-6EB4-4CB4-A61B-5EF7527EC956}" = protocol=6 | dir=in | app=c:\program files\lexmark 1400 series\app4r.exe |
"{2151792D-83DC-4F0F-A963-0F7FD4FAB2AA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{291BD281-875C-4852-BF94-2E634994BD7D}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{35D433B1-E838-4F24-A5B4-F97915271C0F}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{3A4E7AA6-671F-4D65-8006-B18CA3FEF283}" = protocol=6 | dir=in | app=c:\program files\lexmark 1400 series\lxdjamon.exe |
"{4711B2F7-E38B-45D0-9CFC-8E9779C36A7C}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{48DFC2E9-8286-4BDE-BDB8-E844F75CFF70}" = protocol=17 | dir=in | app=c:\windows\system32\lxdjcfg.exe |
"{4CA8344F-2506-4777-A283-75F95E2881CC}" = protocol=6 | dir=in | app=c:\program files\lexmark 1400 series\wireless\lxdjwpss.exe |
"{5418AAEE-3BFE-428A-B5F7-E0930791179A}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjtime.exe |
"{54E06D7A-BF17-491D-8992-DC19D3DB1A78}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{5EB94C87-3824-478E-9058-469E27D227EE}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{665F6E13-A248-4912-92A4-0F9A7F28C385}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{6CF998A5-A021-4196-9F5A-C88841A47CDA}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{6DFE4D10-9544-4B65-AC9E-45FA70C01C2C}" = protocol=6 | dir=in | app=c:\windows\system32\lxdjcoms.exe |
"{71F64736-8FA8-44D8-9371-D7E3ECC94FCE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{743E87FA-11E7-4EF8-AACC-D3B747C443CF}" = protocol=17 | dir=in | app=c:\program files\lexmark 1400 series\wireless\lxdjwpss.exe |
"{79AC4BE6-9944-4F47-8E96-A174949BF238}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{7C7CD3E5-080E-4926-B381-19DF34C75659}" = protocol=6 | dir=in | app=c:\windows\system32\lxdjcfg.exe |
"{7DB97498-B440-435A-BB08-B9B3520EA9DC}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjtime.exe |
"{82D21292-66F7-4B6E-AA0F-8C14EE00EE91}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{8EF6F15C-3FB0-48DE-9C3B-9A6706F45ACA}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjtime.exe |
"{902F9707-AA2F-4B79-BFD8-EB0512B1B75E}" = protocol=17 | dir=in | app=c:\program files\lexmark 1400 series\lxdjamon.exe |
"{923B79CE-03C4-4E4D-9071-5D22A4DD19F9}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjpswx.exe |
"{94F56C4F-31FB-4702-8E4B-1F27537ED7F4}" = protocol=6 | dir=in | app=c:\windows\system32\lxdjcfg.exe |
"{96246EC9-567E-46A6-A9F8-D43F5D053837}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{975BB4B1-5234-418B-80F5-6825449D2810}" = protocol=6 | dir=in | app=c:\program files\lexmark 1400 series\app4r.exe |
"{9B168F28-8583-462C-8FCB-C23A9C2ECB77}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjpswx.exe |
"{9BEBD4C2-C46F-466A-BDB8-03DED89C2275}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9FFFE503-9347-486B-ACEF-B34806368D9B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A6BE0B20-498D-410B-9292-CD9D32DA355D}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjjswx.exe |
"{AEF32649-0AED-4544-98DC-2EDDC32A3354}" = protocol=17 | dir=in | app=c:\program files\lexmark 1400 series\app4r.exe |
"{BD81F3FA-2C9E-4F62-8D29-C3A590624509}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjwbgw.exe |
"{C2EF496D-8406-4DE5-93A6-2FEC8271BB1F}" = dir=in | app=c:\program files\dell\mediadirect\powercinema.exe |
"{D6A20309-023D-4FF8-B227-DFB07F174B6E}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjjswx.exe |
"{D75E57FF-7E6D-4C62-BB0B-9A8968A2EC6E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{DBBCB6BC-C53D-4489-A9AB-6764C11A8F41}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{DBE2CAB3-CEAE-4D11-8259-52D414BCA539}" = protocol=17 | dir=in | app=c:\windows\system32\lxdjcfg.exe |
"{DCAEC726-9999-401E-9881-01646EB70205}" = protocol=17 | dir=in | app=c:\windows\system32\lxdjcoms.exe |
"{E67D9F43-8935-4662-AC96-1DB5A3F496D2}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjwbgw.exe |
"{E6C631E0-C002-4331-BFCE-C1F6B538ED38}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjwbgw.exe |
"{E86E1173-5FD5-49BF-9B6C-88819399295F}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjtime.exe |
"{E935045E-03A5-4B3F-B089-DF52D5C89BB3}" = protocol=17 | dir=in | app=c:\windows\system32\lxdjcoms.exe |
"{E9361498-9E52-4F11-8B9E-6F7103C8ED6B}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{EA30EF3F-674A-445A-B7B2-35A0B3362E7B}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjpswx.exe |
"{EA58EAE5-2DAD-45C6-9687-09CC10A686D2}" = protocol=6 | dir=in | app=c:\windows\system32\lxdjcoms.exe |
"{EA983610-8AF5-462E-B0C5-EFD6E16D39D1}" = protocol=17 | dir=in | app=c:\program files\lexmark 1400 series\lxdjamon.exe |
"{F17B7DE9-6BF3-4F39-A24D-22E425508E34}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjpswx.exe |
"{F6E57743-0D66-416C-8989-AA254E9846C6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FE6C711B-3A73-47CD-816C-6301635F266A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjwbgw.exe |
"{FE9020D1-0DE4-4AA3-AB2C-ED5537255610}" = protocol=6 | dir=in | app=c:\program files\lexmark 1400 series\lxdjamon.exe |
"{FFBB0B70-28F0-4184-B468-A5B0840ECDD6}" = protocol=17 | dir=in | app=c:\program files\lexmark 1400 series\app4r.exe |
"TCP Query User{1352AC39-47A0-42FD-BE1D-CB511E49F01F}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{312412FD-3FCD-4EC0-8648-7B8F68D0A3AD}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{943B36F8-95B0-458B-8630-7587994562A8}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{81BCE9B4-F2F8-494B-BA71-83C4FD682613}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{85D4FCC5-5794-4D37-B524-D86DA032B99F}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{C657D1B9-F0A1-46EA-B5E9-64526E4AE4D3}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skypeâ„¢ 4.0
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{366CC735-543D-42CB-9C03-D7512314DE52}" = Quicken 2004
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}" = Google SketchUp 8
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband
"{6C44DEFF-8638-49A4-B748-CA59B43F3265}" = Fritz 12
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6FFB40A5-7F7D-4A32-8905-3CDF962EE1E4}" = Internet From BT
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78076104-12C3-462E-8B4F-149519CE4AB0}" = calibre
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1A9CD45-A702-4E3B-91ED-8CD562869901}" = DWG TrueView 2008
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B70E5793-F912-4C62-AFE2-C4F0B078FD31}" = Reader Library by Sony
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"BelkinPort" = BelkinPort Monitor
"Canon ScanGear Toolbox 3.0" = Canon ScanGear Toolbox 3.0
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Digital Editions" = Adobe Digital Editions
"DWG TrueView 2008" = DWG TrueView 2008
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Lexmark 1400 Series" = Lexmark 1400 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSC" = BT NetProtect Plus
"Nokia Suite" = Nokia Suite
"Quick Search Box" = Google Quick Search Box
"Rapport_msi" = Rapport
"SynTPDeinstKey" = Dell Touchpad
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Applications" = BT Yahoo! Applications

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2622886077-1094201698-4032082719-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16/04/2012 03:56:54 | Computer Name = Sues-Laptop | Source = ESENT | ID = 447
Description = Windows (2548) Windows: A bad page link (error -327) has been detected
in a B-Tree (ObjectId: 14, PgnoRoot: 259) of database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
(10217 => 11843, 10221).

Error - 16/04/2012 03:56:54 | Computer Name = Sues-Laptop | Source = ESENT | ID = 447
Description = Windows (2548) Windows: A bad page link (error -327) has been detected
in a B-Tree (ObjectId: 14, PgnoRoot: 259) of database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
(10217 => 11843, 10221).

Error - 16/04/2012 03:56:54 | Computer Name = Sues-Laptop | Source = ESENT | ID = 447
Description = Windows (2548) Windows: A bad page link (error -327) has been detected
in a B-Tree (ObjectId: 14, PgnoRoot: 259) of database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
(10217 => 11843, 10221).

Error - 16/04/2012 03:56:54 | Computer Name = Sues-Laptop | Source = ESENT | ID = 447
Description = Windows (2548) Windows: A bad page link (error -327) has been detected
in a B-Tree (ObjectId: 14, PgnoRoot: 259) of database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
(10217 => 11843, 10221).

Error - 16/04/2012 03:56:55 | Computer Name = Sues-Laptop | Source = ESENT | ID = 447
Description = Windows (2548) Windows: A bad page link (error -327) has been detected
in a B-Tree (ObjectId: 14, PgnoRoot: 259) of database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
(10217 => 11843, 10221).

Error - 16/04/2012 03:56:55 | Computer Name = Sues-Laptop | Source = ESENT | ID = 447
Description = Windows (2548) Windows: A bad page link (error -327) has been detected
in a B-Tree (ObjectId: 14, PgnoRoot: 259) of database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
(10217 => 11843, 10221).

Error - 16/04/2012 03:56:55 | Computer Name = Sues-Laptop | Source = ESENT | ID = 447
Description = Windows (2548) Windows: A bad page link (error -327) has been detected
in a B-Tree (ObjectId: 14, PgnoRoot: 259) of database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
(10217 => 11843, 10221).

Error - 16/04/2012 03:56:55 | Computer Name = Sues-Laptop | Source = ESENT | ID = 447
Description = Windows (2548) Windows: A bad page link (error -327) has been detected
in a B-Tree (ObjectId: 14, PgnoRoot: 259) of database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
(10217 => 11843, 10221).

Error - 16/04/2012 04:00:52 | Computer Name = Sues-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 16/04/2012 04:00:52 | Computer Name = Sues-Laptop | Source = Windows Search Service | ID = 3013
Description =

[ Dell Events ]
Error - 24/11/2010 15:39:18 | Computer Name = Sues-Laptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 25/11/2010 05:22:13 | Computer Name = Sues-Laptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 25/11/2010 05:22:13 | Computer Name = Sues-Laptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 26/12/2010 07:42:18 | Computer Name = Sues-Laptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 26/12/2010 07:42:18 | Computer Name = Sues-Laptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 21/05/2011 09:30:56 | Computer Name = Sues-Laptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 21/05/2011 09:30:56 | Computer Name = Sues-Laptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 21/05/2011 09:56:18 | Computer Name = Sues-Laptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 21/05/2011 09:56:18 | Computer Name = Sues-Laptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 02/09/2011 04:41:42 | Computer Name = Sues-Laptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ Media Center Events ]
Error - 16/04/2008 09:29:36 | Computer Name = Sues-Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

[ System Events ]
Error - 09/04/2008 10:57:21 | Computer Name = Sues-Laptop | Source = NETw4v32 | ID = 5002
Description = \DEVICE\{FAE608C5-7E8C-453E-BCC0-0C7111AF8BE4} : Has determined that
the network adapter is not functioning properly.

Error - 09/04/2008 10:57:21 | Computer Name = Sues-Laptop | Source = NETw4v32 | ID = 5002
Description = Intel(R) PRO/Wireless 3945ABG Network Connection : Has determined
that the network adapter is not functioning properly.

Error - 09/04/2008 10:57:21 | Computer Name = Sues-Laptop | Source = NETw4v32 | ID = 5002
Description = Intel(R) PRO/Wireless 3945ABG Network Connection : Has determined
that the network adapter is not functioning properly.

Error - 09/04/2008 10:57:21 | Computer Name = Sues-Laptop | Source = NETw4v32 | ID = 5002
Description = Intel(R) PRO/Wireless 3945ABG Network Connection : Has determined
that the network adapter is not functioning properly.

Error - 09/04/2008 10:57:21 | Computer Name = Sues-Laptop | Source = NETw4v32 | ID = 5002
Description = Intel(R) PRO/Wireless 3945ABG Network Connection : Has determined
that the network adapter is not functioning properly.

Error - 09/04/2008 10:57:21 | Computer Name = Sues-Laptop | Source = NETw4v32 | ID = 5002
Description = Intel(R) PRO/Wireless 3945ABG Network Connection : Has determined
that the network adapter is not functioning properly.

Error - 09/04/2008 10:57:21 | Computer Name = Sues-Laptop | Source = NETw4v32 | ID = 5002
Description = Intel(R) PRO/Wireless 3945ABG Network Connection : Has determined
that the network adapter is not functioning properly.

Error - 09/04/2008 10:57:21 | Computer Name = Sues-Laptop | Source = NETw4v32 | ID = 5002
Description = Intel(R) PRO/Wireless 3945ABG Network Connection : Has determined
that the network adapter is not functioning properly.

Error - 09/04/2008 10:57:21 | Computer Name = Sues-Laptop | Source = NETw4v32 | ID = 5005
Description = \DEVICE\{FAE608C5-7E8C-453E-BCC0-0C7111AF8BE4} : Has encountered an
internal error and has failed.

Error - 09/04/2008 12:43:52 | Computer Name = Sues-Laptop | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

< End of report >

broni · 2012/04/16

Run OTL

Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

Code:

:OTL
PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
SRV - File not found [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - File not found [On_Demand | Stopped] -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..\Toolbar\WebBrowser: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No CLSID value found.
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O15 - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2622886077-1094201698-4032082719-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
@Alternate Data Stream - 809 bytes -> C:\Users\shillam\Documents\House Information.eml:OECustomProperty
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\OneNote Notebooks:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Movies:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\Pfizer Stuff:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\Ovi:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\Orchard Close:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\My Kindle Content:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\My Books:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\Job Stuff:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\Hemblington website:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\Hemblington Events:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\Hemblington Church Fundraising:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\Geneology:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\Funny stuff from chums:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\Blofield Website:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\Blofield Support Documents:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\Blofield PCC and Synod:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\Blofield Outcomes:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\Blofield Events:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\Blofield Church Open day:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\Blofield Church fundraising:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Documents\Blofield Church architect:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\shillam\Dell Webcam Center:Roxio EMC Stream
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

:Services

:Reg

:Files
C:\Program Files\Common Files\Symantec Shared

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

Then click the [color= "#FF0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
Press "Scan ".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

PAUL SHILLAM · 2012/04/17

All processes killed
========== OTL ==========
No active process named PIFSvc.exe was found!
Error: No service named sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter was found to stop!
Service\Driver key sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter not found.
File C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter not found.
Service LiveUpdate stopped successfully!
Service LiveUpdate deleted successfully!
File C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE not found.
Service LiveUpdate Notice Ex stopped successfully!
Service LiveUpdate Notice Ex deleted successfully!
File C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon not found.
Service Automatic LiveUpdate Scheduler stopped successfully!
Service Automatic LiveUpdate Scheduler deleted successfully!
File C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe not found.
Service LiveUpdate Notice Service stopped successfully!
Service LiveUpdate Notice Service deleted successfully!
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\S-1-5-21-2622886077-1094201698-4032082719-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-2622886077-1094201698-4032082719-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{965B54B0-71E0-4611-8DE7-F73FA0B20E26} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{965B54B0-71E0-4611-8DE7-F73FA0B20E26}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Symantec PIF AlertEng deleted successfully.
File C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe not found.
Registry key HKEY_USERS\S-1-5-21-2622886077-1094201698-4032082719-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2622886077-1094201698-4032082719-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2622886077-1094201698-4032082719-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2622886077-1094201698-4032082719-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ not found.
Registry value HKEY_USERS\S-1-5-21-2622886077-1094201698-4032082719-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
ADS C:\Users\shillam\Documents\House Information.eml:OECustomProperty deleted successfully.
ADS C:\Users\shillam\OneNote Notebooks:Roxio EMC Stream deleted successfully.
ADS C:\Users\shillam\Movies:Roxio EMC Stream deleted successfully.
ADS C:\Users\shillam\Documents\Pfizer Stuff:Roxio EMC Stream deleted successfully.
ADS C:\Users\shillam\Documents\Ovi:Roxio EMC Stream deleted successfully.
ADS C:\Users\shillam\Documents\Orchard Close:Roxio EMC Stream deleted successfully.
ADS C:\Users\shillam\Documents\My Kindle Content:Roxio EMC Stream deleted successfully.
ADS C:\Users\shillam\Documents\My Books:Roxio EMC Stream deleted successfully.
ADS C:\Users\shillam\Documents\Job Stuff:Roxio EMC Stream deleted successfully.
ADS C:\Users\shillam\Documents\Hemblington website:Roxio EMC Stream deleted successfully.
ADS C:\Users\shillam\Documents\Hemblington Events:Roxio EMC Stream deleted successfully.
ADS C:\Users\shillam\Documents\Hemblington Church Fundraising:Roxio EMC Stream deleted successfully.
ADS C:\Users\shillam\Documents\Geneology:Roxio EMC Stream deleted successfully.
ADS C:\Users\shillam\Documents\Funny stuff from chums:Roxio EMC Stream deleted successfully.
ADS C:\Users\shillam\Documents\Blofield Website:Roxio EMC Stream deleted successfully.
ADS C:\Users\shillam\Documents\Blofield Support Documents:Roxio EMC Stream deleted successfully.
ADS C:\Users\shillam\Documents\Blofield PCC and Synod:Roxio EMC Stream deleted successfully.
ADS C:\Users\shillam\Documents\Blofield Outcomes:Roxio EMC Stream deleted successfully.
ADS C:\Users\shillam\Documents\Blofield Events:Roxio EMC Stream deleted successfully.
ADS C:\Users\shillam\Documents\Blofield Church Open day:Roxio EMC Stream deleted successfully.
ADS C:\Users\shillam\Documents\Blofield Church fundraising:Roxio EMC Stream deleted successfully.
ADS C:\Users\shillam\Documents\Blofield Church architect:Roxio EMC Stream deleted successfully.
ADS C:\Users\shillam\Dell Webcam Center:Roxio EMC Stream deleted successfully.
ADS C:\ProgramData\TEMPFC5A2B2 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Common Files\Symantec Shared\SPManifests folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\Languages\09\01 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\Languages\09 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\Languages folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08} folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\PIF folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\Help folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\COH folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\CCPD-LC folder moved successfully.
C:\Program Files\Common Files\Symantec Shared folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56543 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: shillam
->Temp folder emptied: 121754 bytes
->Temporary Internet Files folder emptied: 626089820 bytes
->Java cache emptied: 12870763 bytes
->Google Chrome cache emptied: 8123303 bytes
->Flash cache emptied: 120774 bytes

User: TEMP
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19190 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 314301348 bytes

Total Files Cleaned = 917.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: shillam
->Java cache emptied: 0 bytes

User: TEMP

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: shillam
->Flash cache emptied: 0 bytes

User: TEMP

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.39.2 log created on 04172012_090742

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

PAUL SHILLAM · 2012/04/17

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) SE Runtime Environment 6
Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````

PAUL SHILLAM · 2012/04/17

Farbar Service Scanner Version: 16-04-2012
Ran by shillam (administrator) on 17-04-2012 at 09:50:55
Running from "C:\Users\shillam\Desktop "
Microsoft® Windows Vistaâ„¢ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall "=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall "=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall "=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

PAUL SHILLAM · 2012/04/17

ESET did not find any threats, so did not post a log.
Regards Paul

broni · 2012/04/17

What happened to McAfee?
I don't see it running.

PAUL SHILLAM · 2012/04/17

I disabled it whilst I was doing the scans but it is now enabled again.

Log in or Sign up

Inactive very slow laptop

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

Arie Administrator Administrator Staff

broni Moderator Malware Analyst

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

broni Moderator Malware Analyst

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

broni Moderator Malware Analyst

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

broni Moderator Malware Analyst

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

broni Moderator Malware Analyst

PAUL SHILLAM Well-Known Member Thread Starter

Share This Page

Log in or Sign up

Inactive very slow laptop

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

Arie Administrator Administrator Staff

broni Moderator Malware Analyst

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

broni Moderator Malware Analyst

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

broni Moderator Malware Analyst

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

broni Moderator Malware Analyst

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

PAUL SHILLAM Well-Known Member Thread Starter

broni Moderator Malware Analyst

PAUL SHILLAM Well-Known Member Thread Starter

Share This Page

Useful Searches